diff --git a/docs/cce/umn/ALL_META.TXT.json b/docs/cce/umn/ALL_META.TXT.json index 888d249dd..0737def9b 100644 --- a/docs/cce/umn/ALL_META.TXT.json +++ b/docs/cce/umn/ALL_META.TXT.json @@ -1,3861 +1,9716 @@ [ { - "uri":"en-us_topic_0000001550437509.html", + "dockw":"User Guide" + }, + { + "uri":"cce_productdesc_0000.html", + "node_id":"cce_productdesc_0000.xml", "product_code":"cce", "code":"1", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Service Overview", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual", + "opensource":"true", + "IsMulti":"Yes" + } + ], "title":"Service Overview", "githuburl":"" }, { "uri":"cce_01_0091.html", + "node_id":"cce_01_0091.xml", "product_code":"cce", "code":"2", "des":"Cloud Container Engine (CCE) is a scalable, enterprise-class hosted Kubernetes service. With CCE, you can easily deploy, manage, and scale containerized applications in t", "doc_type":"usermanual2", "kw":"What Is Cloud Container Engine?,Service Overview,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"What Is Cloud Container Engine?", "githuburl":"" }, { "uri":"cce_productdesc_0003.html", + "node_id":"cce_productdesc_0003.xml", "product_code":"cce", "code":"3", - "des":"CCE is a container service built on Docker and Kubernetes. A wealth of features enable you to run container clusters at scale. CCE eases containerization thanks to its re", + "des":"CCE is a container service built on Docker and Kubernetes. A wealth of features enables you to run container clusters at scale. CCE eases containerization thanks to its r", "doc_type":"usermanual2", "kw":"Product Advantages,Service Overview,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Product Advantages", "githuburl":"" }, { "uri":"cce_productdesc_0007.html", + "node_id":"cce_productdesc_0007.xml", "product_code":"cce", "code":"4", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Application Scenarios", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Application Scenarios", "githuburl":"" }, { "uri":"cce_productdesc_0020.html", + "node_id":"cce_productdesc_0020.xml", "product_code":"cce", "code":"5", "des":"In CCE, you can run clusters with x86 and Arm nodes. Create and manage Kubernetes clusters. Deploy containerized applications in them. All done in CCE.Containerization re", "doc_type":"usermanual2", "kw":"Infrastructure and Containerized Application Management,Application Scenarios,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Infrastructure and Containerized Application Management", "githuburl":"" }, { "uri":"cce_productdesc_0015.html", + "node_id":"cce_productdesc_0015.xml", "product_code":"cce", "code":"6", - "des":"Shopping apps and websites, especially during promotions and flash salesLive streaming, where service loads often fluctuateGames, where many players may go online in cert", + "des":"Shopping apps and websites, especially during promotionsLive streaming, where service loads often fluctuateGames, where many players may go online in certain time periods", "doc_type":"usermanual2", "kw":"Auto Scaling in Seconds,Application Scenarios,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Auto Scaling in Seconds", "githuburl":"" }, { "uri":"cce_productdesc_0017.html", + "node_id":"cce_productdesc_0017.xml", "product_code":"cce", "code":"7", "des":"You may receive a lot feedback and requirements for your apps or services. You may want to boost user experience with new features. Continuous integration (CI) and delive", "doc_type":"usermanual2", "kw":"DevOps and CI/CD,Application Scenarios,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"DevOps and CI/CD", "githuburl":"" }, { "uri":"cce_productdesc_0018.html", + "node_id":"cce_productdesc_0018.xml", "product_code":"cce", "code":"8", "des":"Multi-cloud deployment and disaster recoveryRunning apps in containers on different clouds can ensure high availability. When a cloud is down, other clouds respond and se", "doc_type":"usermanual2", "kw":"Hybrid Cloud Architecture,Application Scenarios,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Hybrid Cloud Architecture", "githuburl":"" }, { "uri":"cce_productdesc_0005.html", + "node_id":"cce_productdesc_0005.xml", "product_code":"cce", "code":"9", "des":"This section describes the notes and constraints on using CCE.After a cluster is created, the following items cannot be changed:Number of master nodes. For example, you c", "doc_type":"usermanual2", "kw":"Volumes,namespace,Notes and Constraints,Service Overview,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Notes and Constraints", "githuburl":"" }, { "uri":"cce_productdesc_0002.html", + "node_id":"cce_productdesc_0002.xml", "product_code":"cce", "code":"10", "des":"CCE allows you to assign permissions to IAM users and user groups under your tenant accounts. CCE combines the advantages of Identity and Access Management (IAM) and Kube", "doc_type":"usermanual2", "kw":"Permissions,Service Overview,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Permissions", "githuburl":"" }, { "uri":"cce_productdesc_0004.html", + "node_id":"cce_productdesc_0004.xml", "product_code":"cce", "code":"11", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Basic Concepts", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Basic Concepts", "githuburl":"" }, { "uri":"cce_productdesc_0011.html", + "node_id":"cce_productdesc_0011.xml", "product_code":"cce", "code":"12", "des":"CCE provides highly scalable, high-performance, enterprise-class Kubernetes clusters and supports Docker containers. With CCE, you can easily deploy, manage, and scale co", "doc_type":"usermanual2", "kw":"Cluster,Node,Pod,Workload,image,image repository,job,Basic Concepts,Basic Concepts,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Basic Concepts", "githuburl":"" }, { "uri":"cce_productdesc_0010.html", + "node_id":"cce_productdesc_0010.xml", "product_code":"cce", "code":"13", "des":"Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of container clusters. It is a container orchestration tool and a leading sol", "doc_type":"usermanual2", "kw":"Mappings Between CCE and Kubernetes Terms,Basic Concepts,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Mappings Between CCE and Kubernetes Terms", "githuburl":"" }, { "uri":"cce_productdesc_0012.html", + "node_id":"cce_productdesc_0012.xml", "product_code":"cce", "code":"14", "des":"A region and availability zone (AZ) identify the location of a data center. You can create resources in a specific region and AZ.Regions are divided based on geographical", "doc_type":"usermanual2", "kw":"Regions and AZs,Basic Concepts,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Regions and AZs", "githuburl":"" }, { "uri":"cce_productdesc_0008.html", + "node_id":"cce_productdesc_0008.xml", "product_code":"cce", "code":"15", "des":"CCE works with the following cloud services and requires permissions to access them.", "doc_type":"usermanual2", "kw":"Elastic Cloud Server (ECS),Virtual Private Cloud (VPC),Elastic Load Balance (ELB),cloud storage for ", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Related Services", "githuburl":"" }, { "uri":"cce_bulletin_0000.html", + "node_id":"cce_bulletin_0000.xml", "product_code":"cce", "code":"16", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Product Bulletin", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "opensource":"true", + "documenttype":"usermanual2", + "IsMulti":"Yes" + } + ], "title":"Product Bulletin", "githuburl":"" }, { "uri":"cce_bulletin_0003.html", + "node_id":"cce_bulletin_0003.xml", "product_code":"cce", "code":"17", "des":"This section explains versioning in CCE, and the policies for Kubernetes version support.Version number: The format is x.y.z, where x.y is the major version and z is the ", "doc_type":"usermanual2", "kw":"Kubernetes Version Support Mechanism,Product Bulletin,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "opensource":"true", + "documenttype":"usermanual2", + "IsMulti":"Yes" + } + ], "title":"Kubernetes Version Support Mechanism", "githuburl":"" }, { "uri":"cce_bulletin_0068.html", + "node_id":"cce_bulletin_0068.xml", "product_code":"cce", "code":"18", "des":"To ensure that stable and reliable Kubernetes versions are available during your use of CCE, CCE provides the Kubernetes version support mechanism. A new supported versio", "doc_type":"usermanual2", "kw":"CCE Cluster Version Release Notes,Product Bulletin,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "opensource":"true", + "documenttype":"usermanual2", + "IsMulti":"Yes" + } + ], "title":"CCE Cluster Version Release Notes", "githuburl":"" }, { "uri":"cce_bulletin_0301.html", + "node_id":"cce_bulletin_0301.xml", "product_code":"cce", "code":"19", - "des":"CCE nodes in Hybrid clusters can run on EulerOS 2.5, EulerOS 2.9, CentOS 7.7 and Ubuntu 22.04. The following table lists the supported patches for these OSs.The OS patche", + "des":"CCE nodes in Hybrid clusters can run on EulerOS 2.5, EulerOS 2.9 and Ubuntu 22.04. You are not advised to use the CentOS 7.7 image to create nodes because the OS maintena", "doc_type":"usermanual2", "kw":"OS Patch Notes for Cluster Nodes,Product Bulletin,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "opensource":"true", + "documenttype":"usermanual2", + "IsMulti":"Yes" + } + ], "title":"OS Patch Notes for Cluster Nodes", "githuburl":"" }, { "uri":"cce_bulletin_0169.html", + "node_id":"cce_bulletin_0169.xml", "product_code":"cce", "code":"20", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Security Vulnerability Responses", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "opensource":"true", + "documenttype":"usermanual2", + "IsMulti":"Yes" + } + ], "title":"Security Vulnerability Responses", "githuburl":"" }, { "uri":"cce_bulletin_0011.html", + "node_id":"cce_bulletin_0011.xml", "product_code":"cce", "code":"21", "des":"High-risk vulnerabilities:CCE fixes vulnerabilities as soon as possible after the Kubernetes community detects them and releases fixing solutions. The fixing policies are", "doc_type":"usermanual2", "kw":"Vulnerability Fixing Policies,Security Vulnerability Responses,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Vulnerability Fixing Policies", "githuburl":"" }, { "uri":"CVE-2021-4034.html", + "node_id":"cve-2021-4034.xml", "product_code":"cce", "code":"22", "des":"Recently, a security research team disclosed a privilege escalation vulnerability (CVE-2021-4034, also dubbed PwnKit) in PolKit's pkexec. Unprivileged users can gain full", "doc_type":"usermanual2", "kw":"Linux Polkit Privilege Escalation Vulnerability (CVE-2021-4034),Security Vulnerability Responses,Use", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "opensource":"true", + "documenttype":"usermanual2", + "IsMulti":"Yes" + } + ], "title":"Linux Polkit Privilege Escalation Vulnerability (CVE-2021-4034)", "githuburl":"" }, { "uri":"cce_bulletin_0206.html", + "node_id":"cce_bulletin_0206.xml", "product_code":"cce", "code":"23", "des":"The Linux Kernel SACK vulnerabilities have been fixed. This section describes the solution to these vulnerabilities.On June 18, 2019, Red Hat released a security notice, ", "doc_type":"usermanual2", "kw":"Notice on Fixing Linux Kernel SACK Vulnerabilities,Security Vulnerability Responses,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "opensource":"true", + "documenttype":"usermanual2", + "IsMulti":"Yes" + } + ], "title":"Notice on Fixing Linux Kernel SACK Vulnerabilities", "githuburl":"" }, { "uri":"cce_qs_0000.html", + "node_id":"cce_qs_0000.xml", "product_code":"cce", "code":"24", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Getting Started", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual", + "opensource":"true", + "IsMulti":"Yes" + } + ], "title":"Getting Started", "githuburl":"" }, { "uri":"cce_qs_0001.html", + "node_id":"cce_qs_0001.xml", "product_code":"cce", "code":"25", "des":"This section describes how to use Cloud Container Engine (CCE) and provides frequently asked questions (FAQs) to help you quickly get started with CCE.Complete the follow", "doc_type":"usermanual2", "kw":"Introduction,Getting Started,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Introduction", "githuburl":"" }, { "uri":"cce_qs_0006.html", + "node_id":"cce_qs_0006.xml", "product_code":"cce", "code":"26", "des":"Before using CCE, you need to make the following preparations:Creating an IAM userObtaining Resource Permissions(Optional) Creating a VPC(Optional) Creating a Key PairIf ", "doc_type":"usermanual2", "kw":"VPC,Preparations,Getting Started,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Preparations", "githuburl":"" }, { "uri":"cce_qs_0008.html", + "node_id":"cce_qs_0008.xml", "product_code":"cce", "code":"27", "des":"This section describes how to quickly create a CCE cluster. In this example, the default or simple configurations are in use.If you have not created a cluster, a wizard p", "doc_type":"usermanual2", "kw":"Creating a Kubernetes Cluster,Getting Started,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Creating a Kubernetes Cluster", "githuburl":"" }, { "uri":"cce_qs_0003.html", + "node_id":"cce_qs_0003.xml", "product_code":"cce", "code":"28", "des":"You can use images to quickly create a single-pod workload that can be accessed from public networks. This section describes how to use CCE to quickly deploy an Nginx app", "doc_type":"usermanual2", "kw":"Creating a Deployment (Nginx) from an Image,Getting Started,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Creating a Deployment (Nginx) from an Image", "githuburl":"" }, { "uri":"cce_qs_0007.html", + "node_id":"cce_qs_0007.xml", "product_code":"cce", "code":"29", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Deploying WordPress and MySQL That Depend on Each Other", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Deploying WordPress and MySQL That Depend on Each Other", "githuburl":"" }, { "uri":"cce_qs_0009.html", + "node_id":"cce_qs_0009.xml", "product_code":"cce", "code":"30", "des":"WordPress was originally a blog platform based on PHP and MySQL. It is gradually evolved into a content management system. You can set up your own blog website on any ser", "doc_type":"usermanual2", "kw":"Overview,Deploying WordPress and MySQL That Depend on Each Other,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Overview", "githuburl":"" }, { "uri":"cce_qs_0004.html", + "node_id":"cce_qs_0004.xml", "product_code":"cce", "code":"31", "des":"WordPress must be used together with MySQL. WordPress runs the content management program while MySQL serves as a database to store data.The WordPress and MySQL images ha", "doc_type":"usermanual2", "kw":"Step 1: Create a MySQL Workload,Deploying WordPress and MySQL That Depend on Each Other,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Step 1: Create a MySQL Workload", "githuburl":"" }, { "uri":"cce_qs_0005.html", + "node_id":"cce_qs_0005.xml", "product_code":"cce", "code":"32", "des":"WordPress was originally a blog platform based on PHP and MySQL. It is gradually evolved into a content management system. You can set up your own blog website on any ser", "doc_type":"usermanual2", "kw":"Step 2: Create a WordPress Workload,Deploying WordPress and MySQL That Depend on Each Other,User Gui", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "documenttype":"usermanual" + } + ], "title":"Step 2: Create a WordPress Workload", "githuburl":"" }, { "uri":"cce_10_0054.html", + "node_id":"cce_10_0054.xml", "product_code":"cce", "code":"33", "des":"During service deployment or running, you may trigger high-risk operations at different levels, causing service faults or interruption. To help you better estimate and av", "doc_type":"usermanual2", "kw":"High-Risk Operations and Solutions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"High-Risk Operations and Solutions", "githuburl":"" }, { "uri":"cce_10_0091.html", + "node_id":"cce_10_0091.xml", "product_code":"cce", "code":"34", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Clusters", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Clusters", "githuburl":"" }, { "uri":"cce_10_0002.html", + "node_id":"cce_10_0002.xml", "product_code":"cce", "code":"35", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Cluster Overview", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Cluster Overview", "githuburl":"" }, { "uri":"cce_10_0430.html", + "node_id":"cce_10_0430.xml", "product_code":"cce", "code":"36", "des":"Kubernetes is an open source container orchestration engine for automating deployment, scaling, and management of containerized applications.For developers, Kubernetes is", "doc_type":"usermanual2", - "kw":"Basic Cluster Information,Cluster Overview,User Guide", + "kw":"Master Nodes,Basic Cluster Information,Cluster Overview,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Basic Cluster Information", "githuburl":"" }, { - "uri":"cce_10_0342.html", + "uri":"cce_10_0068.html", + "node_id":"cce_10_0068.xml", "product_code":"cce", "code":"37", - "des":"The following table lists the differences between CCE Turbo clusters and CCE clusters:The QingTian architecture consists of data plane (software-hardware synergy) and man", - "doc_type":"usermanual2", - "kw":"CCE Turbo Clusters and CCE Clusters,Cluster Overview,User Guide", - "title":"CCE Turbo Clusters and CCE Clusters", - "githuburl":"" - }, - { - "uri":"cce_10_0349.html", - "product_code":"cce", - "code":"38", - "des":"kube-proxy is a key component of a Kubernetes cluster. It is responsible for load balancing and forwarding between a Service and its backend pod.CCE supports two forwardi", - "doc_type":"usermanual2", - "kw":"Comparing iptables and IPVS,Cluster Overview,User Guide", - "title":"Comparing iptables and IPVS", - "githuburl":"" - }, - { - "uri":"cce_10_0068.html", - "product_code":"cce", - "code":"39", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", - "kw":"Release Notes", - "title":"Release Notes", + "kw":"Kubernetes Release Notes", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Kubernetes Release Notes", "githuburl":"" }, { - "uri":"cce_10_0467.html", + "uri":"cce_bulletin_0058.html", + "node_id":"cce_bulletin_0058.xml", + "product_code":"cce", + "code":"38", + "des":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This document describes the changes made in Kubernetes 1.25 compared w", + "doc_type":"usermanual2", + "kw":"Kubernetes 1.25 Release Notes,Kubernetes Release Notes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Kubernetes 1.25 Release Notes", + "githuburl":"" + }, + { + "uri":"cce_bulletin_0027.html", + "node_id":"cce_bulletin_0027.xml", + "product_code":"cce", + "code":"39", + "des":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.23.Kubernetes 1", + "doc_type":"usermanual2", + "kw":"Kubernetes 1.23 Release Notes,Kubernetes Release Notes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Kubernetes 1.23 Release Notes", + "githuburl":"" + }, + { + "uri":"cce_bulletin_0026.html", + "node_id":"cce_bulletin_0026.xml", "product_code":"cce", "code":"40", - "des":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.25.Kubernetes 1", - "doc_type":"usermanual2", - "kw":"CCE Kubernetes 1.25 Release Notes,Release Notes,User Guide", - "title":"CCE Kubernetes 1.25 Release Notes", - "githuburl":"" - }, - { - "uri":"cce_10_0468.html", - "product_code":"cce", - "code":"41", - "des":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.23.Changes in C", - "doc_type":"usermanual2", - "kw":"CCE Kubernetes 1.23 Release Notes,Release Notes,User Guide", - "title":"CCE Kubernetes 1.23 Release Notes", - "githuburl":"" - }, - { - "uri":"cce_10_0469.html", - "product_code":"cce", - "code":"42", "des":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.21.Kubernetes 1", "doc_type":"usermanual2", - "kw":"CCE Kubernetes 1.21 Release Notes,Release Notes,User Guide", - "title":"CCE Kubernetes 1.21 Release Notes", + "kw":"Kubernetes 1.21 Release Notes,Kubernetes Release Notes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Kubernetes 1.21 Release Notes", "githuburl":"" }, { - "uri":"cce_10_0470.html", + "uri":"cce_whsnew_0010.html", + "node_id":"cce_whsnew_0010.xml", "product_code":"cce", - "code":"43", - "des":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.19.Kubernetes 1", + "code":"41", + "des":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.19.Kubernetes v", "doc_type":"usermanual2", - "kw":"CCE Kubernetes 1.19 Release Notes,Release Notes,User Guide", - "title":"CCE Kubernetes 1.19 Release Notes", + "kw":"Kubernetes 1.19 Release Notes,Kubernetes Release Notes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Kubernetes 1.19 Release Notes", "githuburl":"" }, { - "uri":"cce_10_0471.html", + "uri":"cce_whsnew_0007.html", + "node_id":"cce_whsnew_0007.xml", "product_code":"cce", - "code":"44", + "code":"42", "des":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.17.All resource", "doc_type":"usermanual2", - "kw":"CCE Kubernetes 1.17 Release Notes,Release Notes,User Guide", - "title":"CCE Kubernetes 1.17 Release Notes", + "kw":"Kubernetes 1.17 (EOM) Release Notes,Kubernetes Release Notes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Kubernetes 1.17 (EOM) Release Notes", "githuburl":"" }, { "uri":"cce_10_0405.html", + "node_id":"cce_10_0405.xml", "product_code":"cce", - "code":"45", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "code":"43", + "des":"All nodes in the CCE clusters of version 1.25, except the ones running EulerOS 2.5, use containerd by default.", "doc_type":"usermanual2", - "kw":"Cluster Patch Version Release Notes,Cluster Overview,User Guide", - "title":"Cluster Patch Version Release Notes", + "kw":"Release Notes for CCE Cluster Versions,Cluster Overview,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Release Notes for CCE Cluster Versions", "githuburl":"" }, { "uri":"cce_10_0298.html", + "node_id":"cce_10_0298.xml", "product_code":"cce", - "code":"46", - "des":"CCE Turbo clusters run on a cloud native infrastructure that features software-hardware synergy to support passthrough networking, high security and reliability, and inte", + "code":"44", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", - "kw":"Creating a CCE Turbo Cluster,Clusters,User Guide", - "title":"Creating a CCE Turbo Cluster", + "kw":"Creating a Cluster", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Creating a Cluster", + "githuburl":"" + }, + { + "uri":"cce_10_0342.html", + "node_id":"cce_10_0342.xml", + "product_code":"cce", + "code":"45", + "des":"The following table lists the differences between CCE Turbo clusters and CCE clusters.", + "doc_type":"usermanual2", + "kw":"CCE Turbo Clusters and CCE Clusters,Creating a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"CCE Turbo Clusters and CCE Clusters", "githuburl":"" }, { "uri":"cce_10_0028.html", + "node_id":"cce_10_0028.xml", + "product_code":"cce", + "code":"46", + "des":"On the CCE console, you can easily create Kubernetes clusters. After a cluster is created, the master node is hosted by CCE. You only need to create worker nodes. In this", + "doc_type":"usermanual2", + "kw":"Creating a Cluster,Creating a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Creating a Cluster", + "githuburl":"" + }, + { + "uri":"cce_10_0349.html", + "node_id":"cce_10_0349.xml", "product_code":"cce", "code":"47", - "des":"On the CCE console, you can easily create Kubernetes clusters. Kubernetes can manage container clusters at scale. A cluster manages a group of node resources.In CCE, you ", + "des":"kube-proxy is a key component of a Kubernetes cluster. It is used for load balancing and forwarding data between a Service and its backend pods.CCE supports the iptables ", "doc_type":"usermanual2", - "kw":"Creating a CCE Cluster,Clusters,User Guide", - "title":"Creating a CCE Cluster", + "kw":"kube-proxy,iptables,IPVS,forwarding modes,Comparing iptables and IPVS,Creating a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Comparing iptables and IPVS", "githuburl":"" }, { "uri":"cce_10_0140.html", + "node_id":"cce_10_0140.xml", "product_code":"cce", "code":"48", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", - "kw":"Using kubectl to Run a Cluster", - "title":"Using kubectl to Run a Cluster", + "kw":"Connecting to a Cluster", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Connecting to a Cluster", "githuburl":"" }, { "uri":"cce_10_0107.html", + "node_id":"cce_10_0107.xml", "product_code":"cce", "code":"49", - "des":"This section uses a CCE cluster as an example to describe how to connect to a CCE cluster using kubectl.When you access a cluster using kubectl, CCE uses thekubeconfig.js", + "des":"This section uses a CCE cluster as an example to describe how to connect to a CCE cluster using kubectl.When you access a cluster using kubectl, CCE uses kubeconfig.json ", "doc_type":"usermanual2", - "kw":"Connecting to a Cluster Using kubectl,Using kubectl to Run a Cluster,User Guide", + "kw":"kubectl,kubeconfig,Intranet access,Two-Way Authentication for Domain Names,Error from server Forbidd", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Connecting to a Cluster Using kubectl", "githuburl":"" }, { - "uri":"cce_10_0367.html", + "uri":"cce_10_0175.html", + "node_id":"cce_10_0175.xml", "product_code":"cce", "code":"50", - "des":"A Subject Alternative Name (SAN) can be signed in to a cluster server certificate. A SAN is usually used by the client to verify the server validity in TLS handshakes. Sp", + "des":"This section describes how to obtain the cluster certificate from the console and use it access Kubernetes clusters.The downloaded certificate contains three files: clien", "doc_type":"usermanual2", - "kw":"Customizing a Cluster Certificate SAN,Using kubectl to Run a Cluster,User Guide", - "title":"Customizing a Cluster Certificate SAN", + "kw":"X.509 certificate,Connecting to a Cluster Using an X.509 Certificate,Connecting to a Cluster,User Gu", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Connecting to a Cluster Using an X.509 Certificate", "githuburl":"" }, { - "uri":"cce_10_0139.html", + "uri":"cce_10_0367.html", + "node_id":"cce_10_0367.xml", "product_code":"cce", "code":"51", - "des":"getThe get command displays one or many resources of a cluster.This command prints a table of the most important information about all resources, including cluster nodes,", + "des":"A Subject Alternative Name (SAN) can be signed in to a cluster server certificate. A SAN is usually used by the client to verify the server validity in TLS handshakes. Sp", "doc_type":"usermanual2", - "kw":"Common kubectl Commands,Using kubectl to Run a Cluster,User Guide", - "title":"Common kubectl Commands", + "kw":"SAN,Accessing a Cluster Using a Custom Domain Name,Connecting to a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Accessing a Cluster Using a Custom Domain Name", "githuburl":"" }, { "uri":"cce_10_0215.html", + "node_id":"cce_10_0215.xml", "product_code":"cce", "code":"52", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Upgrading a Cluster", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Upgrading a Cluster", "githuburl":"" }, { "uri":"cce_10_0197.html", + "node_id":"cce_10_0197.xml", "product_code":"cce", "code":"53", "des":"To enable interoperability from one Kubernetes installation to the next, you must upgrade your Kubernetes clusters before the maintenance period ends.After the latest Kub", "doc_type":"usermanual2", - "kw":"Upgrade Overview,Upgrading a Cluster,User Guide", + "kw":"cluster upgrade process,Upgrade,In-place upgrade,Rolling upgrade,Upgrade Overview,Upgrading a Cluste", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Upgrade Overview", "githuburl":"" }, { "uri":"cce_10_0302.html", + "node_id":"cce_10_0302.xml", "product_code":"cce", "code":"54", - "des":"Before the upgrade, you can check whether your cluster can be upgraded and which versions are available on the CCE console. For details, see Upgrade Overview.Upgraded clu", + "des":"Before the upgrade, you can check whether your cluster can be upgraded and which versions are available on the CCE console. For details, see Upgrade Overview.Before upgra", "doc_type":"usermanual2", - "kw":"Before You Start,Upgrading a Cluster,User Guide", + "kw":"Deprecated APIs,Before You Start,Upgrading a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Before You Start", "githuburl":"" }, { - "uri":"cce_10_0560.html", + "uri":"cce_10_0301.html", + "node_id":"cce_10_0301.xml", "product_code":"cce", "code":"55", + "des":"You can upgrade your clusters to a newer version on the CCE console.Before the upgrade, learn about the target version to which each CCE cluster can be upgraded in what w", + "doc_type":"usermanual2", + "kw":"back up the cluster data,Node Priority,Performing In-place Upgrade,Upgrading a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Performing In-place Upgrade", + "githuburl":"" + }, + { + "uri":"cce_10_0560.html", + "node_id":"cce_10_0560.xml", + "product_code":"cce", + "code":"56", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", - "kw":"Post-Upgrade Verification", - "title":"Post-Upgrade Verification", + "kw":"Performing Post-Upgrade Verification", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Performing Post-Upgrade Verification", "githuburl":"" }, { "uri":"cce_10_0561.html", + "node_id":"cce_10_0561.xml", "product_code":"cce", - "code":"56", + "code":"57", "des":"After the cluster is upgraded, check whether the services are running normal.Different services have different verification mode. Select a suitable one and verify the ser", "doc_type":"usermanual2", - "kw":"Service Verification,Post-Upgrade Verification,User Guide", + "kw":"Service Verification,Performing Post-Upgrade Verification,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Service Verification", "githuburl":"" }, { "uri":"cce_10_0562.html", + "node_id":"cce_10_0562.xml", "product_code":"cce", - "code":"57", - "des":"Check whether unexpected pods exist in the cluster.Check whether there are pods restart unexpectedly in the cluster.Go to the CCE console and access the cluster console. ", + "code":"58", + "des":"Check whether there are unexpected pods in the cluster.Check whether there are any pods that ran properly originally in the cluster restart unexpectedly.Log in to the CCE", "doc_type":"usermanual2", - "kw":"Pod Check,Post-Upgrade Verification,User Guide", + "kw":"Pod Check,Performing Post-Upgrade Verification,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Pod Check", "githuburl":"" }, { "uri":"cce_10_0563.html", + "node_id":"cce_10_0563.xml", "product_code":"cce", - "code":"58", + "code":"59", "des":"Check whether the nodes are running properly.Check whether the node network is normal.Check whether the container network is normal.The node status reflects whether the n", "doc_type":"usermanual2", - "kw":"Node and Container Network Check,Post-Upgrade Verification,User Guide", + "kw":"Node and Container Network Check,Performing Post-Upgrade Verification,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node and Container Network Check", "githuburl":"" }, { "uri":"cce_10_0564.html", + "node_id":"cce_10_0564.xml", "product_code":"cce", - "code":"59", - "des":"Check whether the label is lost.Check whether there are unexpected taints.Go to the CCE console, access the cluster console, and choose Nodes in the navigation pane. On t", + "code":"60", + "des":"Check whether custom node labels are lost.Check whether there are any unexpected taints newly added on the node, which will affect workload scheduling.Go to the CCE conso", "doc_type":"usermanual2", - "kw":"Node Label and Taint Check,Post-Upgrade Verification,User Guide", + "kw":"Node Label and Taint Check,Performing Post-Upgrade Verification,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node Label and Taint Check", "githuburl":"" }, { "uri":"cce_10_0565.html", + "node_id":"cce_10_0565.xml", "product_code":"cce", - "code":"60", - "des":"Check whether nodes can be created in the cluster.Go to the CCE console and access the cluster console. Choose Nodes in the navigation pane, and click Create Node.If node", + "code":"61", + "des":"Check whether nodes can be created in the cluster.Log in to the CCE console and access the cluster console. Choose Nodes in the navigation pane, and click Create Node. Fo", "doc_type":"usermanual2", - "kw":"New Node Check,Post-Upgrade Verification,User Guide", + "kw":"New Node Check,Performing Post-Upgrade Verification,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"New Node Check", "githuburl":"" }, { "uri":"cce_10_0566.html", + "node_id":"cce_10_0566.xml", "product_code":"cce", - "code":"61", + "code":"62", "des":"Check whether pods can be created on the existing nodes after the cluster is upgraded.Check whether pods can be created on new nodes after the cluster is upgraded.After c", "doc_type":"usermanual2", - "kw":"New Pod Check,Post-Upgrade Verification,User Guide", + "kw":"New Pod Check,Performing Post-Upgrade Verification,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"New Pod Check", "githuburl":"" }, { "uri":"cce_10_0567.html", + "node_id":"cce_10_0567.xml", "product_code":"cce", - "code":"62", - "des":"After the cluster is upgraded, you need to reset the nodes that fail to be upgraded.Go back to the previous step or view the upgrade details on the upgrade history page t", + "code":"63", + "des":"After the cluster is upgraded, reset the nodes that fail to be upgraded.Go back to the previous step or view the upgrade details on the upgrade history page to view the n", "doc_type":"usermanual2", - "kw":"Node Skipping Check for Reset,Post-Upgrade Verification,User Guide", + "kw":"Node Skipping Check for Reset,Performing Post-Upgrade Verification,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node Skipping Check for Reset", "githuburl":"" }, { - "uri":"cce_10_0120.html", - "product_code":"cce", - "code":"63", - "des":"You can upgrade your clusters to a newer Kubernetes version on the CCE console.Before the upgrade, learn about the target version to which each CCE cluster can be upgrade", - "doc_type":"usermanual2", - "kw":"Performing Replace/Rolling Upgrade,Upgrading a Cluster,User Guide", - "title":"Performing Replace/Rolling Upgrade", - "githuburl":"" - }, - { - "uri":"cce_10_0301.html", + "uri":"cce_10_0210.html", + "node_id":"cce_10_0210.xml", "product_code":"cce", "code":"64", - "des":"You can upgrade your clusters to a newer version on the CCE console.Before the upgrade, learn about the target version to which each CCE cluster can be upgraded in what w", - "doc_type":"usermanual2", - "kw":"Performing In-place Upgrade,Upgrading a Cluster,User Guide", - "title":"Performing In-place Upgrade", - "githuburl":"" - }, - { - "uri":"cce_10_0210.html", - "product_code":"cce", - "code":"65", "des":"This section describes how to migrate services from a cluster of an earlier version to a cluster of a later version in CCE.This operation is applicable when a cross-versi", "doc_type":"usermanual2", "kw":"Migrating Services Across Clusters of Different Versions,Upgrading a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Migrating Services Across Clusters of Different Versions", "githuburl":"" }, { "uri":"cce_10_0550.html", + "node_id":"cce_10_0550.xml", "product_code":"cce", - "code":"66", + "code":"65", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Troubleshooting for Pre-upgrade Check Exceptions", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Troubleshooting for Pre-upgrade Check Exceptions", "githuburl":"" }, { "uri":"cce_10_0549.html", + "node_id":"cce_10_0549.xml", "product_code":"cce", - "code":"67", + "code":"66", "des":"The system performs a comprehensive pre-upgrade check before the cluster upgrade. If the cluster does not meet the pre-upgrade check conditions, the upgrade cannot contin", "doc_type":"usermanual2", - "kw":"Performing Pre-upgrade Check,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Performing Pre-upgrade Check", + "kw":"Pre-upgrade Check,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Pre-upgrade Check", "githuburl":"" }, { "uri":"cce_10_0431.html", + "node_id":"cce_10_0431.xml", "product_code":"cce", - "code":"68", + "code":"67", "des":"Check the following aspects:Check whether the node is available.Check whether the node OS supports the upgrade.Check whether there are unexpected node pool tags in the no", "doc_type":"usermanual2", - "kw":"Checking the Node,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Checking the Node", + "kw":"Node Restrictions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Node Restrictions", "githuburl":"" }, { "uri":"cce_10_0432.html", + "node_id":"cce_10_0432.xml", "product_code":"cce", - "code":"69", + "code":"68", "des":"Check whether the current user is in the upgrade blocklist.CCE temporarily disables the cluster upgrade function due to the following reasons:The cluster is identified as", "doc_type":"usermanual2", - "kw":"Checking the Blocklist,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Checking the Blocklist", + "kw":"Blocklist,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Blocklist", "githuburl":"" }, { "uri":"cce_10_0433.html", + "node_id":"cce_10_0433.xml", "product_code":"cce", - "code":"70", - "des":"Check the following aspects:Check whether the add-on status is normal.Check whether the add-on supports the target version.Scenario 1: The add-on status is abnormal.Log i", + "code":"69", + "des":"Check the following aspects:Check whether the add-on status is normal.Check whether the add-on support the target version.Scenario 1: The add-on status is abnormal.Log in", "doc_type":"usermanual2", - "kw":"Checking the Add-on,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Checking the Add-on", + "kw":"Add-ons,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Add-ons", "githuburl":"" }, { "uri":"cce_10_0434.html", + "node_id":"cce_10_0434.xml", "product_code":"cce", - "code":"71", + "code":"70", "des":"Check whether the current HelmRelease record contains discarded Kubernetes APIs that are not supported by the target cluster version. If yes, the Helm chart may be unavai", "doc_type":"usermanual2", - "kw":"Checking the Helm Chart,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Checking the Helm Chart", + "kw":"Helm Charts,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Helm Charts", "githuburl":"" }, { "uri":"cce_10_0435.html", + "node_id":"cce_10_0435.xml", "product_code":"cce", - "code":"72", + "code":"71", "des":"Check whether CCE can connect to your master nodes.Contact technical support.", "doc_type":"usermanual2", - "kw":"Checking the Master Node SSH Connectivity,Troubleshooting for Pre-upgrade Check Exceptions,User Guid", - "title":"Checking the Master Node SSH Connectivity", + "kw":"SSH Connectivity of Master Nodes,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"SSH Connectivity of Master Nodes", "githuburl":"" }, { "uri":"cce_10_0436.html", + "node_id":"cce_10_0436.xml", "product_code":"cce", - "code":"73", - "des":"Check the following aspects:Check the node status.Check whether the auto scaling function of the node pool is disabled.Scenario 1: The node pool status is abnormal.Log in", + "code":"72", + "des":"Check the node pool status.Scenario: The node pool malfunctions.Log in to the CCE console, go to the target cluster and choose Nodes. On the displayed page, click Node Po", "doc_type":"usermanual2", - "kw":"Checking the Node Pool,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Checking the Node Pool", + "kw":"Node Pools,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Node Pools", "githuburl":"" }, { "uri":"cce_10_0437.html", + "node_id":"cce_10_0437.xml", "product_code":"cce", - "code":"74", - "des":"Check whether the security group allows the master node to access nodes using ICMP.Log in to the VPC console, choose Access Control > Security Groups, and enter the targe", + "code":"73", + "des":"Check whether the security group allows the master node to access nodes using ICMP.This check item is performed only for clusters using VPC networking. For clusters using", "doc_type":"usermanual2", - "kw":"Checking the Security Group,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Checking the Security Group", + "kw":"Security Groups,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Security Groups", "githuburl":"" }, { "uri":"cce_10_0439.html", + "node_id":"cce_10_0439.xml", "product_code":"cce", - "code":"75", - "des":"Check whether the node needs to be migrated.For the 1.15 cluster that is upgraded from 1.13 in rolling mode, you need to migrate (reset or create and replace) all nodes b", + "code":"74", + "des":"Check whether the node needs to be migrated.For the 1.15 cluster that is upgraded from 1.13 in rolling mode, migrate (reset or create and replace) all nodes before perfor", "doc_type":"usermanual2", - "kw":"To-Be-Migrated Node,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"To-Be-Migrated Node", + "kw":"To-Be-Migrated Nodes,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"To-Be-Migrated Nodes", "githuburl":"" }, { "uri":"cce_10_0440.html", + "node_id":"cce_10_0440.xml", "product_code":"cce", - "code":"76", - "des":"Check whether there are discarded resources in the clusters.Scenario 1: The PodSecurityPolicy resource object has been discarded since clusters of v1.25.Run the kubectl g", + "code":"75", + "des":"Check whether there are discarded resources in the clusters.Scenario 1: The PodSecurityPolicy resource object has been discarded since clusters of 1.25.Run the kubectl ge", "doc_type":"usermanual2", - "kw":"Discarded Kubernetes Resource,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Discarded Kubernetes Resource", + "kw":"Discarded Kubernetes Resources,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Discarded Kubernetes Resources", "githuburl":"" }, { "uri":"cce_10_0441.html", + "node_id":"cce_10_0441.xml", "product_code":"cce", - "code":"77", - "des":"Read the version compatibility differences and ensure that they are not affected.The patch upgrade does not involve version compatibility differences.", + "code":"76", + "des":"Read the version compatibility differences and ensure that they are not affected. The patch upgrade does not involve version compatibility differences.", "doc_type":"usermanual2", - "kw":"Compatibility Risk,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Compatibility Risk", + "kw":"Compatibility Risks,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Compatibility Risks", "githuburl":"" }, { "uri":"cce_10_0442.html", + "node_id":"cce_10_0442.xml", "product_code":"cce", - "code":"78", - "des":"Check whether cce-agent on the current node is of the latest version.If cce-agent is not of the latest version, the automatic update fails. This problem is usually caused", + "code":"77", + "des":"Check whether cce-agent on the current node is of the latest version.Scenario 1: The error message \"you cce-agent no update, please restart it\" is displayed.cce-agent doe", "doc_type":"usermanual2", - "kw":"Node CCEAgent Version,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Node CCEAgent Version", + "kw":"Node CCE Agent Versions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Node CCE Agent Versions", "githuburl":"" }, { "uri":"cce_10_0443.html", + "node_id":"cce_10_0443.xml", "product_code":"cce", - "code":"79", + "code":"78", "des":"Check whether the CPU usage of the node exceeds 90%.Upgrade the cluster during off-peak hours.Check whether too many pods are deployed on the node. If yes, reschedule pod", "doc_type":"usermanual2", "kw":"Node CPU Usage,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node CPU Usage", "githuburl":"" }, { "uri":"cce_10_0444.html", + "node_id":"cce_10_0444.xml", "product_code":"cce", - "code":"80", + "code":"79", "des":"Check the following aspects:Check whether the key CRD packageversions.version.cce.io of the cluster is deleted.Check whether the cluster key CRD network-attachment-defini", "doc_type":"usermanual2", - "kw":"CRD Check,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"CRD Check", + "kw":"CRDs,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"CRDs", "githuburl":"" }, { "uri":"cce_10_0445.html", + "node_id":"cce_10_0445.xml", "product_code":"cce", - "code":"81", + "code":"80", "des":"Check the following aspects:Check whether the key data disks on the node meet the upgrade requirements.Check whether the /tmp directory has 500 MB available space.During ", "doc_type":"usermanual2", - "kw":"Node Disk,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Node Disk", + "kw":"Node Disks,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Node Disks", "githuburl":"" }, { "uri":"cce_10_0446.html", + "node_id":"cce_10_0446.xml", "product_code":"cce", - "code":"82", + "code":"81", "des":"Check the following aspects:Check whether the DNS configuration of the current node can resolve the OBS address.Check whether the current node can access the OBS address ", "doc_type":"usermanual2", "kw":"Node DNS,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node DNS", "githuburl":"" }, { "uri":"cce_10_0447.html", + "node_id":"cce_10_0447.xml", "product_code":"cce", - "code":"83", - "des":"Check whether the key directory /var/paas on the nodes contain files with abnormal owners or owner groups.CCE uses the /var/paas directory to manage nodes and store file ", + "code":"82", + "des":"Check whether the key directory /var/paas on the nodes contain files with abnormal owners or owner groups.Scenario 1: The error message \"xx file permission has been chang", "doc_type":"usermanual2", "kw":"Node Key Directory File Permissions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node Key Directory File Permissions", "githuburl":"" }, { "uri":"cce_10_0448.html", + "node_id":"cce_10_0448.xml", "product_code":"cce", - "code":"84", - "des":"Check whether the kubelet on the node is running properly.Scenario 1: The kubelet status is abnormal.If the kubelet is abnormal, the node is unavailable. Restore the node", + "code":"83", + "des":"Check whether the kubelet on the node is running properly.Scenario 1: The kubelet status is abnormal.If the kubelet malfunctions, the node is unavailable. Restore the nod", "doc_type":"usermanual2", "kw":"Kubelet,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Kubelet", "githuburl":"" }, { "uri":"cce_10_0449.html", + "node_id":"cce_10_0449.xml", "product_code":"cce", - "code":"85", + "code":"84", "des":"Check whether the memory usage of the node exceeds 90%.Upgrade the cluster during off-peak hours.Check whether too many pods are deployed on the node. If yes, reschedule ", "doc_type":"usermanual2", "kw":"Node Memory,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node Memory", "githuburl":"" }, { "uri":"cce_10_0450.html", + "node_id":"cce_10_0450.xml", "product_code":"cce", - "code":"86", + "code":"85", "des":"Check whether the clock synchronization server ntpd or chronyd of the node is running properly.Scenario 1: ntpd is running abnormally.Log in to the node and run the syste", "doc_type":"usermanual2", "kw":"Node Clock Synchronization Server,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node Clock Synchronization Server", "githuburl":"" }, { "uri":"cce_10_0451.html", + "node_id":"cce_10_0451.xml", "product_code":"cce", - "code":"87", + "code":"86", "des":"Check whether the OS kernel version of the node is supported by CCE.Running nodes depend on the initial standard kernel version when they are created. CCE has performed c", "doc_type":"usermanual2", "kw":"Node OS,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node OS", "githuburl":"" }, { "uri":"cce_10_0452.html", + "node_id":"cce_10_0452.xml", "product_code":"cce", - "code":"88", + "code":"87", "des":"Check whether the number of CPUs on the master node is greater than 2.If the number of CPUs on the master node is 2, contact technical support to expand the number to 4 o", "doc_type":"usermanual2", - "kw":"Node CPU Count,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Node CPU Count", + "kw":"Node CPUs,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Node CPUs", "githuburl":"" }, { "uri":"cce_10_0453.html", + "node_id":"cce_10_0453.xml", "product_code":"cce", - "code":"89", + "code":"88", "des":"Check whether the Python commands are available on a node.If the command output is not 0, the check fails.Install Python before the upgrade.", "doc_type":"usermanual2", - "kw":"Node Python Command,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Node Python Command", + "kw":"Node Python Commands,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Node Python Commands", "githuburl":"" }, { "uri":"cce_10_0455.html", + "node_id":"cce_10_0455.xml", "product_code":"cce", - "code":"90", + "code":"89", "des":"Check whether the nodes in the cluster are ready.Scenario 1: The nodes are in the unavailable status.Log in to the CCE console and access the cluster console. Choose Node", "doc_type":"usermanual2", "kw":"Node Readiness,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node Readiness", "githuburl":"" }, { "uri":"cce_10_0456.html", + "node_id":"cce_10_0456.xml", "product_code":"cce", - "code":"91", - "des":"Check whether journald of a node is normal.Log in to the node and run the systemctl is-active systemd-journald command to query the running status of journald. If the com", + "code":"90", + "des":"Check whether journald of a node is normal.Log in to the node and run the systemctl is-active systemd-journald command to obtain the running status of journald. If the co", "doc_type":"usermanual2", "kw":"Node journald,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node journald", "githuburl":"" }, { "uri":"cce_10_0457.html", + "node_id":"cce_10_0457.xml", "product_code":"cce", - "code":"92", + "code":"91", "des":"Check whether the containerd.sock file exists on the node. This file affects the startup of container runtime in the Euler OS.Scenario: The Docker used by the node is the", "doc_type":"usermanual2", - "kw":"containerd.sock Check,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"containerd.sock Check", + "kw":"containerd.sock,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"containerd.sock", "githuburl":"" }, { "uri":"cce_10_0458.html", + "node_id":"cce_10_0458.xml", "product_code":"cce", - "code":"93", + "code":"92", "des":"Before the upgrade, check whether an internal error occurs.If this check fails, contact technical support.", "doc_type":"usermanual2", - "kw":"Internal Error,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Internal Error", + "kw":"Internal Errors,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Internal Errors", "githuburl":"" }, { "uri":"cce_10_0459.html", + "node_id":"cce_10_0459.xml", "product_code":"cce", - "code":"94", + "code":"93", "des":"Check whether inaccessible mount points exist on the node.Scenario: There are inaccessible mount points on the node.If network NFS (such as OBS, SFS, and SFS) is used by ", "doc_type":"usermanual2", - "kw":"Node Mount Point,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Node Mount Point", + "kw":"Node Mount Points,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Node Mount Points", "githuburl":"" }, { "uri":"cce_10_0460.html", + "node_id":"cce_10_0460.xml", "product_code":"cce", - "code":"95", - "des":"Check whether the taint, as shown in Table 1, exists on the node.Taint checklistNameImpactnode.kubernetes.io/upgradeNoScheduleScenario 1: The node is skipped during the c", + "code":"94", + "des":"Check whether the taint needed for cluster upgrade exists on the node.Scenario 1: The node is skipped during the cluster upgrade.If the version of the node is different f", "doc_type":"usermanual2", - "kw":"Kubernetes Node Taint,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Kubernetes Node Taint", + "kw":"Kubernetes Node Taints,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Kubernetes Node Taints", "githuburl":"" }, { "uri":"cce_10_0478.html", + "node_id":"cce_10_0478.xml", "product_code":"cce", - "code":"96", - "des":"Check whether the current everest add-on has compatibility restrictions. See Table 1.The current everest add-on has compatibility restrictions and cannot be upgraded with", + "code":"95", + "des":"Check whether there are any compatibility restrictions on the current everest add-on.There are compatibility restrictions on the current everest add-on and it cannot be u", "doc_type":"usermanual2", - "kw":"everest Restriction Check,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"everest Restriction Check", + "kw":"everest Restrictions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"everest Restrictions", "githuburl":"" }, { "uri":"cce_10_0479.html", + "node_id":"cce_10_0479.xml", "product_code":"cce", - "code":"97", + "code":"96", "des":"Check whether the current cce-controller-hpa add-on has compatibility restrictions.The current cce-controller-hpa add-on has compatibility restrictions. An add-on that ca", "doc_type":"usermanual2", - "kw":"cce-hpa-controller Restriction Check,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"cce-hpa-controller Restriction Check", + "kw":"cce-hpa-controller Restrictions,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"cce-hpa-controller Restrictions", "githuburl":"" }, { "uri":"cce_10_0480.html", + "node_id":"cce_10_0480.xml", "product_code":"cce", - "code":"98", - "des":"Check whether the current cluster version and the target version support enhanced CPU policy.Scenario: The current cluster version uses the enhanced CPU management policy", + "code":"97", + "des":"Check whether the current cluster version and the target version support the enhanced CPU policy.Scenario: Only the current cluster version supports the enhanced CPU poli", "doc_type":"usermanual2", - "kw":"Enhanced CPU Management Policy,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Enhanced CPU Management Policy", + "kw":"Enhanced CPU Policies,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Enhanced CPU Policies", "githuburl":"" }, { "uri":"cce_10_0484.html", + "node_id":"cce_10_0484.xml", "product_code":"cce", - "code":"99", - "des":"Check whether the container runtime and network components on the user node are healthy.If a component is abnormal, log in to the node to check the status of the abnormal", + "code":"98", + "des":"Check whether the container runtime and network components on the worker nodes are healthy.If a worker node component malfunctions, log in to the node to check the status", "doc_type":"usermanual2", - "kw":"User Node Components Health,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"User Node Components Health", + "kw":"Health of Worker Node Components,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Health of Worker Node Components", "githuburl":"" }, { "uri":"cce_10_0485.html", + "node_id":"cce_10_0485.xml", "product_code":"cce", - "code":"100", - "des":"Check whether the Kubernetes, container runtime, and network components of the controller node are healthy.If a component on the controller node is abnormal, contact tech", + "code":"99", + "des":"Check whether the Kubernetes, container runtime, and network components of the master nodes are healthy.If a master node component malfunctions, contact technical support", "doc_type":"usermanual2", - "kw":"Controller Node Components Health,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Controller Node Components Health", + "kw":"Health of Master Node Components,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Health of Master Node Components", "githuburl":"" }, { "uri":"cce_10_0486.html", + "node_id":"cce_10_0486.xml", "product_code":"cce", - "code":"101", - "des":"Check whether the resources of Kubernetes components, such as etcd and kube-controller-manager, exceed the upper limit.Solution 1: Reducing Kubernetes resourcesSolution 2", + "code":"100", + "des":"Check whether the resources of Kubernetes components, such as etcd and kube-controller-manager, exceed the upper limit.Solution 1: Reduce Kubernetes resources.Solution 2:", "doc_type":"usermanual2", "kw":"Memory Resource Limit of Kubernetes Components,Troubleshooting for Pre-upgrade Check Exceptions,User", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Memory Resource Limit of Kubernetes Components", "githuburl":"" }, { "uri":"cce_10_0487.html", + "node_id":"cce_10_0487.xml", "product_code":"cce", - "code":"102", + "code":"101", "des":"The system scans the audit logs of the past day to check whether the user calls the deprecated APIs of the target Kubernetes version.Due to the limited time range of audi", "doc_type":"usermanual2", - "kw":"Checking Deprecated Kubernetes APIs,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"Checking Deprecated Kubernetes APIs", + "kw":"Discarded Kubernetes APIs,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Discarded Kubernetes APIs", "githuburl":"" }, { "uri":"cce_10_0488.html", + "node_id":"cce_10_0488.xml", "product_code":"cce", - "code":"103", + "code":"102", "des":"If IPv6 is enabled for a CCE Turbo cluster, check whether the target cluster version supports IPv6.CCE Turbo clusters support IPv6 since v1.23. This feature is available ", "doc_type":"usermanual2", - "kw":"IPv6 Capability of a CCE Turbo Cluster,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", - "title":"IPv6 Capability of a CCE Turbo Cluster", + "kw":"IPv6 Capabilities of a CCE Turbo Cluster,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"IPv6 Capabilities of a CCE Turbo Cluster", "githuburl":"" }, { "uri":"cce_10_0489.html", + "node_id":"cce_10_0489.xml", "product_code":"cce", - "code":"104", - "des":"Check whether NetworkManager of a node is normal.Log in to the node and run the systemctl is-active NetworkManager command to query the running status of NetworkManager. ", + "code":"103", + "des":"Check whether NetworkManager of a node is normal.Log in to the node and run the systemctl is-active NetworkManager command to obtain the running status of NetworkManager.", "doc_type":"usermanual2", "kw":"Node NetworkManager,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node NetworkManager", "githuburl":"" }, { "uri":"cce_10_0490.html", + "node_id":"cce_10_0490.xml", "product_code":"cce", - "code":"105", + "code":"104", "des":"Check the ID file format.", "doc_type":"usermanual2", "kw":"Node ID File,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node ID File", "githuburl":"" }, { "uri":"cce_10_0491.html", + "node_id":"cce_10_0491.xml", "product_code":"cce", - "code":"106", + "code":"105", "des":"When you upgrade a CCE cluster to v1.19 or later, the system checks whether the following configuration files have been modified in the background:/opt/cloud/cce/kubernet", "doc_type":"usermanual2", "kw":"Node Configuration Consistency,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node Configuration Consistency", "githuburl":"" }, { "uri":"cce_10_0492.html", + "node_id":"cce_10_0492.xml", "product_code":"cce", - "code":"107", + "code":"106", "des":"Check whether the configuration files of key components exist on the node.The following table lists the files to be checked.Contact technical support to restore the confi", "doc_type":"usermanual2", "kw":"Node Configuration File,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node Configuration File", "githuburl":"" }, { "uri":"cce_10_0493.html", + "node_id":"cce_10_0493.xml", "product_code":"cce", - "code":"108", - "des":"Check whether the current CoreDNS key configuration Corefile is different from the Helm Release record. The difference may be overwritten during the add-on upgrade, affec", + "code":"107", + "des":"Check whether the current CoreDNS key configuration Corefile is different from the Helm release record. The difference may be overwritten during the add-on upgrade, affec", "doc_type":"usermanual2", - "kw":"Checking CoreDNS Configuration Consistency,Troubleshooting for Pre-upgrade Check Exceptions,User Gui", - "title":"Checking CoreDNS Configuration Consistency", + "kw":"CoreDNS Configuration Consistency,Troubleshooting for Pre-upgrade Check Exceptions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"CoreDNS Configuration Consistency", "githuburl":"" }, { "uri":"cce_10_0031.html", + "node_id":"cce_10_0031.xml", "product_code":"cce", - "code":"109", + "code":"108", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Managing a Cluster", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Managing a Cluster", "githuburl":"" }, { "uri":"cce_10_0213.html", + "node_id":"cce_10_0213.xml", "product_code":"cce", - "code":"110", + "code":"109", "des":"CCE allows you to manage cluster parameters, through which you can let core components work under your very requirements.This function is supported only in clusters of v1", "doc_type":"usermanual2", - "kw":"Cluster Configuration Management,Managing a Cluster,User Guide", + "kw":"cluster parameters,kube-apiserver,kube-scheduler,kube-controller-manager,Cluster Configuration Manag", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Cluster Configuration Management", "githuburl":"" }, { - "uri":"cce_10_0212.html", + "uri":"cce_10_0602.html", + "node_id":"cce_10_0602.xml", + "product_code":"cce", + "code":"110", + "des":"If enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.The cluster version must ", + "doc_type":"usermanual2", + "kw":"Cluster Overload Control,Managing a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Cluster Overload Control", + "githuburl":"" + }, + { + "uri":"cce_10_0403.html", + "node_id":"cce_10_0403.xml", "product_code":"cce", "code":"111", - "des":"This section describes how to delete a cluster.Deleting a cluster will delete the nodes in the cluster (excluding accepted nodes), data disks attached to the nodes, workl", + "des":"CCE allows you to change the number of nodes managed in a cluster.This function is supported for clusters of v1.15 and later versions.Starting from v1.15.11, the number o", + "doc_type":"usermanual2", + "kw":"Changing Cluster Scale,Managing a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Changing Cluster Scale", + "githuburl":"" + }, + { + "uri":"cce_10_0212.html", + "node_id":"cce_10_0212.xml", + "product_code":"cce", + "code":"112", + "des":"Deleting a cluster will delete the nodes in the cluster (excluding accepted nodes), data disks attached to the nodes, workloads, and Services. Related services cannot be ", "doc_type":"usermanual2", "kw":"Deleting a Cluster,Managing a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Deleting a Cluster", "githuburl":"" }, { "uri":"cce_10_0214.html", + "node_id":"cce_10_0214.xml", "product_code":"cce", - "code":"112", + "code":"113", "des":"If you do not need to use a cluster temporarily, you are advised to hibernate the cluster.After a cluster is hibernated, resources such as workloads cannot be created or ", "doc_type":"usermanual2", "kw":"Hibernating and Waking Up a Cluster,Managing a Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Hibernating and Waking Up a Cluster", "githuburl":"" }, { - "uri":"cce_10_0602.html", - "product_code":"cce", - "code":"113", - "des":"If overload control is enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.The c", - "doc_type":"usermanual2", - "kw":"Cluster Overload Control,Managing a Cluster,User Guide", - "title":"Cluster Overload Control", - "githuburl":"" - }, - { - "uri":"cce_10_0175.html", + "uri":"cce_10_0183.html", + "node_id":"cce_10_0183.xml", "product_code":"cce", "code":"114", - "des":"This section describes how to obtain the cluster certificate from the console and use it to access Kubernetes clusters.The downloaded certificate contains three files: cl", - "doc_type":"usermanual2", - "kw":"Obtaining a Cluster Certificate,Clusters,User Guide", - "title":"Obtaining a Cluster Certificate", - "githuburl":"" - }, - { - "uri":"cce_10_0403.html", - "product_code":"cce", - "code":"115", - "des":"CCE allows you to change the number of nodes managed in a cluster.This function is supported for clusters of v1.15 and later versions.Starting from v1.15.11, the number o", - "doc_type":"usermanual2", - "kw":"Changing Cluster Scale,Clusters,User Guide", - "title":"Changing Cluster Scale", - "githuburl":"" - }, - { - "uri":"cce_10_0183.html", - "product_code":"cce", - "code":"116", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", - "kw":"node labels", + "kw":"Nodes", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Nodes", "githuburl":"" }, { "uri":"cce_10_0180.html", + "node_id":"cce_10_0180.xml", "product_code":"cce", - "code":"117", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "code":"115", + "des":"A container cluster consists of a set of worker machines, called nodes, that run containerized applications. A node can be a virtual machine (VM) or a physical machine (P", "doc_type":"usermanual2", - "kw":"Node Overview", + "kw":"paas user or user group,Node Overview,Nodes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node Overview", "githuburl":"" }, - { - "uri":"cce_10_0461.html", - "product_code":"cce", - "code":"118", - "des":"A container cluster consists of a set of worker machines, called nodes, that run containerized applications. A node can be a virtual machine (VM) or a physical machine (P", - "doc_type":"usermanual2", - "kw":"Precautions for Using a Node,Node Overview,User Guide", - "title":"Precautions for Using a Node", - "githuburl":"" - }, { "uri":"cce_10_0462.html", + "node_id":"cce_10_0462.xml", "product_code":"cce", - "code":"119", + "code":"116", "des":"Container engines, one of the most important components of Kubernetes, manage the lifecycle of images and containers. The kubelet interacts with a container runtime throu", "doc_type":"usermanual2", - "kw":"Container Engine,Node Overview,User Guide", + "kw":"Container Engine,Nodes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Container Engine", "githuburl":"" }, - { - "uri":"cce_10_0463.html", - "product_code":"cce", - "code":"120", - "des":"The most significant difference is that each Kata container (pod) runs on an independent micro-VM, has an independent OS kernel, and is securely isolated at the virtualiz", - "doc_type":"usermanual2", - "kw":"Kata Containers and Common Containers,Node Overview,User Guide", - "title":"Kata Containers and Common Containers", - "githuburl":"" - }, - { - "uri":"cce_10_0348.html", - "product_code":"cce", - "code":"121", - "des":"The maximum number of pods that can be created on a node is determined by the following parameters:Number of container IP addresses that can be allocated on a node (alpha", - "doc_type":"usermanual2", - "kw":"Maximum Number of Pods That Can Be Created on a Node,Node Overview,User Guide", - "title":"Maximum Number of Pods That Can Be Created on a Node", - "githuburl":"" - }, - { - "uri":"cce_10_0178.html", - "product_code":"cce", - "code":"122", - "des":"Some of the resources on the node need to run some necessary Kubernetes system components and resources to make the node as part of your cluster. Therefore, the total num", - "doc_type":"usermanual2", - "kw":"node,Kubernetes,Formula for Calculating the Reserved Resources of a Node,Node Overview,User Guide", - "title":"Formula for Calculating the Reserved Resources of a Node", - "githuburl":"" - }, - { - "uri":"cce_10_0341.html", - "product_code":"cce", - "code":"123", - "des":"This section describes how to allocate data disk space.When creating a node, you need to configure a data disk whose capacity is greater than or equal to 100GB for the no", - "doc_type":"usermanual2", - "kw":"Data Disk Space Allocation,Node Overview,User Guide", - "title":"Data Disk Space Allocation", - "githuburl":"" - }, { "uri":"cce_10_0363.html", + "node_id":"cce_10_0363.xml", "product_code":"cce", - "code":"124", - "des":"At least one cluster has been created.A key pair has been created for identity authentication upon remote node login.The node has 2-core or higher CPU, 4 GB or larger mem", + "code":"117", + "des":"At least one cluster has been created.A key pair has been created for identity authentication upon remote node login.The node has at least 2 vCPUs and 4 GiB of memory.To ", "doc_type":"usermanual2", "kw":"Creating a Node,Nodes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Creating a Node", "githuburl":"" }, { "uri":"cce_10_0198.html", + "node_id":"cce_10_0198.xml", "product_code":"cce", - "code":"125", - "des":"In CCE, you can Creating a Node or add existing nodes (ECSs) into your cluster.While an ECS is being accepted into a cluster, the operating system of the ECS will be rese", + "code":"118", + "des":"In CCE, you can create a node (Creating a Node) or add existing nodes (ECSs or) to your cluster.While an ECS is being accepted into a cluster, the operating system of the", "doc_type":"usermanual2", "kw":"Adding Nodes for Management,Nodes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Adding Nodes for Management", "githuburl":"" }, - { - "uri":"cce_10_0338.html", - "product_code":"cce", - "code":"126", - "des":"Removing a node from a cluster will re-install the node OS and clear CCE components on the node.Removing a node will not delete the server corresponding to the node. You ", - "doc_type":"usermanual2", - "kw":"Removing a Node,Nodes,User Guide", - "title":"Removing a Node", - "githuburl":"" - }, - { - "uri":"cce_10_0003.html", - "product_code":"cce", - "code":"127", - "des":"You can reset a node to modify the node configuration, such as the node OS and login mode.Resetting a node will reinstall the node OS and the Kubernetes software on the n", - "doc_type":"usermanual2", - "kw":"Resetting a Node,Nodes,User Guide", - "title":"Resetting a Node", - "githuburl":"" - }, { "uri":"cce_10_0185.html", + "node_id":"cce_10_0185.xml", "product_code":"cce", - "code":"128", + "code":"119", "des":"If you use SSH to log in to a node (an ECS), ensure that the ECS already has an EIP (a public IP address).Only login to a running ECS is allowed.Only the user linux can l", "doc_type":"usermanual2", "kw":"Logging In to a Node,Nodes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Logging In to a Node", "githuburl":"" }, { - "uri":"cce_10_0004.html", + "uri":"cce_10_0672.html", + "node_id":"cce_10_0672.xml", "product_code":"cce", - "code":"129", + "code":"120", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"node labels", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Management Nodes", + "githuburl":"" + }, + { + "uri":"cce_10_0004.html", + "node_id":"cce_10_0004.xml", + "product_code":"cce", + "code":"121", "des":"You can add different labels to nodes and define different attributes for labels. By using these node labels, you can quickly understand the characteristics of each node.", "doc_type":"usermanual2", - "kw":"node labels,Inherent Label of a Node,Managing Node Labels,Nodes,User Guide", + "kw":"node labels,Inherent Label of a Node,Managing Node Labels,Management Nodes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Managing Node Labels", "githuburl":"" }, { "uri":"cce_10_0352.html", + "node_id":"cce_10_0352.xml", "product_code":"cce", - "code":"130", + "code":"122", "des":"Taints enable a node to repel specific pods to prevent these pods from being scheduled to the node.A taint is a key-value pair associated with an effect. The following ef", "doc_type":"usermanual2", - "kw":"Managing Node Taints,Nodes,User Guide", + "kw":"NoSchedule,PreferNoSchedule,NoExecute,System Taints,Disable Scheduling,unschedulable,Managing Node T", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Managing Node Taints", "githuburl":"" }, { - "uri":"cce_10_0184.html", + "uri":"cce_10_0003.html", + "node_id":"cce_10_0003.xml", "product_code":"cce", - "code":"131", - "des":"Each node in a cluster is a cloud server or physical machine. After a cluster node is created, you can change the cloud server name or specifications as required.Some inf", + "code":"123", + "des":"You can reset a node to modify the node configuration, such as the node OS and login mode.Resetting a node will reinstall the node OS and the Kubernetes software on the n", "doc_type":"usermanual2", - "kw":"Synchronizing Data with Cloud Servers,Nodes,User Guide", + "kw":"reset a node,Resetting a Node,Management Nodes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Resetting a Node", + "githuburl":"" + }, + { + "uri":"cce_10_0338.html", + "node_id":"cce_10_0338.xml", + "product_code":"cce", + "code":"124", + "des":"Removing a node from a cluster will re-install the node OS and clear CCE components on the node.Removing a node will not delete the server corresponding to the node. You ", + "doc_type":"usermanual2", + "kw":"Removing a Node,Management Nodes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Removing a Node", + "githuburl":"" + }, + { + "uri":"cce_10_0184.html", + "node_id":"cce_10_0184.xml", + "product_code":"cce", + "code":"125", + "des":"Each node in a cluster is a cloud server or physical machine. After a cluster node is created, you can change the cloud server name or specifications as required. Modifyi", + "doc_type":"usermanual2", + "kw":"synchronize the ECS,Synchronizing Data with Cloud Servers,Management Nodes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Synchronizing Data with Cloud Servers", "githuburl":"" }, { "uri":"cce_10_0186.html", + "node_id":"cce_10_0186.xml", "product_code":"cce", - "code":"132", + "code":"126", "des":"When a node in a CCE cluster is deleted, services running on the node will also be deleted. Exercise caution when performing this operation.VM nodes that are being used b", "doc_type":"usermanual2", - "kw":"Deleting a Node,Nodes,User Guide", + "kw":"Deleting a Node,Management Nodes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Deleting a Node", "githuburl":"" }, { "uri":"cce_10_0036.html", + "node_id":"cce_10_0036.xml", "product_code":"cce", - "code":"133", + "code":"127", "des":"After a node in the cluster is stopped, services on the node are also stopped. Before stopping a node, ensure that discontinuity of the services on the node will not resu", "doc_type":"usermanual2", - "kw":"Stopping a Node,Nodes,User Guide", + "kw":"Stopping a Node,Management Nodes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Stopping a Node", "githuburl":"" }, { "uri":"cce_10_0276.html", + "node_id":"cce_10_0276.xml", "product_code":"cce", - "code":"134", + "code":"128", "des":"In a rolling upgrade, a new node is created, existing workloads are migrated to the new node, and then the old node is deleted. Figure 1 shows the migration process.The o", "doc_type":"usermanual2", - "kw":"Performing Rolling Upgrade for Nodes,Nodes,User Guide", + "kw":"Performing Rolling Upgrade for Nodes,Management Nodes,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Performing Rolling Upgrade for Nodes", "githuburl":"" }, { - "uri":"cce_10_0035.html", + "uri":"cce_10_0704.html", + "node_id":"cce_10_0704.xml", "product_code":"cce", - "code":"135", + "code":"129", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Node O&M", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Node O&M", + "githuburl":"" + }, + { + "uri":"cce_10_0178.html", + "node_id":"cce_10_0178.xml", + "product_code":"cce", + "code":"130", + "des":"Some node resources are used to run mandatory Kubernetes system components and resources to make the node as part of your cluster. Therefore, the total number of node res", + "doc_type":"usermanual2", + "kw":"total number of node resources,Node Resource Reservation Policy,Node O&M,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Node Resource Reservation Policy", + "githuburl":"" + }, + { + "uri":"cce_10_0341.html", + "node_id":"cce_10_0341.xml", + "product_code":"cce", + "code":"131", + "des":"This section describes how to allocate data disk space to nodes so that you can configure the data disk space accordingly.When creating a node, configure data disks for t", + "doc_type":"usermanual2", + "kw":"data disk space allocation,Container engine and container image space,basesize,basesize,Container St", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Data Disk Space Allocation", + "githuburl":"" + }, + { + "uri":"cce_10_0348.html", + "node_id":"cce_10_0348.xml", + "product_code":"cce", + "code":"132", + "des":"The maximum number of pods that can be created on a node is calculated based on the cluster type:For a cluster using the container tunnel network model, the value depends", + "doc_type":"usermanual2", + "kw":"Maximum Number of Pods on a Node,alpha.cce/fixPoolMask,maximum number of pods,Maximum Number of Pods", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Maximum Number of Pods That Can Be Created on a Node", + "githuburl":"" + }, + { + "uri":"cce_10_0601.html", + "node_id":"cce_10_0601.xml", + "product_code":"cce", + "code":"133", + "des":"Kubernetes has removed dockershim from v1.24 and does not support Docker by default. CCE will continue to support Docker in v1.25 but just till v1.27. The following steps", + "doc_type":"usermanual2", + "kw":"Migrating Nodes from Docker to containerd,Node O&M,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Migrating Nodes from Docker to containerd", + "githuburl":"" + }, + { + "uri":"cce_10_0035.html", + "node_id":"cce_10_0035.xml", + "product_code":"cce", + "code":"134", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Node Pools", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node Pools", "githuburl":"" }, { "uri":"cce_10_0081.html", + "node_id":"cce_10_0081.xml", "product_code":"cce", - "code":"136", + "code":"135", "des":"CCE introduces node pools to help you better manage nodes in Kubernetes clusters. A node pool contains one node or a group of nodes with identical configuration in a clus", "doc_type":"usermanual2", - "kw":"Deploying a Workload in a Specified Node Pool,Node Pool Overview,Node Pools,User Guide", + "kw":"DefaultPool,DefaultPool,Deploying a Workload in a Specified Node Pool,Node Pool Overview,Node Pools,", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node Pool Overview", "githuburl":"" }, { "uri":"cce_10_0012.html", + "node_id":"cce_10_0012.xml", "product_code":"cce", - "code":"137", + "code":"136", "des":"This section describes how to create a node pool and perform operations on the node pool. For details about how a node pool works, see Node Pool Overview.The autoscaler a", "doc_type":"usermanual2", - "kw":"Creating a Node Pool,Node Pools,User Guide", + "kw":"Scale-in cooling interval,Creating a Node Pool,Node Pools,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Creating a Node Pool", "githuburl":"" }, { "uri":"cce_10_0222.html", + "node_id":"cce_10_0222.xml", "product_code":"cce", - "code":"138", + "code":"137", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Managing a Node Pool", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Managing a Node Pool", "githuburl":"" }, - { - "uri":"cce_10_0652.html", - "product_code":"cce", - "code":"139", - "des":"The default node pool DefaultPool does not support the following management operations.CCE allows you to highly customize Kubernetes parameter settings on core components", - "doc_type":"usermanual2", - "kw":"Configuring a Node Pool,Managing a Node Pool,User Guide", - "title":"Configuring a Node Pool", - "githuburl":"" - }, { "uri":"cce_10_0653.html", + "node_id":"cce_10_0653.xml", "product_code":"cce", - "code":"140", - "des":"When editing the resource tags of the node pool. The modified configuration takes effect only for new nodes. To synchronize the configuration to the existing nodes, you n", + "code":"138", + "des":"When editing the resource tags of the node pool. The modified configuration takes effect only for new nodes. To synchronize the configuration to the existing nodes, manua", "doc_type":"usermanual2", "kw":"Updating a Node Pool,Managing a Node Pool,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Updating a Node Pool", "githuburl":"" }, + { + "uri":"cce_10_0652.html", + "node_id":"cce_10_0652.xml", + "product_code":"cce", + "code":"139", + "des":"The default node pool DefaultPool does not support the following management operations.CCE allows you to highly customize Kubernetes parameter settings on core components", + "doc_type":"usermanual2", + "kw":"PIDs,Configuring a Node Pool,Managing a Node Pool,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Configuring a Node Pool", + "githuburl":"" + }, + { + "uri":"cce_10_0655.html", + "node_id":"cce_10_0655.xml", + "product_code":"cce", + "code":"140", + "des":"You can copy the configuration of an existing node pool to create a new node pool on the CCE console.", + "doc_type":"usermanual2", + "kw":"Copying a Node Pool,Managing a Node Pool,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Copying a Node Pool", + "githuburl":"" + }, { "uri":"cce_10_0654.html", + "node_id":"cce_10_0654.xml", "product_code":"cce", "code":"141", "des":"After the configuration of a node pool is updated, some configurations cannot be automatically synchronized for existing nodes. You can manually synchronize configuration", "doc_type":"usermanual2", "kw":"Synchronizing Node Pools,Managing a Node Pool,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Synchronizing Node Pools", "githuburl":"" }, { "uri":"cce_10_0660.html", + "node_id":"cce_10_0660.xml", "product_code":"cce", "code":"142", - "des":"When CCE releases a new OS image, existing nodes cannot be automatically upgraded. You can manually upgrade them in batches.This operation will upgrade the OS by resettin", + "des":"When CCE releases a new OS image, existing nodes cannot be automatically upgraded. You can manually upgrade them in batches.This section describes how to upgrade an OS by", "doc_type":"usermanual2", - "kw":"Upgrading the OS,Managing a Node Pool,User Guide", - "title":"Upgrading the OS", - "githuburl":"" - }, - { - "uri":"cce_10_0655.html", - "product_code":"cce", - "code":"143", - "des":"You can copy the configuration of an existing node pool to create a new node pool on the CCE console.", - "doc_type":"usermanual2", - "kw":"Copying a Node Pool,Managing a Node Pool,User Guide", - "title":"Copying a Node Pool", + "kw":"Upgrading an OS,Managing a Node Pool,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Upgrading an OS", "githuburl":"" }, { "uri":"cce_10_0656.html", + "node_id":"cce_10_0656.xml", "product_code":"cce", - "code":"144", + "code":"143", "des":"Nodes in a node pool can be migrated. Currently, nodes in a node pool can be migrated only to the default node pool (defaultpool) in the same cluster.The migration has no", "doc_type":"usermanual2", "kw":"Migrating a Node,Managing a Node Pool,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Migrating a Node", "githuburl":"" }, { "uri":"cce_10_0657.html", + "node_id":"cce_10_0657.xml", "product_code":"cce", - "code":"145", + "code":"144", "des":"Deleting a node pool will delete nodes in the pool. Pods on these nodes will be automatically migrated to available nodes in other node pools.Deleting a node pool will de", "doc_type":"usermanual2", "kw":"Deleting a Node Pool,Managing a Node Pool,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Deleting a Node Pool", "githuburl":"" }, { "uri":"cce_10_0046.html", + "node_id":"cce_10_0046.xml", "product_code":"cce", - "code":"146", + "code":"145", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Workloads", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Workloads", "githuburl":"" }, { "uri":"cce_10_0006.html", + "node_id":"cce_10_0006.xml", "product_code":"cce", - "code":"147", + "code":"146", "des":"A workload is an application running on Kubernetes. No matter how many components are there in your workload, you can run it in a group of Kubernetes pods. A workload is ", "doc_type":"usermanual2", "kw":"Overview,Workloads,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Overview", "githuburl":"" }, + { + "uri":"cce_10_0673.html", + "node_id":"cce_10_0673.xml", + "product_code":"cce", + "code":"147", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Creating a Workload", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Creating a Workload", + "githuburl":"" + }, { "uri":"cce_10_0047.html", + "node_id":"cce_10_0047.xml", "product_code":"cce", "code":"148", "des":"Deployments are workloads (for example, Nginx) that do not store any data or status. You can create Deployments on the CCE console or by running kubectl commands.Before c", "doc_type":"usermanual2", - "kw":"create a workload using kubectl,Creating a Deployment,Workloads,User Guide", + "kw":"create a workload using kubectl,Creating a Deployment,Creating a Workload,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Creating a Deployment", "githuburl":"" }, { "uri":"cce_10_0048.html", + "node_id":"cce_10_0048.xml", "product_code":"cce", "code":"149", "des":"StatefulSets are a type of workloads whose data or status is stored while they are running. For example, MySQL is a StatefulSet because it needs to store new data.A conta", "doc_type":"usermanual2", - "kw":"Using kubectl,Creating a StatefulSet,Workloads,User Guide", + "kw":"Using kubectl,Creating a StatefulSet,Creating a Workload,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Creating a StatefulSet", "githuburl":"" }, { "uri":"cce_10_0216.html", + "node_id":"cce_10_0216.xml", "product_code":"cce", "code":"150", "des":"CCE provides deployment and management capabilities for multiple types of containers and supports features of container workloads, including creation, configuration, moni", "doc_type":"usermanual2", - "kw":"create a workload using kubectl,Creating a DaemonSet,Workloads,User Guide", + "kw":"create a workload using kubectl,Creating a DaemonSet,Creating a Workload,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Creating a DaemonSet", "githuburl":"" }, { "uri":"cce_10_0150.html", + "node_id":"cce_10_0150.xml", "product_code":"cce", "code":"151", "des":"Jobs are short-lived and run for a certain time to completion. They can be executed immediately after being deployed. It is completed after it exits normally (exit 0).A j", "doc_type":"usermanual2", - "kw":"Creating a Job,Workloads,User Guide", + "kw":"Creating a Job,Creating a Workload,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Creating a Job", "githuburl":"" }, { "uri":"cce_10_0151.html", + "node_id":"cce_10_0151.xml", "product_code":"cce", "code":"152", "des":"A cron job runs on a repeating schedule. You can perform time synchronization for all active nodes at a fixed time point.A cron job runs periodically at the specified tim", "doc_type":"usermanual2", - "kw":"time synchronization,Creating a Cron Job,Workloads,User Guide", + "kw":"time synchronization,Creating a Cron Job,Creating a Workload,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Creating a Cron Job", "githuburl":"" }, { - "uri":"cce_10_0007.html", + "uri":"cce_10_0130.html", + "node_id":"cce_10_0130.xml", "product_code":"cce", "code":"153", - "des":"After a workload is created, you can upgrade, monitor, roll back, or delete the workload, as well as edit its YAML file.Workload/Job managementOperationDescriptionMonitor", - "doc_type":"usermanual2", - "kw":"Managing Workloads and Jobs,Workloads,User Guide", - "title":"Managing Workloads and Jobs", - "githuburl":"" - }, - { - "uri":"cce_10_0130.html", - "product_code":"cce", - "code":"154", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Configuring a Container", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Configuring a Container", "githuburl":"" }, { - "uri":"cce_10_0396.html", + "uri":"cce_10_0354.html", + "node_id":"cce_10_0354.xml", + "product_code":"cce", + "code":"154", + "des":"When creating a workload, you can configure containers to use the same time zone as the node. You can enable time zone synchronization when creating a workload.The time z", + "doc_type":"usermanual2", + "kw":"Configuring Time Zone Synchronization,Configuring a Container,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Configuring Time Zone Synchronization", + "githuburl":"" + }, + { + "uri":"cce_10_0353.html", + "node_id":"cce_10_0353.xml", "product_code":"cce", "code":"155", - "des":"A workload is an abstract model of a group of pods. One pod can encapsulate one or more containers. You can click Add Container in the upper right corner to add multiple ", + "des":"When a workload is created, the container image is pulled from the image repository to the node. The image is also pulled when the workload is restarted or upgraded.By de", "doc_type":"usermanual2", - "kw":"Setting Basic Container Information,Configuring a Container,User Guide", - "title":"Setting Basic Container Information", + "kw":"Configuring an Image Pull Policy,Configuring a Container,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Configuring an Image Pull Policy", "githuburl":"" }, { "uri":"cce_10_0009.html", + "node_id":"cce_10_0009.xml", "product_code":"cce", "code":"156", "des":"CCE allows you to create workloads using images pulled from third-party image repositories.Generally, a third-party image repository can be accessed only after authentica", "doc_type":"usermanual2", - "kw":"Using a Third-Party Image,Configuring a Container,User Guide", - "title":"Using a Third-Party Image", + "kw":"Using Third-Party Images,Configuring a Container,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Using Third-Party Images", "githuburl":"" }, { "uri":"cce_10_0163.html", + "node_id":"cce_10_0163.xml", "product_code":"cce", "code":"157", - "des":"CCE allows you to set resource limits for added containers during workload creation. You can apply for and limit the CPU and memory quotas used by each pod in a workload.", + "des":"CCE allows you to set resource requirements and limits, such as CPU and RAM, for added containers during workload creation. Kubernetes also allows using YAML to set requi", "doc_type":"usermanual2", "kw":"Setting Container Specifications,Configuring a Container,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Setting Container Specifications", "githuburl":"" }, { "uri":"cce_10_0105.html", + "node_id":"cce_10_0105.xml", "product_code":"cce", "code":"158", "des":"CCE provides callback functions for the lifecycle management of containerized applications. For example, if you want a container to perform a certain operation before sto", "doc_type":"usermanual2", "kw":"Startup Command,Post-Start,Pre-Stop,Setting Container Lifecycle Parameters,Configuring a Container,U", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Setting Container Lifecycle Parameters", "githuburl":"" }, { "uri":"cce_10_0112.html", + "node_id":"cce_10_0112.xml", "product_code":"cce", "code":"159", "des":"Health check regularly checks the health status of containers during container running. If the health check function is not configured, a pod cannot detect application ex", "doc_type":"usermanual2", "kw":"Health check,HTTP request,TCP port,CLI,Setting Health Check for a Container,Configuring a Container,", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Setting Health Check for a Container", "githuburl":"" }, { "uri":"cce_10_0113.html", + "node_id":"cce_10_0113.xml", "product_code":"cce", "code":"160", "des":"An environment variable is a variable whose value can affect the way a running container will behave. You can modify environment variables even after workloads are deploy", "doc_type":"usermanual2", "kw":"Setting an Environment Variable,Configuring a Container,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Setting an Environment Variable", "githuburl":"" }, { - "uri":"cce_10_0353.html", + "uri":"cce_10_0397.html", + "node_id":"cce_10_0397.xml", "product_code":"cce", "code":"161", - "des":"When a workload is created, the container image is pulled from the image repository to the node. The image is also pulled when the workload is restarted or upgraded.By de", - "doc_type":"usermanual2", - "kw":"Configuring an Image Pull Policy,Configuring a Container,User Guide", - "title":"Configuring an Image Pull Policy", - "githuburl":"" - }, - { - "uri":"cce_10_0354.html", - "product_code":"cce", - "code":"162", - "des":"When creating a workload, you can configure containers to use the same time zone as the node. You can enable time zone synchronization when creating a workload.The time z", - "doc_type":"usermanual2", - "kw":"Configuring Time Zone Synchronization,Configuring a Container,User Guide", - "title":"Configuring Time Zone Synchronization", - "githuburl":"" - }, - { - "uri":"cce_10_0397.html", - "product_code":"cce", - "code":"163", "des":"In actual applications, upgrade is a common operation. A Deployment, StatefulSet, or DaemonSet can easily support application upgrade.You can set different upgrade polici", "doc_type":"usermanual2", "kw":"Configuring the Workload Upgrade Policy,Configuring a Container,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Configuring the Workload Upgrade Policy", "githuburl":"" }, { "uri":"cce_10_0232.html", + "node_id":"cce_10_0232.xml", "product_code":"cce", - "code":"164", - "des":"A nodeSelector provides a very simple way to constrain pods to nodes with particular labels, as mentioned in Creating a DaemonSet. The affinity and anti-affinity feature ", + "code":"162", + "des":"Kubernetes supports node affinity and pod affinity/anti-affinity. You can configure custom rules to achieve affinity and anti-affinity scheduling. For example, you can de", "doc_type":"usermanual2", "kw":"Scheduling Policy (Affinity/Anti-affinity),Configuring a Container,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Scheduling Policy (Affinity/Anti-affinity)", "githuburl":"" }, { - "uri":"cce_10_0345.html", + "uri":"cce_10_0728.html", + "node_id":"cce_10_0728.xml", "product_code":"cce", - "code":"165", - "des":"You can use GPUs in CCE containers.A GPU node has been created. For details, see Creating a Node.The gpu-beta add-on has been installed. During the installation, select t", + "code":"163", + "des":"Tolerations allow the scheduler to schedule pods to nodes with target taints. Tolerances work with node taints. Each node allows one or more taints. If no tolerance is co", "doc_type":"usermanual2", - "kw":"GPU Scheduling,Workloads,User Guide", - "title":"GPU Scheduling", - "githuburl":"" - }, - { - "uri":"cce_10_0551.html", - "product_code":"cce", - "code":"166", - "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "doc_type":"usermanual2", - "kw":"CPU Core Binding", - "title":"CPU Core Binding", - "githuburl":"" - }, - { - "uri":"cce_10_0351.html", - "product_code":"cce", - "code":"167", - "des":"By default, kubelet uses CFS quotas to enforce pod CPU limits. When the node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether t", - "doc_type":"usermanual2", - "kw":"Binding CPU Cores,CPU Core Binding,User Guide", - "title":"Binding CPU Cores", - "githuburl":"" - }, - { - "uri":"cce_10_00356.html", - "product_code":"cce", - "code":"168", - "des":"If you encounter unexpected problems when using a container, you can log in to the container for debugging.The example output is as follows:NAME ", - "doc_type":"usermanual2", - "kw":"Accessing a Container,Workloads,User Guide", - "title":"Accessing a Container", + "kw":"Taints and Tolerations,Configuring a Container,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Taints and Tolerations", "githuburl":"" }, { "uri":"cce_10_0386.html", + "node_id":"cce_10_0386.xml", "product_code":"cce", - "code":"169", + "code":"164", "des":"CCE allows you to add annotations to a YAML file to realize some advanced pod functions. The following table describes the annotations you can add.When you create a workl", "doc_type":"usermanual2", - "kw":"Pod Labels and Annotations,Workloads,User Guide", - "title":"Pod Labels and Annotations", + "kw":"Labels and Annotations,Configuring a Container,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Labels and Annotations", "githuburl":"" }, { - "uri":"cce_10_0423.html", + "uri":"cce_10_00356.html", + "node_id":"cce_10_00356.xml", + "product_code":"cce", + "code":"165", + "des":"If you encounter unexpected problems when using a container, you can log in to the container to debug it.The example output is as follows:NAME ", + "doc_type":"usermanual2", + "kw":"Accessing a Container,Workloads,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Accessing a Container", + "githuburl":"" + }, + { + "uri":"cce_10_0007.html", + "node_id":"cce_10_0007.xml", + "product_code":"cce", + "code":"166", + "des":"After a workload is created, you can upgrade, monitor, roll back, or delete the workload, as well as edit its YAML file.Workload/Job managementOperationDescriptionMonitor", + "doc_type":"usermanual2", + "kw":"Managing Workloads and Jobs,Workloads,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Managing Workloads and Jobs", + "githuburl":"" + }, + { + "uri":"cce_10_0463.html", + "node_id":"cce_10_0463.xml", + "product_code":"cce", + "code":"167", + "des":"The most significant difference is that each Kata container (pod) runs on an independent micro-VM, has an independent OS kernel, and is securely isolated at the virtualiz", + "doc_type":"usermanual2", + "kw":"Kata Runtime and Common Runtime,Workloads,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Kata Runtime and Common Runtime", + "githuburl":"" + }, + { + "uri":"cce_10_0674.html", + "node_id":"cce_10_0674.xml", + "product_code":"cce", + "code":"168", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Scheduling", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Scheduling", + "githuburl":"" + }, + { + "uri":"cce_10_0702.html", + "node_id":"cce_10_0702.xml", + "product_code":"cce", + "code":"169", + "des":"CCE supports different types of resource scheduling and task scheduling, improving application performance and overall cluster resource utilization. This section describe", + "doc_type":"usermanual2", + "kw":"Overview,Scheduling,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Overview", + "githuburl":"" + }, + { + "uri":"cce_10_0551.html", + "node_id":"cce_10_0551.xml", "product_code":"cce", "code":"170", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", + "kw":"CPU Scheduling", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"CPU Scheduling", + "githuburl":"" + }, + { + "uri":"cce_10_0351.html", + "node_id":"cce_10_0351.xml", + "product_code":"cce", + "code":"171", + "des":"By default, kubelet uses CFS quotas to enforce pod CPU limits. When the node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether t", + "doc_type":"usermanual2", + "kw":"CPU Policy,CPU Scheduling,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"CPU Policy", + "githuburl":"" + }, + { + "uri":"cce_10_0720.html", + "node_id":"cce_10_0720.xml", + "product_code":"cce", + "code":"172", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"GPU Scheduling", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"GPU Scheduling", + "githuburl":"" + }, + { + "uri":"cce_10_0345.html", + "node_id":"cce_10_0345.xml", + "product_code":"cce", + "code":"173", + "des":"You can use GPUs in CCE containers.A GPU node has been created. For details, see Creating a Node.The gpu-device-plugin (previously gpu-beta add-on) has been installed. Du", + "doc_type":"usermanual2", + "kw":"Default GPU Scheduling in Kubernetes,GPU Scheduling,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Default GPU Scheduling in Kubernetes", + "githuburl":"" + }, + { + "uri":"cce_10_0423.html", + "node_id":"cce_10_0423.xml", + "product_code":"cce", + "code":"174", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", "kw":"Volcano Scheduling", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Volcano Scheduling", "githuburl":"" }, { - "uri":"cce_10_0384.html", + "uri":"cce_10_0425.html", + "node_id":"cce_10_0425.xml", "product_code":"cce", - "code":"171", - "des":"Jobs can be classified into online jobs and offline jobs based on whether services are always online.Online job: Such jobs run for a long time, with regular traffic surge", + "code":"175", + "des":"When the node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the pod is throttled and which CPU cores are available at schedu", "doc_type":"usermanual2", - "kw":"Hybrid Deployment of Online and Offline Jobs,Volcano Scheduling,User Guide", - "title":"Hybrid Deployment of Online and Offline Jobs", + "kw":"NUMA Affinity Scheduling,Volcano Scheduling,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"NUMA Affinity Scheduling", "githuburl":"" }, { - "uri":"cce_10_0288.html", + "uri":"cce_10_0709.html", + "node_id":"cce_10_0709.xml", "product_code":"cce", - "code":"172", - "des":"When the Cloud Native Network 2.0 model is used, pods use VPC ENIs or sub-ENIs for networking. You can directly bind security groups and EIPs to pods. CCE provides a cust", + "code":"176", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", - "kw":"Security Group Policies,Workloads,User Guide", - "title":"Security Group Policies", + "kw":"Cloud Native Hybrid Deployment", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Cloud Native Hybrid Deployment", + "githuburl":"" + }, + { + "uri":"cce_10_0384.html", + "node_id":"cce_10_0384.xml", + "product_code":"cce", + "code":"177", + "des":"Many services see surges in traffic. To ensure performance and stability, resources are often requested at the maximum needed. However, the surges may ebb very shortly an", + "doc_type":"usermanual2", + "kw":"Dynamic Resource Oversubscription,Cloud Native Hybrid Deployment,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Dynamic Resource Oversubscription", "githuburl":"" }, { "uri":"cce_10_0020.html", + "node_id":"cce_10_0020.xml", "product_code":"cce", - "code":"173", + "code":"178", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", - "kw":"Networking", - "title":"Networking", + "kw":"Network", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Network", "githuburl":"" }, { "uri":"cce_10_0010.html", + "node_id":"cce_10_0010.xml", "product_code":"cce", - "code":"174", + "code":"179", "des":"You can learn about a cluster network from the following two aspects:What is a cluster network like? A cluster consists of multiple nodes, and pods (or containers) are ru", "doc_type":"usermanual2", - "kw":"Overview,Networking,User Guide", + "kw":"Overview,Network,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Overview", "githuburl":"" }, { "uri":"cce_10_0280.html", + "node_id":"cce_10_0280.xml", "product_code":"cce", - "code":"175", + "code":"180", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Container Network Models", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Container Network Models", "githuburl":"" }, { "uri":"cce_10_0281.html", + "node_id":"cce_10_0281.xml", "product_code":"cce", - "code":"176", - "des":"The container network assigns IP addresses to pods in a cluster and provides networking services. In CCE, you can select the following network models for your cluster:Con", + "code":"181", + "des":"The container network assigns IP addresses to pods in a cluster and provides networking services. In CCE, you can select the following network models for your cluster:Tun", "doc_type":"usermanual2", "kw":"Overview,Container Network Models,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Overview", "githuburl":"" }, { "uri":"cce_10_0282.html", + "node_id":"cce_10_0282.xml", "product_code":"cce", - "code":"177", + "code":"182", "des":"The container tunnel network is constructed on but independent of the node network through tunnel encapsulation. This network model uses VXLAN to encapsulate Ethernet pac", "doc_type":"usermanual2", "kw":"Container Tunnel Network,Container Network Models,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Container Tunnel Network", "githuburl":"" }, { "uri":"cce_10_0283.html", + "node_id":"cce_10_0283.xml", "product_code":"cce", - "code":"178", + "code":"183", "des":"The VPC network uses VPC routing to integrate with the underlying network. This network model is suitable for performance-intensive scenarios. The maximum number of nodes", "doc_type":"usermanual2", "kw":"VPC Network,Container Network Models,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"VPC Network", "githuburl":"" }, { "uri":"cce_10_0284.html", + "node_id":"cce_10_0284.xml", "product_code":"cce", - "code":"179", - "des":"Developed by CCE, Cloud Native Network 2.0 deeply integrates Elastic Network Interfaces (ENIs) and sub-ENIs of Virtual Private Cloud (VPC). Container IP addresses are all", + "code":"184", + "des":"Developed by CCE, Cloud Native 2.0 network deeply integrates Elastic Network Interfaces (ENIs) and sub-ENIs of Virtual Private Cloud (VPC). Container IP addresses are all", "doc_type":"usermanual2", - "kw":"Cloud Native Network 2.0,Container Network Models,User Guide", - "title":"Cloud Native Network 2.0", + "kw":"Cloud Native 2.0 Network,Container Network Models,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Cloud Native 2.0 Network", "githuburl":"" }, { "uri":"cce_10_0247.html", + "node_id":"cce_10_0247.xml", "product_code":"cce", - "code":"180", + "code":"185", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", - "kw":"Services", - "title":"Services", + "kw":"Service", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Service", "githuburl":"" }, { "uri":"cce_10_0249.html", + "node_id":"cce_10_0249.xml", "product_code":"cce", - "code":"181", - "des":"After a pod is created, the following problems may occur if you directly access the pod:The pod can be deleted and recreated at any time by a controller such as a Deploym", + "code":"186", + "des":"After a pod is created, the following problems may occur if you directly access to the pod:The pod can be deleted and created again at any time by a controller such as a ", "doc_type":"usermanual2", - "kw":"Service Overview,Services,User Guide", - "title":"Service Overview", + "kw":"Overview,Service,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Overview", "githuburl":"" }, { "uri":"cce_10_0011.html", + "node_id":"cce_10_0011.xml", "product_code":"cce", - "code":"182", + "code":"187", "des":"ClusterIP Services allow workloads in the same cluster to use their cluster-internal domain names to access each other.The cluster-internal domain name format is Deployments or StatefulSets in the navigation pane ", + "des":"On the CCE console, you can upload a Helm chart package, deploy it, and manage the deployed pods.The number of charts that can be uploaded by a single user is limited. Th", "doc_type":"usermanual2", - "kw":"Fault Locating and Troubleshooting for Abnormal Workloads,Workload Abnormalities,User Guide", - "title":"Fault Locating and Troubleshooting for Abnormal Workloads", + "kw":"Deploying an Application from a Chart,Helm Chart,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Deploying an Application from a Chart", "githuburl":"" }, { - "uri":"cce_faq_00098.html", + "uri":"cce_10_0421.html", + "node_id":"cce_10_0421.xml", "product_code":"cce", "code":"304", - "des":"Viewing K8s Event InformationCheck Item 1: Checking Whether a Node Is Available in the ClusterCheck Item 2: Checking Whether Node Resources (CPU and Memory) Are Sufficien", + "des":"Helm v2 stops at version 2.17.0. Currently, Helm v3 is the standard in the Helm community. You are advised to switch your charts to Helm v3 format as soon as possible.Cha", "doc_type":"usermanual2", - "kw":"workload,InstanceSchedulingFailed,Failed to Schedule an Instance,Workload Abnormalities,User Guide", - "title":"Failed to Schedule an Instance", + "kw":"Differences Between Helm v2 and Helm v3 and Adaptation Solutions,Helm Chart,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Differences Between Helm v2 and Helm v3 and Adaptation Solutions", "githuburl":"" }, { - "uri":"cce_faq_00015.html", + "uri":"cce_10_0420.html", + "node_id":"cce_10_0420.xml", "product_code":"cce", "code":"305", - "des":"If the workload details page displays an event indicating that image pulling fails, perform the following operations to locate the fault:Check Item 1: Checking Whether im", + "des":"The Kubernetes cluster created on CCE has been connected to kubectl. For details, see Using kubectl.This section uses Helm v2.17.0 as an example.For other versions, visit", "doc_type":"usermanual2", - "kw":"workload,Failed to Pull an Image,Workload Abnormalities,User Guide", - "title":"Failed to Pull an Image", + "kw":"Deploying an Application Through the Helm v2 Client,Helm Chart,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Deploying an Application Through the Helm v2 Client", "githuburl":"" }, { - "uri":"cce_faq_00018.html", + "uri":"cce_10_0144.html", + "node_id":"cce_10_0144.xml", "product_code":"cce", "code":"306", - "des":"On the details page of a workload, if an event is displayed indicating that the container fails to be restarted, perform the following operations to locate the fault:Rect", + "des":"The Kubernetes cluster created on CCE has been connected to kubectl. For details, see Using kubectl.This section uses Helm v3.3.0 as an example.For other versions, visit ", "doc_type":"usermanual2", - "kw":"Failed to Restart a Container,Workload Abnormalities,User Guide", - "title":"Failed to Restart a Container", + "kw":"Deploying an Application Through the Helm v3 Client,Helm Chart,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Deploying an Application Through the Helm v3 Client", "githuburl":"" }, { - "uri":"cce_faq_00209.html", + "uri":"cce_10_0422.html", + "node_id":"cce_10_0422.xml", "product_code":"cce", "code":"307", - "des":"Pod actions are classified into the following two types:kube-controller-manager periodically checks the status of all nodes. If a node is in the NotReady state for a peri", + "des":"CCE fully supports Helm v3. This section guides you to convert a Helm v2 release to Helm v3. Helm v3 discards or reconstructs some Helm v2 functions at the bottom layer. ", "doc_type":"usermanual2", - "kw":"What Should I Do If An Evicted Pod Exists?,Workload Abnormalities,User Guide", - "title":"What Should I Do If An Evicted Pod Exists?", + "kw":"Converting a Release from Helm v2 to v3,Helm Chart,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Converting a Release from Helm v2 to v3", "githuburl":"" }, { - "uri":"cce_faq_00140.html", + "uri":"cce_10_0164.html", + "node_id":"cce_10_0164.xml", "product_code":"cce", "code":"308", - "des":"When a node is faulty, pods on the node are evicted to ensure workload availability. If the pods are not evicted when the node is faulty, perform the following steps:Use ", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", - "kw":"Instance Eviction Exception,Workload Abnormalities,User Guide", - "title":"Instance Eviction Exception", + "kw":"Permissions", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Permissions", "githuburl":"" }, { - "uri":"cce_faq_00210.html", + "uri":"cce_10_0187.html", + "node_id":"cce_10_0187.xml", "product_code":"cce", "code":"309", - "des":"When a node is in the Unavailable state, CCE migrates container pods on the node and sets the pods running on the node to the Terminating state.After the node is restored", + "des":"CCE permissions management allows you to assign permissions to IAM users and user groups under your tenant accounts. CCE combines the advantages of Identity and Access Ma", "doc_type":"usermanual2", - "kw":"What Should I Do If Pods in the Terminating State Cannot Be Deleted?,Workload Abnormalities,User Gui", - "title":"What Should I Do If Pods in the Terminating State Cannot Be Deleted?", + "kw":"Permissions Overview,Permissions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Permissions Overview", "githuburl":"" }, { - "uri":"cce_faq_00012.html", + "uri":"cce_10_0188.html", + "node_id":"cce_10_0188.xml", "product_code":"cce", "code":"310", - "des":"The metadata.enable field in the YAML file of the workload is false. As a result, the pod of the workload is deleted and the workload is in the stopped status.The workloa", + "des":"CCE cluster-level permissions are assigned based on IAM system policies and custom policies. You can use user groups to assign permissions to IAM users.Cluster permission", "doc_type":"usermanual2", - "kw":"What Should I Do If a Workload Is Stopped Caused by Pod Deletion?,Workload Abnormalities,User Guide", - "title":"What Should I Do If a Workload Is Stopped Caused by Pod Deletion?", + "kw":"Cluster Permissions (IAM-based),Permissions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Cluster Permissions (IAM-based)", "githuburl":"" }, { - "uri":"cce_faq_00005.html", + "uri":"cce_10_0189.html", + "node_id":"cce_10_0189.xml", "product_code":"cce", "code":"311", - "des":"The pod remains in the creating state for a long time, and the sandbox-related errors are reported.Select a troubleshooting method for your cluster:Clusters of V1.13 or l", + "des":"You can regulate users' or user groups' access to Kubernetes resources in a single namespace based on their Kubernetes RBAC roles. The RBAC API declares four kinds of Kub", "doc_type":"usermanual2", - "kw":"What Should I Do If Sandbox-Related Errors Are Reported When the Pod Remains in the Creating State?,", - "title":"What Should I Do If Sandbox-Related Errors Are Reported When the Pod Remains in the Creating State?", + "kw":"Namespace Permissions (Kubernetes RBAC-based),Permissions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Namespace Permissions (Kubernetes RBAC-based)", "githuburl":"" }, { - "uri":"cce_faq_00199.html", + "uri":"cce_10_0245.html", + "node_id":"cce_10_0245.xml", "product_code":"cce", "code":"312", - "des":"Workload pods in the cluster fail and are being redeployed constantly.After the following command is run, the command output shows that many pods are in the evicted state", + "des":"The conventional distributed task scheduling mode is being replaced by Kubernetes. CCE allows you to easily deploy, manage, and scale containerized applications in the cl", "doc_type":"usermanual2", - "kw":"What Should I Do If a Pod Is in the Evicted State?,Workload Abnormalities,User Guide", - "title":"What Should I Do If a Pod Is in the Evicted State?", + "kw":"Example: Designing and Configuring Permissions for Users in a Department,Permissions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Example: Designing and Configuring Permissions for Users in a Department", "githuburl":"" }, { - "uri":"cce_faq_00002.html", + "uri":"cce_10_0190.html", + "node_id":"cce_10_0190.xml", "product_code":"cce", "code":"313", - "des":"If a node has sufficient memory resources, a container on this node can use more memory resources than requested, but no more than limited. If the memory allocated to a c", + "des":"Some CCE permissions policies depend on the policies of other cloud services. To view or use other cloud resources on the CCE console, enable the system policy access con", "doc_type":"usermanual2", - "kw":"What Should I Do If the OOM Killer Is Triggered When a Container Uses Memory Resources More Than Lim", - "title":"What Should I Do If the OOM Killer Is Triggered When a Container Uses Memory Resources More Than Limited?", + "kw":"Permission Dependency of the CCE Console,Permissions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Permission Dependency of the CCE Console", "githuburl":"" }, { - "uri":"cce_faq_00202.html", + "uri":"cce_10_0465.html", + "node_id":"cce_10_0465.xml", "product_code":"cce", "code":"314", - "des":"A workload can be accessed from public networks through a load balancer. LoadBalancer provides higher reliability than EIP-based NodePort because an EIP is no longer boun", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", - "kw":"What Should I Do If a Service Released in a Workload Cannot Be Accessed from Public Networks?,Refere", - "title":"What Should I Do If a Service Released in a Workload Cannot Be Accessed from Public Networks?", + "kw":"Pod Security", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Pod Security", "githuburl":"" }, { - "uri":"cce_faq_00266.html", + "uri":"cce_10_0275.html", + "node_id":"cce_10_0275.xml", "product_code":"cce", "code":"315", - "des":"A VPC is similar to a private local area network (LAN) managed by a home gateway whose IP address is 192.168.0.0/16. A VPC is a private network built on the cloud and pro", + "des":"A pod security policy (PSP) is a cluster-level resource that controls sensitive security aspects of the pod specification. The PodSecurityPolicy object in Kubernetes defi", "doc_type":"usermanual2", - "kw":"VPC,cluster,nodes,What Is the Relationship Between Clusters, VPCs, and Subnets?,Reference,User Guide", - "title":"What Is the Relationship Between Clusters, VPCs, and Subnets?", + "kw":"Configuring a Pod Security Policy,Pod Security,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Configuring a Pod Security Policy", "githuburl":"" }, { - "uri":"cce_faq_00265.html", + "uri":"cce_10_0466.html", + "node_id":"cce_10_0466.xml", "product_code":"cce", "code":"316", - "des":"CCE is a universal container platform. Its default security group rules apply to common scenarios. Based on security requirements, you can harden the security group rules", + "des":"Before using pod security admission, understand Kubernetes Pod Security Standards. These standards define different isolation levels for pods. They let you define how you", "doc_type":"usermanual2", - "kw":"How Do I Harden the VPC Security Group Rules for CCE Cluster Nodes?,Reference,User Guide", - "title":"How Do I Harden the VPC Security Group Rules for CCE Cluster Nodes?", + "kw":"Configuring Pod Security Admission,Pod Security,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Configuring Pod Security Admission", "githuburl":"" }, { - "uri":"cce_bestpractice.html", + "uri":"cce_10_0477.html", + "node_id":"cce_10_0477.xml", "product_code":"cce", "code":"317", + "des":"In clusters earlier than v1.21, a token is obtained by mounting the secret of the service account to a pod. Tokens obtained this way are permanent. This approach is no lo", + "doc_type":"usermanual2", + "kw":"Service Account Token Security Improvement,Permissions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"Yes", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Service Account Token Security Improvement", + "githuburl":"" + }, + { + "uri":"cce_bestpractice_0000.html", + "node_id":"cce_bestpractice_0000.xml", + "product_code":"cce", + "code":"318", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Best Practice", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "opensource":"true", + "documenttype":"usermanual2", + "IsMulti":"Yes" + } + ], "title":"Best Practice", "githuburl":"" }, { "uri":"cce_bestpractice_00006.html", + "node_id":"cce_bestpractice_00006.xml", "product_code":"cce", - "code":"318", + "code":"319", "des":"Security, efficiency, stability, and availability are common requirements on all cloud services. To meet these requirements, the system availability, data reliability, an", "doc_type":"usermanual2", "kw":"Checklist for Deploying Containerized Applications in the Cloud,Best Practice,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Checklist for Deploying Containerized Applications in the Cloud", "githuburl":"" }, { "uri":"cce_bestpractice_0321.html", + "node_id":"cce_bestpractice_0321.xml", "product_code":"cce", - "code":"319", + "code":"320", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Containerization", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Containerization", "githuburl":"" }, { "uri":"cce_bestpractice_0001.html", + "node_id":"cce_bestpractice_0001.xml", "product_code":"cce", - "code":"320", + "code":"321", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Containerizing an Enterprise Application (ERP)", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Containerizing an Enterprise Application (ERP)", "githuburl":"" }, { "uri":"cce_bestpractice_0002.html", + "node_id":"cce_bestpractice_0002.xml", "product_code":"cce", - "code":"321", + "code":"322", "des":"This chapter provides CCE best practices to walk you through the application containerization.A container is a lightweight high-performance resource isolation mechanism i", "doc_type":"usermanual2", "kw":"enterprise resource planning (ERP),Solution Overview,Containerizing an Enterprise Application (ERP),", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Solution Overview", "githuburl":"" }, { "uri":"cce_bestpractice_0340.html", + "node_id":"cce_bestpractice_0340.xml", "product_code":"cce", - "code":"322", + "code":"323", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Procedure", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Procedure", "githuburl":"" }, { "uri":"cce_bestpractice_0003.html", + "node_id":"cce_bestpractice_0003.xml", "product_code":"cce", - "code":"323", + "code":"324", "des":"This tutorial describes how to containerize an ERP system by migrating it from a VM to CCE.No recoding or re-architecting is required. You only need to pack the entire ap", "doc_type":"usermanual2", "kw":"Containerizing an Entire Application,Procedure,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Containerizing an Entire Application", "githuburl":"" }, { "uri":"cce_bestpractice_0004.html", + "node_id":"cce_bestpractice_0004.xml", "product_code":"cce", - "code":"324", + "code":"325", "des":"The following figure illustrates the process of containerizing an application.", "doc_type":"usermanual2", "kw":"Containerization Process,Procedure,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Containerization Process", "githuburl":"" }, { "uri":"cce_bestpractice_0005.html", + "node_id":"cce_bestpractice_0005.xml", "product_code":"cce", - "code":"325", - "des":"Before containerizing an application, you need to analyze the running environment and dependencies of the application, and get familiar with the application deployment mo", + "code":"326", + "des":"Before containerizing an application, analyze the running environment and dependencies of the application, and get familiar with the application deployment mode. For deta", "doc_type":"usermanual2", "kw":"containerizing an application,Analyzing the Application,Procedure,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Analyzing the Application", "githuburl":"" }, { "uri":"cce_bestpractice_0006.html", + "node_id":"cce_bestpractice_0006.xml", "product_code":"cce", - "code":"326", - "des":"After application analysis, you have gained the understanding of the OS and runtime required for running the application. You need to make the following preparations:Inst", + "code":"327", + "des":"After application analysis, you have gained the understanding of the OS and runtime required for running the application. Make the following preparations:Installing Docke", "doc_type":"usermanual2", "kw":"Preparing the Application Runtime,Procedure,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Preparing the Application Runtime", "githuburl":"" }, { "uri":"cce_bestpractice_0007.html", + "node_id":"cce_bestpractice_0007.xml", "product_code":"cce", - "code":"327", - "des":"During application containerization, you need to prepare a startup script. The method of compiling this script is the same as that of compiling a shell script. The startu", + "code":"328", + "des":"During application containerization, prepare a startup script. The method of compiling this script is the same as that of compiling a shell script. The startup script is ", "doc_type":"usermanual2", "kw":"Compiling a Startup Script,Procedure,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Compiling a Startup Script", "githuburl":"" }, { "uri":"cce_bestpractice_0008.html", + "node_id":"cce_bestpractice_0008.xml", "product_code":"cce", - "code":"328", + "code":"329", "des":"An image is the basis of a container. A container runs based on the content defined in the image. An image has multiple layers. Each layer includes the modifications made", "doc_type":"usermanual2", "kw":"Compiling the Dockerfile,Procedure,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Compiling the Dockerfile", "githuburl":"" }, { "uri":"cce_bestpractice_0009.html", + "node_id":"cce_bestpractice_0009.xml", "product_code":"cce", - "code":"329", + "code":"330", "des":"This section describes how to build an entire application into a Docker image. After building an image, you can use the image to deploy and upgrade the application. This ", "doc_type":"usermanual2", "kw":"Building and Uploading an Image,Procedure,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Building and Uploading an Image", "githuburl":"" }, { "uri":"cce_bestpractice_0010.html", + "node_id":"cce_bestpractice_0010.xml", "product_code":"cce", - "code":"330", + "code":"331", "des":"This section describes how to deploy a workload on CCE. When using CCE for the first time, create an initial cluster and add a node into the cluster.Containerized workloa", "doc_type":"usermanual2", "kw":"Creating a Container Workload,Procedure,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Creating a Container Workload", "githuburl":"" }, { "uri":"cce_bestpractice_00237.html", + "node_id":"cce_bestpractice_00237.xml", "product_code":"cce", - "code":"331", + "code":"332", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Migration", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Migration", "githuburl":"" }, { "uri":"cce_bestpractice_0306.html", + "node_id":"cce_bestpractice_0306.xml", "product_code":"cce", - "code":"332", + "code":"333", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Migrating On-premises Kubernetes Clusters to CCE", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Migrating On-premises Kubernetes Clusters to CCE", "githuburl":"" }, { "uri":"cce_bestpractice_0307.html", + "node_id":"cce_bestpractice_0307.xml", "product_code":"cce", - "code":"333", + "code":"334", "des":"Containers are growing in popularity and Kubernetes simplifies containerized deployment. Many companies choose to build their own Kubernetes clusters. However, the O&M wo", "doc_type":"usermanual2", "kw":"Solution Overview,Migrating On-premises Kubernetes Clusters to CCE,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Solution Overview", "githuburl":"" }, { "uri":"cce_bestpractice_0308.html", + "node_id":"cce_bestpractice_0308.xml", "product_code":"cce", - "code":"334", + "code":"335", "des":"CCE allows you to customize cluster resources to meet various service requirements. Table 1 lists the key performance parameters of a cluster and provides the planned val", "doc_type":"usermanual2", "kw":"Planning Resources for the Target Cluster,Migrating On-premises Kubernetes Clusters to CCE,User Guid", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Planning Resources for the Target Cluster", "githuburl":"" }, { "uri":"cce_bestpractice_0309.html", + "node_id":"cce_bestpractice_0309.xml", "product_code":"cce", - "code":"335", + "code":"336", "des":"If your migration does not involve resources outside a cluster listed in Table 1 or you do not need to use other services to update resources after the migration, skip th", "doc_type":"usermanual2", "kw":"Migrating Resources Outside a Cluster,Migrating On-premises Kubernetes Clusters to CCE,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Migrating Resources Outside a Cluster", "githuburl":"" }, { "uri":"cce_bestpractice_0310.html", + "node_id":"cce_bestpractice_0310.xml", "product_code":"cce", - "code":"336", + "code":"337", "des":"Velero is an open-source backup and migration tool for Kubernetes clusters. It integrates the persistent volume (PV) data backup capability of the Restic tool and can be ", "doc_type":"usermanual2", "kw":"Installing the Migration Tool,Migrating On-premises Kubernetes Clusters to CCE,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Installing the Migration Tool", "githuburl":"" }, { "uri":"cce_bestpractice_0311.html", + "node_id":"cce_bestpractice_0311.xml", "product_code":"cce", - "code":"337", + "code":"338", "des":"WordPress is used as an example to describe how to migrate an application from an on-premises Kubernetes cluster to a CCE cluster. The WordPress application consists of t", "doc_type":"usermanual2", "kw":"Migrating Resources in a Cluster,Migrating On-premises Kubernetes Clusters to CCE,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Migrating Resources in a Cluster", "githuburl":"" }, { "uri":"cce_bestpractice_0312.html", + "node_id":"cce_bestpractice_0312.xml", "product_code":"cce", - "code":"338", + "code":"339", "des":"The WordPress and MySQL images used in this example can be pulled from SWR. Therefore, the image pull failure (ErrImagePull) will not occur. If the application to be migr", "doc_type":"usermanual2", "kw":"Updating Resources Accordingly,Migrating On-premises Kubernetes Clusters to CCE,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Updating Resources Accordingly", "githuburl":"" }, { "uri":"cce_bestpractice_0313.html", + "node_id":"cce_bestpractice_0313.xml", "product_code":"cce", - "code":"339", + "code":"340", "des":"Cluster migration involves full migration of application data, which may cause intra-application adaptation problems. In this example, after the cluster is migrated, the ", "doc_type":"usermanual2", "kw":"Performing Additional Tasks,Migrating On-premises Kubernetes Clusters to CCE,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Performing Additional Tasks", "githuburl":"" }, { "uri":"cce_bestpractice_0314.html", + "node_id":"cce_bestpractice_0314.xml", "product_code":"cce", - "code":"340", + "code":"341", "des":"Both HostPath and Local volumes are local storage volumes. However, the Restic tool integrated in Velero cannot back up the PVs of the HostPath type and supports only the", "doc_type":"usermanual2", "kw":"Troubleshooting,Migrating On-premises Kubernetes Clusters to CCE,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Troubleshooting", "githuburl":"" }, { "uri":"cce_bestpractice_0322.html", + "node_id":"cce_bestpractice_0322.xml", "product_code":"cce", - "code":"341", + "code":"342", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"DevOps", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"DevOps", "githuburl":"" }, { "uri":"cce_bestpractice_0324.html", + "node_id":"cce_bestpractice_0324.xml", "product_code":"cce", - "code":"342", + "code":"343", "des":"GitLab is an open-source version management system developed with Ruby on Rails for Git project repository management. It supports web-based access to public and private ", "doc_type":"usermanual2", "kw":"Interconnecting GitLab with SWR and CCE for CI/CD,DevOps,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Interconnecting GitLab with SWR and CCE for CI/CD", "githuburl":"" }, { "uri":"cce_bestpractice_0323.html", + "node_id":"cce_bestpractice_0323.xml", "product_code":"cce", - "code":"343", + "code":"344", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Disaster Recovery", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Disaster Recovery", "githuburl":"" }, { "uri":"cce_bestpractice_00220.html", + "node_id":"cce_bestpractice_00220.xml", "product_code":"cce", - "code":"344", - "des":"To achieve high availability for your CCE containers, you can do as follows:Deploy three master nodes for the cluster.When nodes are deployed across AZs, set custom sched", + "code":"345", + "des":"To achieve high availability for your CCE containers, you can do as follows:Deploy three master nodes for the cluster.Create nodes in different AZs. When nodes are deploy", "doc_type":"usermanual2", - "kw":"Implementing High Availability for Containers in CCE,Disaster Recovery,User Guide", - "title":"Implementing High Availability for Containers in CCE", + "kw":"Implementing High Availability for Applications in CCE,Disaster Recovery,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Implementing High Availability for Applications in CCE", "githuburl":"" }, { "uri":"cce_bestpractice_0315.html", + "node_id":"cce_bestpractice_0315.xml", "product_code":"cce", - "code":"345", + "code":"346", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Security", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Security", "githuburl":"" }, { "uri":"cce_bestpractice_0317.html", + "node_id":"cce_bestpractice_0317.xml", "product_code":"cce", - "code":"346", + "code":"347", "des":"For security purposes, you are advised to configure a cluster as follows.Kubernetes releases a major version in about four months. CCE follows the same frequency as Kuber", "doc_type":"usermanual2", "kw":"Cluster Security,Security,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Cluster Security", "githuburl":"" }, { "uri":"cce_bestpractice_0318.html", + "node_id":"cce_bestpractice_0318.xml", "product_code":"cce", - "code":"347", + "code":"348", "des":"Do not bind an EIP to a node unless necessary to reduce the attack surface.If an EIP must be used, properly configure the firewall or security group rules to restrict acc", "doc_type":"usermanual2", "kw":"Node Security,Security,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Node Security", "githuburl":"" }, { "uri":"cce_bestpractice_0319.html", + "node_id":"cce_bestpractice_0319.xml", "product_code":"cce", - "code":"348", + "code":"349", "des":"The nodeSelector or nodeAffinity is used to limit the range of nodes to which applications can be scheduled, preventing the entire cluster from being threatened due to th", "doc_type":"usermanual2", "kw":"Container Security,Security,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Container Security", "githuburl":"" }, { "uri":"cce_bestpractice_0320.html", + "node_id":"cce_bestpractice_0320.xml", "product_code":"cce", - "code":"349", + "code":"350", "des":"Currently, CCE has configured static encryption for secret resources. The secrets created by users will be encrypted and stored in etcd of the CCE cluster. Secrets can be", "doc_type":"usermanual2", "kw":"Secret Security,Security,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Secret Security", "githuburl":"" }, { "uri":"cce_bestpractice_0090.html", + "node_id":"cce_bestpractice_0090.xml", "product_code":"cce", - "code":"350", + "code":"351", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Auto Scaling", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Auto Scaling", "githuburl":"" }, { "uri":"cce_bestpractice_00282.html", + "node_id":"cce_bestpractice_00282.xml", "product_code":"cce", - "code":"351", - "des":"The best way to handle surging traffic is to automatically adjust the number of machines based on the traffic volume or resource usage, which is called scaling.In CCE, th", + "code":"352", + "des":"The best way to handle surging traffic is to automatically adjust the number of machines based on the traffic volume or resource usage, which is called scaling.When pods ", "doc_type":"usermanual2", "kw":"Using HPA and CA for Auto Scaling of Workloads and Nodes,Auto Scaling,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Using HPA and CA for Auto Scaling of Workloads and Nodes", "githuburl":"" }, { "uri":"cce_bestpractice_10008.html", + "node_id":"cce_bestpractice_10008.xml", "product_code":"cce", - "code":"352", + "code":"353", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Monitoring", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Monitoring", "githuburl":"" }, { "uri":"cce_bestpractice_10009.html", + "node_id":"cce_bestpractice_10009.xml", "product_code":"cce", - "code":"353", + "code":"354", "des":"Generally, a user has different clusters for different purposes, such as production, testing, and development. To monitor, collect, and view metrics of these clusters, yo", "doc_type":"usermanual2", "kw":"Using Prometheus for Multi-cluster Monitoring,Monitoring,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Using Prometheus for Multi-cluster Monitoring", "githuburl":"" }, { "uri":"cce_bestpractice_0050.html", + "node_id":"cce_bestpractice_0050.xml", "product_code":"cce", - "code":"354", + "code":"355", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Cluster", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Cluster", "githuburl":"" }, { "uri":"cce_bestpractice_00254.html", + "node_id":"cce_bestpractice_00254.xml", "product_code":"cce", - "code":"355", + "code":"356", "des":"When you have multiple CCE clusters, you may find it difficult to efficiently connect to all of them.This section describes how to configure access to multiple clusters b", "doc_type":"usermanual2", "kw":"Connecting to Multiple Clusters Using kubectl,Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Connecting to Multiple Clusters Using kubectl", "githuburl":"" }, - { - "uri":"cce_bestpractice_00190.html", - "product_code":"cce", - "code":"356", - "des":"You can use the pre-installation script feature to configure CCE cluster nodes (ECSs).When creating a node in a cluster of v1.13.10 or later, if a data disk is not manage", - "doc_type":"usermanual2", - "kw":"Adding a Second Data Disk to a Node in a CCE Cluster,Cluster,User Guide", - "title":"Adding a Second Data Disk to a Node in a CCE Cluster", - "githuburl":"" - }, { "uri":"cce_bestpractice_10012.html", + "node_id":"cce_bestpractice_10012.xml", "product_code":"cce", "code":"357", - "des":"When a node is created, a data disk is created by default for container runtime and kubelet components to use. The data disk used by the container runtime and kubelet co", + "des":"When a node is created, a data disk is attached by default for a container runtime and kubelet. The data disk used by the container runtime and kubelet cannot be detached", "doc_type":"usermanual2", "kw":"Selecting a Data Disk for the Node,Cluster,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Selecting a Data Disk for the Node", "githuburl":"" }, { "uri":"cce_bestpractice_0052.html", + "node_id":"cce_bestpractice_0052.xml", "product_code":"cce", "code":"358", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Networking", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Networking", "githuburl":"" }, { "uri":"cce_bestpractice_00004.html", + "node_id":"cce_bestpractice_00004.xml", "product_code":"cce", "code":"359", "des":"Before creating a cluster on CCE, determine the number of VPCs, number of subnets, container CIDR blocks, and Services for access based on service requirements.This topic", "doc_type":"usermanual2", "kw":"Planning CIDR Blocks for a Cluster,Networking,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Planning CIDR Blocks for a Cluster", "githuburl":"" }, { "uri":"cce_bestpractice_00162.html", + "node_id":"cce_bestpractice_00162.xml", "product_code":"cce", "code":"360", "des":"CCE uses proprietary, high-performance container networking add-ons to support the tunnel network, Cloud Native Network 2.0, and VPC network models.After a cluster is cre", "doc_type":"usermanual2", "kw":"Selecting a Network Model,Networking,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Selecting a Network Model", "githuburl":"" }, { "uri":"cce_bestpractice_00231.html", + "node_id":"cce_bestpractice_00231.xml", "product_code":"cce", "code":"361", "des":"Session persistence is one of the most common while complex problems in load balancing.Session persistence is also called sticky sessions. After the sticky session functi", "doc_type":"usermanual2", "kw":"Implementing Sticky Session Through Load Balancing,Networking,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Implementing Sticky Session Through Load Balancing", "githuburl":"" }, { "uri":"cce_bestpractice_00035.html", + "node_id":"cce_bestpractice_00035.xml", "product_code":"cce", "code":"362", "des":"There may be different types of proxy servers between a client and a container server. How can a container obtain the real source IP address of the client? This section d", "doc_type":"usermanual2", "kw":"Obtaining the Client Source IP Address for a Container,Networking,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Obtaining the Client Source IP Address for a Container", "githuburl":"" }, { - "uri":"cce_bestpractice_0053.html", + "uri":"cce_bestpractice_10010.html", + "node_id":"cce_bestpractice_10010.xml", "product_code":"cce", "code":"363", + "des":"In the Cloud Native Network 2.0 model, each pod is allocated an ENI or a sub-ENI (called container ENI). The speed of ENI creation and binding is slower than that of pod ", + "doc_type":"usermanual2", + "kw":"Pre-Binding Container ENI for CCE Turbo Clusters,Networking,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Pre-Binding Container ENI for CCE Turbo Clusters", + "githuburl":"" + }, + { + "uri":"cce_bestpractice_0053.html", + "node_id":"cce_bestpractice_0053.xml", + "product_code":"cce", + "code":"364", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Storage", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Storage", "githuburl":"" }, { "uri":"cce_bestpractice_00198.html", + "node_id":"cce_bestpractice_00198.xml", "product_code":"cce", - "code":"364", - "des":"EulerOS 2.9 is used as the sample OS. Originally, system disk /dev/vda has 50 GB and one partition (/dev/vda1), and then 50 GB is added to the disk. In this example, the ", + "code":"365", + "des":"The storage classes that can be expanded for CCE nodes are as follows:EulerOS 2.9 is used as the sample OS. There is only one partition (/dev/vda1) with a capacity of 50 ", "doc_type":"usermanual2", - "kw":"Expanding Node Disk Capacity,Storage,User Guide", - "title":"Expanding Node Disk Capacity", + "kw":"Expanding the Storage Space,Storage,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Expanding the Storage Space", "githuburl":"" }, { "uri":"cce_bestpractice_00199.html", + "node_id":"cce_bestpractice_00199.xml", "product_code":"cce", - "code":"365", + "code":"366", "des":"This section describes how to mount OBS buckets and OBS parallel file systems (preferred) of third-party tenants.The CCE cluster of a SaaS service provider needs to be mo", "doc_type":"usermanual2", "kw":"Mounting an Object Storage Bucket of a Third-Party Tenant,Storage,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Mounting an Object Storage Bucket of a Third-Party Tenant", "githuburl":"" }, { "uri":"cce_bestpractice_00253.html", + "node_id":"cce_bestpractice_00253.xml", "product_code":"cce", - "code":"366", - "des":"The minimum capacity of an SFS Turbo file system is 500 GB, and the SFS Turbo file system cannot be billed by usage. By default, the root directory of an SFS Turbo file s", + "code":"367", + "des":"The minimum capacity of an SFS Turbo file system is 500 GiB, and the SFS Turbo file system cannot be billed by usage. By default, the root directory of an SFS Turbo file ", "doc_type":"usermanual2", "kw":"Dynamically Creating and Mounting Subdirectories of an SFS Turbo File System,Storage,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Dynamically Creating and Mounting Subdirectories of an SFS Turbo File System", "githuburl":"" }, { "uri":"cce_bestpractice_0107.html", + "node_id":"cce_bestpractice_0107.xml", "product_code":"cce", - "code":"367", + "code":"368", "des":"In clusters later than v1.15.11-r1, CSI (the everest add-on) has taken over all functions of fuxi FlexVolume (the storage-driver add-on) for managing container storage. Y", "doc_type":"usermanual2", "kw":"How Do I Change the Storage Class Used by a Cluster of v1.15 from FlexVolume to CSI Everest?,Storage", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"How Do I Change the Storage Class Used by a Cluster of v1.15 from FlexVolume to CSI Everest?", "githuburl":"" }, { "uri":"cce_bestpractice_00281.html", + "node_id":"cce_bestpractice_00281.xml", "product_code":"cce", - "code":"368", + "code":"369", "des":"When using storage resources in CCE, the most common method is to specify storageClassName to define the type of storage resources to be created when creating a PVC. The ", "doc_type":"usermanual2", "kw":"Custom Storage Classes,Storage,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Custom Storage Classes", "githuburl":"" }, { "uri":"cce_bestpractice_00284.html", + "node_id":"cce_bestpractice_00284.xml", "product_code":"cce", - "code":"369", - "des":"EVS disks cannot be attached across AZs. For example, EVS disks in AZ 1 cannot be attached to nodes in AZ 2.If the storage class csi-disk is used for StatefulSets, when a", + "code":"370", + "des":"EVS disks cannot be attached to a node deployed in another AZ. For example, the EVS disks in AZ 1 cannot be attached to a node in AZ 2. If the storage class csi-disk is u", "doc_type":"usermanual2", - "kw":"Realizing Automatic Topology for EVS Disks When Nodes Are Deployed Across AZs (csi-disk-topology),St", - "title":"Realizing Automatic Topology for EVS Disks When Nodes Are Deployed Across AZs (csi-disk-topology)", + "kw":"Enabling Automatic Topology for EVS Disks When Nodes Are Deployed in Different AZs (csi-disk-topolog", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Enabling Automatic Topology for EVS Disks When Nodes Are Deployed in Different AZs (csi-disk-topology)", "githuburl":"" }, { "uri":"cce_bestpractice_0051.html", + "node_id":"cce_bestpractice_0051.xml", "product_code":"cce", - "code":"370", + "code":"371", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Container", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Container", "githuburl":"" }, { "uri":"cce_bestpractice_00002.html", + "node_id":"cce_bestpractice_00002.xml", "product_code":"cce", - "code":"371", + "code":"372", "des":"If a node has sufficient memory resources, a container on this node can use more memory resources than requested, but no more than limited. If the memory allocated to a c", "doc_type":"usermanual2", "kw":"Properly Allocating Container Computing Resources,Container,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Properly Allocating Container Computing Resources", "githuburl":"" }, { "uri":"cce_bestpractice_00227.html", + "node_id":"cce_bestpractice_00227.xml", "product_code":"cce", - "code":"372", - "des":"To access a Kubernetes cluster from a client, you can use the Kubernetes command line tool kubectl.Create a DaemonSet file.vi daemonSet.yamlAn example YAML file is provid", + "code":"373", + "des":"To access a Kubernetes cluster from a client, you can use the Kubernetes command line tool kubectl.Create a daemonSet file.vi daemonSet.yamlAn example YAML file is provid", "doc_type":"usermanual2", "kw":"Modifying Kernel Parameters Using a Privileged Container,Container,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Modifying Kernel Parameters Using a Privileged Container", "githuburl":"" }, { "uri":"cce_bestpractice_00228.html", + "node_id":"cce_bestpractice_00228.xml", "product_code":"cce", - "code":"373", + "code":"374", "des":"Before containers running applications are started, one or some init containers are started first. If there are multiple init containers, they will be started in the defi", "doc_type":"usermanual2", - "kw":"Initializing a Container,Container,User Guide", - "title":"Initializing a Container", + "kw":"Using Init Containers to Initialize an Application,Container,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], + "title":"Using Init Containers to Initialize an Application", "githuburl":"" }, { "uri":"cce_bestpractice_00226.html", + "node_id":"cce_bestpractice_00226.xml", "product_code":"cce", - "code":"374", - "des":"If DNS or other related settings are inappropriate, you can use hostAliases to overwrite the resolution of the host name at the pod level when adding entries to the /etc/", + "code":"375", + "des":"If DNS or other related settings are inappropriate, you can use hostAliases to overwrite the resolution of the hostname at the pod level when adding entries to the /etc/h", "doc_type":"usermanual2", "kw":"Using hostAliases to Configure /etc/hosts in a Pod,Container,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Using hostAliases to Configure /etc/hosts in a Pod", "githuburl":"" }, { "uri":"cce_bestpractice_0325.html", + "node_id":"cce_bestpractice_0325.xml", "product_code":"cce", - "code":"375", + "code":"376", "des":"Linux allows you to create a core dump file if an application crashes, which contains the data the application had in memory at the time of the crash. You can analyze the", "doc_type":"usermanual2", "kw":"Configuring Core Dumps,Container,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Configuring Core Dumps", "githuburl":"" }, { "uri":"cce_bestpractice_0055.html", + "node_id":"cce_bestpractice_0055.xml", "product_code":"cce", - "code":"376", + "code":"377", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Permission", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Permission", "githuburl":"" }, { "uri":"cce_bestpractice_00221.html", + "node_id":"cce_bestpractice_00221.xml", "product_code":"cce", - "code":"377", + "code":"378", "des":"By default, the kubeconfig file provided by CCE for users has permissions bound to the cluster-admin role, which are equivalent to the permissions of user root. It is dif", "doc_type":"usermanual2", "kw":"Configuring kubeconfig for Fine-Grained Management on Cluster Resources,Permission,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Configuring kubeconfig for Fine-Grained Management on Cluster Resources", "githuburl":"" }, { "uri":"cce_bestpractice_10000.html", + "node_id":"cce_bestpractice_10000.xml", "product_code":"cce", - "code":"378", + "code":"379", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Release", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Release", "githuburl":"" }, { "uri":"cce_bestpractice_10001.html", + "node_id":"cce_bestpractice_10001.xml", "product_code":"cce", - "code":"379", + "code":"380", "des":"When switching between old and new services, you may be challenged in ensuring the system service continuity. If a new service version is directly released to all users a", "doc_type":"usermanual2", "kw":"Overview,Release,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Overview", "githuburl":"" }, { "uri":"cce_bestpractice_10002.html", + "node_id":"cce_bestpractice_10002.xml", "product_code":"cce", - "code":"380", - "des":"To implement grayscale release for a CCE cluster, you need to deploy other open-source tools, such as Nginx Ingress, to the cluster or deploy services to a service mesh. ", + "code":"381", + "des":"To implement grayscale release for a CCE cluster, deploy other open-source tools, such as Nginx Ingress, to the cluster or deploy services to a service mesh. These soluti", "doc_type":"usermanual2", "kw":"Using Services to Implement Simple Grayscale Release and Blue-Green Deployment,Release,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "opensource":"true", + "documenttype":"usermanual" + } + ], "title":"Using Services to Implement Simple Grayscale Release and Blue-Green Deployment", "githuburl":"" }, { - "uri":"cce_01_9999.html", + "uri":"cce_faq_0000.html", + "node_id":"cce_faq_0000.xml", "product_code":"cce", - "code":"381", + "code":"382", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"FAQs", + "search_title":"", + "metedata":[ + { + + } + ], + "title":"FAQs", + "githuburl":"" + }, + { + "uri":"cce_faq_00006.html", + "node_id":"cce_faq_00006.xml", + "product_code":"cce", + "code":"383", + "des":"Why Can't I Create a CCE Cluster?Is Management Scale of a Cluster Related to the Number of Master Nodes?How Do I Rectify the Fault When the Cluster Status Is Unavailable?", + "doc_type":"usermanual2", + "kw":"Common Questions,FAQs,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Common Questions", + "githuburl":"" + }, + { + "uri":"cce_faq_00024.html", + "node_id":"cce_faq_00024.xml", + "product_code":"cce", + "code":"384", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Cluster", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Cluster", + "githuburl":"" + }, + { + "uri":"cce_faq_00278.html", + "node_id":"cce_faq_00278.xml", + "product_code":"cce", + "code":"385", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Cluster Creation", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Cluster Creation", + "githuburl":"" + }, + { + "uri":"cce_faq_00111.html", + "node_id":"cce_faq_00111.xml", + "product_code":"cce", + "code":"386", + "des":"This section describes how to locate and rectify the fault if you fail to create a CCE cluster.Possible causes:The Network Time Protocol daemon (ntpd) is not installed or", + "doc_type":"usermanual2", + "kw":"Why Can't I Create a CCE Cluster?,Cluster Creation,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Why Can't I Create a CCE Cluster?", + "githuburl":"" + }, + { + "uri":"cce_faq_00090.html", + "node_id":"cce_faq_00090.xml", + "product_code":"cce", + "code":"387", + "des":"Management scale indicates the maximum number of nodes that can be managed by a cluster. If you select 50 nodes, the cluster can manage a maximum of 50 nodes.The number o", + "doc_type":"usermanual2", + "kw":"Is Management Scale of a Cluster Related to the Number of Master Nodes?,Cluster Creation,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Is Management Scale of a Cluster Related to the Number of Master Nodes?", + "githuburl":"" + }, + { + "uri":"cce_faq_00154.html", + "node_id":"cce_faq_00154.xml", + "product_code":"cce", + "code":"388", + "des":"CCE restricts only the number of clusters. However, when using CCE, you may also be using other cloud services, such as Elastic Cloud Server (ECS), Elastic Volume Service", + "doc_type":"usermanual2", + "kw":"Which Resource Quotas Should I Pay Attention To When Using CCE?,Cluster Creation,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Which Resource Quotas Should I Pay Attention To When Using CCE?", + "githuburl":"" + }, + { + "uri":"cce_faq_00279.html", + "node_id":"cce_faq_00279.xml", + "product_code":"cce", + "code":"389", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Cluster Running", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Cluster Running", + "githuburl":"" + }, + { + "uri":"cce_faq_00039.html", + "node_id":"cce_faq_00039.xml", + "product_code":"cce", + "code":"390", + "des":"If the cluster is Unavailable, perform the following operations to rectify the fault:Troubleshooting methods are sorted based on the occurrence probability of the possibl", + "doc_type":"usermanual2", + "kw":"How Do I Rectify the Fault When the Cluster Status Is Unavailable?,Cluster Running,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Rectify the Fault When the Cluster Status Is Unavailable?", + "githuburl":"" + }, + { + "uri":"cce_faq_00040.html", + "node_id":"cce_faq_00040.xml", + "product_code":"cce", + "code":"391", + "des":"After a cluster is deleted, the workload on the cluster will also be deleted and cannot be restored. Therefore, exercise caution when deleting a cluster.", + "doc_type":"usermanual2", + "kw":"How Do I Retrieve Data After a Cluster Is Deleted?,Cluster Running,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Retrieve Data After a Cluster Is Deleted?", + "githuburl":"" + }, + { + "uri":"cce_faq_00309.html", + "node_id":"cce_faq_00309.xml", + "product_code":"cce", + "code":"392", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Cluster Deletion", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Cluster Deletion", + "githuburl":"" + }, + { + "uri":"cce_faq_00394.html", + "node_id":"cce_faq_00394.xml", + "product_code":"cce", + "code":"393", + "des":"When deleting a cluster, CCE obtains the cluster's resources through kube-apiserver of the cluster. If the cluster is unavailable, frozen, or hibernated, the resources ma", + "doc_type":"usermanual2", + "kw":"Failed to Delete a Cluster: Residual ENIs,Cluster Deletion,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Failed to Delete a Cluster: Residual ENIs", + "githuburl":"" + }, + { + "uri":"cce_faq_00413.html", + "node_id":"cce_faq_00413.xml", + "product_code":"cce", + "code":"394", + "des":"If a cluster is not in the running state (for example, frozen or unavailable), resources such as PVCs, Services, and ingresses in the cluster cannot be obtained. After th", + "doc_type":"usermanual2", + "kw":"How Do I Clear Residual Resources After a Non-Running Cluster Is Deleted?,Cluster Deletion,User Guid", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Clear Residual Resources After a Non-Running Cluster Is Deleted?", + "githuburl":"" + }, + { + "uri":"cce_faq_00401.html", + "node_id":"cce_faq_00401.xml", + "product_code":"cce", + "code":"395", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Cluster Upgrade", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Cluster Upgrade", + "githuburl":"" + }, + { + "uri":"cce_faq_00402.html", + "node_id":"cce_faq_00402.xml", + "product_code":"cce", + "code":"396", + "des":"This section describes how to locate and rectify the fault if you fail to upgrade an add-on during the CCE cluster upgrade.", + "doc_type":"usermanual2", + "kw":"What Do I Do If a Cluster Add-On Fails to be Upgraded During the CCE Cluster Upgrade?,Cluster Upgrad", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Do I Do If a Cluster Add-On Fails to be Upgraded During the CCE Cluster Upgrade?", + "githuburl":"" + }, + { + "uri":"cce_faq_00021.html", + "node_id":"cce_faq_00021.xml", + "product_code":"cce", + "code":"397", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Node", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Node", + "githuburl":"" + }, + { + "uri":"cce_faq_00280.html", + "node_id":"cce_faq_00280.xml", + "product_code":"cce", + "code":"398", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Node Creation", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Node Creation", + "githuburl":"" + }, + { + "uri":"cce_faq_00027.html", + "node_id":"cce_faq_00027.xml", + "product_code":"cce", + "code":"399", + "des":"The node images in the same cluster must be the same. Pay attention to this when creating, adding, or accepting nodes in a cluster.If you need to allocate user space from", + "doc_type":"usermanual2", + "kw":"How Do I Troubleshoot Problems Occurred When Adding Nodes to a CCE Cluster?,Node Creation,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Troubleshoot Problems Occurred When Adding Nodes to a CCE Cluster?", + "githuburl":"" + }, + { + "uri":"cce_faq_00281.html", + "node_id":"cce_faq_00281.xml", + "product_code":"cce", + "code":"400", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Node Running", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Node Running", + "githuburl":"" + }, + { + "uri":"cce_faq_00120.html", + "node_id":"cce_faq_00120.xml", + "product_code":"cce", + "code":"401", + "des":"If the cluster status is available but some nodes in the cluster are unavailable, perform the following operations to rectify the fault:Kubernetes provides the heartbeat ", + "doc_type":"usermanual2", + "kw":"monitrc,What Should I Do If a Cluster Is Available But Some Nodes Are Unavailable?,Node Running,User", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If a Cluster Is Available But Some Nodes Are Unavailable?", + "githuburl":"" + }, + { + "uri":"cce_faq_00201.html", + "node_id":"cce_faq_00201.xml", + "product_code":"cce", + "code":"402", + "des":"The following tables list log files of CCE nodes.", + "doc_type":"usermanual2", + "kw":"How Do I Collect Logs of Nodes in a CCE Cluster?,Node Running,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Collect Logs of Nodes in a CCE Cluster?", + "githuburl":"" + }, + { + "uri":"cce_faq_00263.html", + "node_id":"cce_faq_00263.xml", + "product_code":"cce", + "code":"403", + "des":"The vdb disk of a node is damaged and the node cannot be recovered after reset.Error ScenariosOn a normal node, delete the LV and VG. The node is unavailable.Reset an abn", + "doc_type":"usermanual2", + "kw":"What Should I Do If the vdb Disk of a Node Is Damaged and the Node Cannot Be Recovered After Reset?,", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If the vdb Disk of a Node Is Damaged and the Node Cannot Be Recovered After Reset?", + "githuburl":"" + }, + { + "uri":"cce_faq_00296.html", + "node_id":"cce_faq_00296.xml", + "product_code":"cce", + "code":"404", + "des":"When SCSI EVS disks are used and containers are created and deleted on a CentOS node, the disks are frequently mounted and unmounted. The read/write rate of the system di", + "doc_type":"usermanual2", + "kw":"What Should I Do If I/O Suspension Occasionally Occurs When SCSI EVS Disks Are Used?,Node Running,Us", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If I/O Suspension Occasionally Occurs When SCSI EVS Disks Are Used?", + "githuburl":"" + }, + { + "uri":"cce_faq_00307.html", + "node_id":"cce_faq_00307.xml", + "product_code":"cce", + "code":"405", + "des":"When the disk space of a thin pool on a node is about to be used up, the following exceptions occasionally occur:Files or directories fail to be created in the container,", + "doc_type":"usermanual2", + "kw":"How Do I Fix an Abnormal Container or Node Due to No Thin Pool Disk Space?,Node Running,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Fix an Abnormal Container or Node Due to No Thin Pool Disk Space?", + "githuburl":"" + }, + { + "uri":"cce_faq_00020.html", + "node_id":"cce_faq_00020.xml", + "product_code":"cce", + "code":"406", + "des":"SymptomA node is running properly and has GPU resources. However, the following error information is displayed:0/9 nodes are available: 9 insufficient nvidia.com/gpuAnaly", + "doc_type":"usermanual2", + "kw":"How Do I Rectify Failures When the NVIDIA Driver Is Used to Start Containers on GPU Nodes?,Node Runn", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Rectify Failures When the NVIDIA Driver Is Used to Start Containers on GPU Nodes?", + "githuburl":"" + }, + { + "uri":"cce_faq_00282.html", + "node_id":"cce_faq_00282.xml", + "product_code":"cce", + "code":"407", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Specification Change", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Specification Change", + "githuburl":"" + }, + { + "uri":"cce_faq_00030.html", + "node_id":"cce_faq_00030.xml", + "product_code":"cce", + "code":"408", + "des":"If the node whose specifications need to be changed is accepted into the cluster for management, remove the node from the cluster and then change the node specifications ", + "doc_type":"usermanual2", + "kw":"How Do I Change the Node Specifications in a CCE Cluster?,Specification Change,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Change the Node Specifications in a CCE Cluster?", + "githuburl":"" + }, + { + "uri":"cce_faq_00189.html", + "node_id":"cce_faq_00189.xml", + "product_code":"cce", + "code":"409", + "des":"The kubelet option cpu-manager-policy defaults to static, allowing pods with certain resource characteristics to be granted increased CPU affinity and exclusivity on the ", + "doc_type":"usermanual2", + "kw":"What Should I Do If I Fail to Restart or Create Workloads on a Node After Modifying the Node Specifi", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If I Fail to Restart or Create Workloads on a Node After Modifying the Node Specifications?", + "githuburl":"" + }, + { + "uri":"cce_faq_00163.html", + "node_id":"cce_faq_00163.xml", + "product_code":"cce", + "code":"410", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Node Pool", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Node Pool", + "githuburl":"" + }, + { + "uri":"cce_faq_00127.html", + "node_id":"cce_faq_00127.xml", + "product_code":"cce", + "code":"411", + "des":"The node pool keeps being in the expanding state, but no node creation record is displayed in the operation record.Check and rectify the following faults:Whether the spec", + "doc_type":"usermanual2", + "kw":"What Should I Do If No Node Creation Record Is Displayed When the Node Pool Is Being Expanding?,Node", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If No Node Creation Record Is Displayed When the Node Pool Is Being Expanding?", + "githuburl":"" + }, + { + "uri":"cce_faq_00028.html", + "node_id":"cce_faq_00028.xml", + "product_code":"cce", + "code":"412", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Workload", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Workload", + "githuburl":"" + }, + { + "uri":"cce_faq_00029.html", + "node_id":"cce_faq_00029.xml", + "product_code":"cce", + "code":"413", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Workload Abnormalities", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Workload Abnormalities", + "githuburl":"" + }, + { + "uri":"cce_faq_00134.html", + "node_id":"cce_faq_00134.xml", + "product_code":"cce", + "code":"414", + "des":"If a workload is abnormal, you can first check the pod events to locate the fault and then rectify the fault by referring to Table 1.Run the kubectl describe pod{pod-name", + "doc_type":"usermanual2", + "kw":"How Do I Use Events to Fix Abnormal Workloads?,Workload Abnormalities,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Use Events to Fix Abnormal Workloads?", + "githuburl":"" + }, + { + "uri":"cce_faq_00098.html", + "node_id":"cce_faq_00098.xml", + "product_code":"cce", + "code":"415", + "des":"If the pod is in the Pending state and the event contains pod scheduling failure information, locate the cause based on the event information. For details about how to vi", + "doc_type":"usermanual2", + "kw":"What Should I Do If Pod Scheduling Fails?,Workload Abnormalities,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If Pod Scheduling Fails?", + "githuburl":"" + }, + { + "uri":"cce_faq_00015.html", + "node_id":"cce_faq_00015.xml", + "product_code":"cce", + "code":"416", + "des":"When a workload enters the state of \"Pod not ready: Back-off pulling image \"xxxxx\", a Kubernetes event of PodsFailed to pull image or Failed to re-pull image will be repo", + "doc_type":"usermanual2", + "kw":"What Should I Do If a Pod Fails to Pull the Image?,Workload Abnormalities,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If a Pod Fails to Pull the Image?", + "githuburl":"" + }, + { + "uri":"cce_faq_00018.html", + "node_id":"cce_faq_00018.xml", + "product_code":"cce", + "code":"417", + "des":"On the details page of a workload, if an event is displayed indicating that the container fails to be started, perform the following steps to locate the fault:Rectify the", + "doc_type":"usermanual2", + "kw":"What Should I Do If Container Startup Fails?,Workload Abnormalities,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If Container Startup Fails?", + "githuburl":"" + }, + { + "uri":"cce_faq_00209.html", + "node_id":"cce_faq_00209.xml", + "product_code":"cce", + "code":"418", + "des":"When an exception occurs on a node, Kubernetes evicts the pods on the node to ensure the workload availability.In Kubernetes, both kube-controller-manager and kubelet can", + "doc_type":"usermanual2", + "kw":"What Should I Do If a Pod Fails to Be Evicted?,Workload Abnormalities,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If a Pod Fails to Be Evicted?", + "githuburl":"" + }, + { + "uri":"cce_faq_00200.html", + "node_id":"cce_faq_00200.xml", + "product_code":"cce", + "code":"419", + "des":"Troubleshooting methods are sorted based on the occurrence probability of the possible causes. You are advised to check the possible causes from high probability to low p", + "doc_type":"usermanual2", + "kw":"What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?,Workload Abnormali", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?", + "githuburl":"" + }, + { + "uri":"cce_faq_00140.html", + "node_id":"cce_faq_00140.xml", + "product_code":"cce", + "code":"420", + "des":"The workload remains in the creating state.Troubleshooting methods are sorted based on the occurrence probability of the possible causes. You are advised to check the pos", + "doc_type":"usermanual2", + "kw":"What Should I Do If a Workload Remains in the Creating State?,Workload Abnormalities,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If a Workload Remains in the Creating State?", + "githuburl":"" + }, + { + "uri":"cce_faq_00210.html", + "node_id":"cce_faq_00210.xml", + "product_code":"cce", + "code":"421", + "des":"When a node is in the Unavailable state, CCE migrates container pods on the node and sets the pods running on the node to the Terminating state.After the node is restored", + "doc_type":"usermanual2", + "kw":"What Should I Do If Pods in the Terminating State Cannot Be Deleted?,Workload Abnormalities,User Gui", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If Pods in the Terminating State Cannot Be Deleted?", + "githuburl":"" + }, + { + "uri":"cce_faq_00012.html", + "node_id":"cce_faq_00012.xml", + "product_code":"cce", + "code":"422", + "des":"A workload is in Stopped state.The metadata.enable field in the YAML file of the workload is false. As a result, the pod of the workload is deleted and the workload is in", + "doc_type":"usermanual2", + "kw":"What Should I Do If a Workload Is Stopped Caused by Pod Deletion?,Workload Abnormalities,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If a Workload Is Stopped Caused by Pod Deletion?", + "githuburl":"" + }, + { + "uri":"cce_faq_00109.html", + "node_id":"cce_faq_00109.xml", + "product_code":"cce", + "code":"423", + "des":"The following exceptions occur when services are deployed on the GPU nodes in a CCE cluster:The GPU memory of containers cannot be queried.Seven GPU services are deployed", + "doc_type":"usermanual2", + "kw":"What Should I Do If an Error Occurs When Deploying a Service on the GPU Node?,Workload Abnormalities", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If an Error Occurs When Deploying a Service on the GPU Node?", + "githuburl":"" + }, + { + "uri":"cce_faq_00005.html", + "node_id":"cce_faq_00005.xml", + "product_code":"cce", + "code":"424", + "des":"The pod remains in the creating state for a long time, and the sandbox-related errors are reported.Select a troubleshooting method for your cluster:Clusters of V1.13This ", + "doc_type":"usermanual2", + "kw":"What Should I Do If Sandbox-Related Errors Are Reported When the Pod Remains in the Creating State?,", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If Sandbox-Related Errors Are Reported When the Pod Remains in the Creating State?", + "githuburl":"" + }, + { + "uri":"cce_faq_00095.html", + "node_id":"cce_faq_00095.xml", + "product_code":"cce", + "code":"425", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Container Configuration", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Container Configuration", + "githuburl":"" + }, + { + "uri":"cce_faq_00159.html", + "node_id":"cce_faq_00159.xml", + "product_code":"cce", + "code":"426", + "des":"Service processing takes a long time. Pre-stop processing makes sure that during an upgrade, a pod is killed only when the service in the pod has been processed.", + "doc_type":"usermanual2", + "kw":"When Is Pre-stop Processing Used?,Container Configuration,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"When Is Pre-stop Processing Used?", + "githuburl":"" + }, + { + "uri":"cce_faq_00261.html", + "node_id":"cce_faq_00261.xml", + "product_code":"cce", + "code":"427", + "des":"When creating a workload, users can specify a container, pod, and namespace as an FQDN for accessing the container in the same namespace.FQDN stands for Fully Qualified D", + "doc_type":"usermanual2", + "kw":"How Do I Set an FQDN for Accessing a Specified Container in the Same Namespace?,Container Configurat", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Set an FQDN for Accessing a Specified Container in the Same Namespace?", + "githuburl":"" + }, + { + "uri":"cce_faq_00255.html", + "node_id":"cce_faq_00255.xml", + "product_code":"cce", + "code":"428", + "des":"When the liveness and readiness probes fail to perform the health check, locate the service fault first.Common causes are as follows:The service processing takes a long t", + "doc_type":"usermanual2", + "kw":"What Should I Do If Health Check Probes Occasionally Fail?,Container Configuration,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If Health Check Probes Occasionally Fail?", + "githuburl":"" + }, + { + "uri":"cce_faq_00230.html", + "node_id":"cce_faq_00230.xml", + "product_code":"cce", + "code":"429", + "des":"A container is started in tailf /dev/null mode and the directory permission is 700 after the startup script is manually executed. If the container is started by Kubernete", + "doc_type":"usermanual2", + "kw":"How Do I Set the umask Value for a Container?,Container Configuration,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Set the umask Value for a Container?", + "githuburl":"" + }, + { + "uri":"cce_faq_00152.html", + "node_id":"cce_faq_00152.xml", + "product_code":"cce", + "code":"430", + "des":"After the JVM startup heap memory parameter is specified for ENTRYPOINT in the Dockerfile, an error message \"invalid initial heap size\" is displayed during the deployed c", + "doc_type":"usermanual2", + "kw":"What Can I Do If an Error Is Reported When a Deployed Container Is Started After the JVM Startup Hea", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Can I Do If an Error Is Reported When a Deployed Container Is Started After the JVM Startup Heap Memory Parameter Is Specified for ENTRYPOINT in Dockerfile?", + "githuburl":"" + }, + { + "uri":"cce_faq_00004.html", + "node_id":"cce_faq_00004.xml", + "product_code":"cce", + "code":"431", + "des":"CCE is a fully managed Kubernetes service and is fully compatible with Kubernetes APIs and kubectl.In Kubernetes, the spec of a pod contains a restartPolicy field. The va", + "doc_type":"usermanual2", + "kw":"What Is the Retry Mechanism When CCE Fails to Start a Pod?,Container Configuration,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Is the Retry Mechanism When CCE Fails to Start a Pod?", + "githuburl":"" + }, + { + "uri":"cce_faq_00284.html", + "node_id":"cce_faq_00284.xml", + "product_code":"cce", + "code":"432", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Scheduling Policies", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Scheduling Policies", + "githuburl":"" + }, + { + "uri":"cce_faq_00260.html", + "node_id":"cce_faq_00260.xml", + "product_code":"cce", + "code":"433", + "des":"The kube-scheduler component in Kubernetes is responsible pod scheduling. For each newly created pod or other unscheduled pods, kube-scheduler selects an optimal node fro", + "doc_type":"usermanual2", + "kw":"How Do I Evenly Distribute Multiple Pods to Each Node?,Scheduling Policies,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Evenly Distribute Multiple Pods to Each Node?", + "githuburl":"" + }, + { + "uri":"cce_faq_00262.html", + "node_id":"cce_faq_00262.xml", + "product_code":"cce", + "code":"434", + "des":"During workload scheduling, two containers on a node may compete for resources. As a result, kubelet evicts both containers. This section describes how to set a policy to", + "doc_type":"usermanual2", + "kw":"How Do I Prevent a Container on a Node from Being Evicted?,Scheduling Policies,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Prevent a Container on a Node from Being Evicted?", + "githuburl":"" + }, + { + "uri":"cce_faq_00314.html", + "node_id":"cce_faq_00314.xml", + "product_code":"cce", + "code":"435", + "des":"The kube-scheduler component in Kubernetes is responsible for pod scheduling. For each newly created pod or other unscheduled pods, kube-scheduler selects an optimal node", + "doc_type":"usermanual2", + "kw":"Why Are Pods Not Evenly Distributed to Nodes?,Scheduling Policies,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Why Are Pods Not Evenly Distributed to Nodes?", + "githuburl":"" + }, + { + "uri":"cce_faq_00326.html", + "node_id":"cce_faq_00326.xml", + "product_code":"cce", + "code":"436", + "des":"You can run the kubectl drain command to safely evict all pods from a node.By default, the kubectl drain command retains some system pods, for example, everest-csi-driver", + "doc_type":"usermanual2", + "kw":"How Do I Evict All Pods on a Node?,Scheduling Policies,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Evict All Pods on a Node?", + "githuburl":"" + }, + { + "uri":"cce_faq_00186.html", + "node_id":"cce_faq_00186.xml", + "product_code":"cce", + "code":"437", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Others", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Others", + "githuburl":"" + }, + { + "uri":"cce_faq_00213.html", + "node_id":"cce_faq_00213.xml", + "product_code":"cce", + "code":"438", + "des":"If a scheduled task is stopped during running, before its restart, the system calculates the difference between the last time the task was successfully executed and the c", + "doc_type":"usermanual2", + "kw":"What Should I Do If a Scheduled Task Cannot Be Restarted After Being Stopped for a Period of Time?,O", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If a Scheduled Task Cannot Be Restarted After Being Stopped for a Period of Time?", + "githuburl":"" + }, + { + "uri":"cce_faq_00289.html", + "node_id":"cce_faq_00289.xml", + "product_code":"cce", + "code":"439", + "des":"The inter-pod discovery service of CCE corresponds to the headless Service of Kubernetes. Headless Services specify None for the cluster IP (spec:clusterIP) in YAML, whic", + "doc_type":"usermanual2", + "kw":"What Is a Headless Service When I Create a StatefulSet?,Others,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Is a Headless Service When I Create a StatefulSet?", + "githuburl":"" + }, + { + "uri":"cce_faq_00106.html", + "node_id":"cce_faq_00106.xml", + "product_code":"cce", + "code":"440", + "des":"When you replace the image of a container in a created workload and use an uploaded image on the CCE console, an error message \"Auth is empty, only accept X-Auth-Token or", + "doc_type":"usermanual2", + "kw":"What Should I Do If Error Message \"Auth is empty\" Is Displayed When a Private Image Is Pulled?,Other", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If Error Message \"Auth is empty\" Is Displayed When a Private Image Is Pulled?", + "githuburl":"" + }, + { + "uri":"cce_faq_00293.html", + "node_id":"cce_faq_00293.xml", + "product_code":"cce", + "code":"441", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Why Cannot a Pod Be Scheduled to a Node?,Others,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Why Cannot a Pod Be Scheduled to a Node?", + "githuburl":"" + }, + { + "uri":"cce_faq_00199.html", + "node_id":"cce_faq_00199.xml", + "product_code":"cce", + "code":"442", + "des":"A container image is required to create a container. Images may be stored locally or in a remote image repository.The imagePullPolicy field in the Kubernetes configuratio", + "doc_type":"usermanual2", + "kw":"What Is the Image Pull Policy for Containers in a CCE Cluster?,Others,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Is the Image Pull Policy for Containers in a CCE Cluster?", + "githuburl":"" + }, + { + "uri":"cce_faq_00319.html", + "node_id":"cce_faq_00319.xml", + "product_code":"cce", + "code":"443", + "des":"When containerd is used as the container engine, there is a possibility that the image layer is missing when an image is pulled to a node. As a result, the workload conta", + "doc_type":"usermanual2", + "kw":"What Can I Do If a Layer Is Missing During Image Pull?,Others,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Can I Do If a Layer Is Missing During Image Pull?", + "githuburl":"" + }, + { + "uri":"cce_faq_00141.html", + "node_id":"cce_faq_00141.xml", + "product_code":"cce", + "code":"444", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Networking", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Networking", + "githuburl":"" + }, + { + "uri":"cce_faq_00146.html", + "node_id":"cce_faq_00146.xml", + "product_code":"cce", + "code":"445", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Network Planning", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Network Planning", + "githuburl":"" + }, + { + "uri":"cce_faq_00266.html", + "node_id":"cce_faq_00266.xml", + "product_code":"cce", + "code":"446", + "des":"A Virtual Private Cloud (VPC) is similar to a private local area network (LAN) managed by a home gateway whose IP address is 192.168.0.0/16. A VPC is a private network bu", + "doc_type":"usermanual2", + "kw":"What Is the Relationship Between Clusters, VPCs, and Subnets?,Network Planning,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Is the Relationship Between Clusters, VPCs, and Subnets?", + "githuburl":"" + }, + { + "uri":"cce_faq_00265.html", + "node_id":"cce_faq_00265.xml", + "product_code":"cce", + "code":"447", + "des":"CCE is a universal container platform. Its default security group rules apply to common scenarios. When a cluster is created, a security group is automatically created fo", + "doc_type":"usermanual2", + "kw":"Configuring Cluster Security Group Rules,Network Planning,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Configuring Cluster Security Group Rules", + "githuburl":"" + }, + { + "uri":"cce_faq_00205.html", + "node_id":"cce_faq_00205.xml", + "product_code":"cce", + "code":"448", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Network Fault", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Network Fault", + "githuburl":"" + }, + { + "uri":"cce_faq_00202.html", + "node_id":"cce_faq_00202.xml", + "product_code":"cce", + "code":"449", + "des":"Troubleshooting methods are sorted based on the occurrence probability of the possible causes. You are advised to check the possible causes from high probability to low p", + "doc_type":"usermanual2", + "kw":"How Do I Locate a Workload Networking Fault?,Network Fault,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Locate a Workload Networking Fault?", + "githuburl":"" + }, + { + "uri":"cce_faq_00203.html", + "node_id":"cce_faq_00203.xml", + "product_code":"cce", + "code":"450", + "des":"CCE does not return any error code when you fail to access your applications using a browser. Check your services first.404 Not FoundIf the error code shown in the follow", + "doc_type":"usermanual2", + "kw":"Why Does the Browser Return Error Code 404 When I Access a Deployed Application?,Network Fault,User ", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Why Does the Browser Return Error Code 404 When I Access a Deployed Application?", + "githuburl":"" + }, + { + "uri":"cce_faq_00204.html", + "node_id":"cce_faq_00204.xml", + "product_code":"cce", + "code":"451", + "des":"If a container cannot access the Internet, check whether the node where the container is located can access the Internet. Then check whether the network configuration of ", + "doc_type":"usermanual2", + "kw":"What Should I Do If a Container Fails to Access the Internet?,Network Fault,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If a Container Fails to Access the Internet?", + "githuburl":"" + }, + { + "uri":"cce_faq_00022.html", + "node_id":"cce_faq_00022.xml", + "product_code":"cce", + "code":"452", + "des":"If a node fails to be connected to the Internet, perform the following operations:Log in to the ECS console and check whether an EIP has been bound to the ECS correspondi", + "doc_type":"usermanual2", + "kw":"What Should I Do If a Node Fails to Connect to the Internet (Public Network)?,Network Fault,User Gui", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If a Node Fails to Connect to the Internet (Public Network)?", + "githuburl":"" + }, + { + "uri":"cce_faq_00037.html", + "node_id":"cce_faq_00037.xml", + "product_code":"cce", + "code":"453", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Storage", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Storage", + "githuburl":"" + }, + { + "uri":"cce_faq_00038.html", + "node_id":"cce_faq_00038.xml", + "product_code":"cce", + "code":"454", + "des":"Container storage provides storage for container workloads. It supports multiple storage classes. A pod can use any amount of storage.Currently, CCE supports local, EVS, ", + "doc_type":"usermanual2", + "kw":"What Are the Differences Among CCE Storage Classes in Terms of Persistent Storage and Multi-node Mou", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Are the Differences Among CCE Storage Classes in Terms of Persistent Storage and Multi-node Mounting?", + "githuburl":"" + }, + { + "uri":"cce_faq_00089.html", + "node_id":"cce_faq_00089.xml", + "product_code":"cce", + "code":"455", + "des":"No. A data disk is mandatory.A data disk dedicated for kubelet and the container engine will be attached to a new node. By default, CCE uses Logical Volume Manager (LVM)", + "doc_type":"usermanual2", + "kw":"Can I Add a Node Without a Data Disk?,Storage,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Can I Add a Node Without a Data Disk?", + "githuburl":"" + }, + { + "uri":"cce_faq_00218.html", + "node_id":"cce_faq_00218.xml", + "product_code":"cce", + "code":"456", + "des":"When a Service deployed on CCE attempts to upload files to OBS after receiving an access request from an offline machine, an error message is displayed, indicating that t", + "doc_type":"usermanual2", + "kw":"What Should I Do If the Host Cannot Be Found When Files Need to Be Uploaded to OBS During the Access", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If the Host Cannot Be Found When Files Need to Be Uploaded to OBS During the Access to the CCE Service from a Public Network?", + "githuburl":"" + }, + { + "uri":"cce_faq_00235.html", + "node_id":"cce_faq_00235.xml", + "product_code":"cce", + "code":"457", + "des":"The Kubernetes pod structure does not contain ExtendPathMode. Therefore, when a user calls the API for creating a pod or deployment by using client-go, the created pod do", + "doc_type":"usermanual2", + "kw":"How Can I Achieve Compatibility Between ExtendPathMode and Kubernetes client-go?,Storage,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Can I Achieve Compatibility Between ExtendPathMode and Kubernetes client-go?", + "githuburl":"" + }, + { + "uri":"cce_faq_00316.html", + "node_id":"cce_faq_00316.xml", + "product_code":"cce", + "code":"458", + "des":"CCE PersistentVolumeClaims (PVCs) are implemented as they are in Kubernetes. A PVC is defined as a storage declaration and is decoupled from underlying storage. It is not", + "doc_type":"usermanual2", + "kw":"Can CCE PVCs Detect Underlying Storage Faults?,Storage,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Can CCE PVCs Detect Underlying Storage Faults?", + "githuburl":"" + }, + { + "uri":"cce_faq_00324.html", + "node_id":"cce_faq_00324.xml", + "product_code":"cce", + "code":"459", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Namespace", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Namespace", + "githuburl":"" + }, + { + "uri":"cce_faq_00325.html", + "node_id":"cce_faq_00325.xml", + "product_code":"cce", + "code":"460", + "des":"The namespace remains in the Deleting state. The error message \"DiscoveryFailed\" is displayed in status in the YAML file.In the preceding figure, the full error message i", + "doc_type":"usermanual2", + "kw":"Why Cannot I Delete a Namespace Due to an APIService Object Access Failure?,Namespace,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Why Cannot I Delete a Namespace Due to an APIService Object Access Failure?", + "githuburl":"" + }, + { + "uri":"cce_faq_00215.html", + "node_id":"cce_faq_00215.xml", + "product_code":"cce", + "code":"461", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Chart and Add-on", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Chart and Add-on", + "githuburl":"" + }, + { + "uri":"cce_faq_00322.html", + "node_id":"cce_faq_00322.xml", + "product_code":"cce", + "code":"462", + "des":"When an add-on fails to be installed, the error message \"The release name is already exist\" is returned.The add-on release record remains in the Kubernetes cluster. Gener", + "doc_type":"usermanual2", + "kw":"Why Does Add-on Installation Fail and Prompt \"The release name is already exist\"?,Chart and Add-on,U", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Why Does Add-on Installation Fail and Prompt \"The release name is already exist\"?", + "githuburl":"" + }, + { + "uri":"cce_faq_00207.html", + "node_id":"cce_faq_00207.xml", + "product_code":"cce", + "code":"463", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"API & kubectl FAQs", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"API & kubectl FAQs", + "githuburl":"" + }, + { + "uri":"cce_faq_00025.html", + "node_id":"cce_faq_00025.xml", + "product_code":"cce", + "code":"464", + "des":"You can use either of the following methods to access the cluster API Server:(Recommended) Through the cluster API. This access mode uses certificate authentication. It i", + "doc_type":"usermanual2", + "kw":"How Can I Access a CCE Cluster?,API & kubectl FAQs,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Can I Access a CCE Cluster?", + "githuburl":"" + }, + { + "uri":"cce_faq_00208.html", + "node_id":"cce_faq_00208.xml", + "product_code":"cce", + "code":"465", + "des":"The CCE console does not support the display of the following Kubernetes resources: DaemonSets, ReplicationControllers, ReplicaSets, and endpoints.To query these resource", + "doc_type":"usermanual2", + "kw":"Can the Resources Created Using APIs or kubectl Be Displayed on the CCE Console?,API & kubectl FAQs,", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Can the Resources Created Using APIs or kubectl Be Displayed on the CCE Console?", + "githuburl":"" + }, + { + "uri":"cce_faq_00041.html", + "node_id":"cce_faq_00041.xml", + "product_code":"cce", + "code":"466", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"How Do I Download kubeconfig for Connecting to a Cluster Using kubectl?,API & kubectl FAQs,User Guid", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Download kubeconfig for Connecting to a Cluster Using kubectl?", + "githuburl":"" + }, + { + "uri":"cce_faq_00321.html", + "node_id":"cce_faq_00321.xml", + "product_code":"cce", + "code":"467", + "des":"The error message \"Error from server (ServiceUnavailable): the server is currently unable to handle the request (get nodes.metrics.k8s.io)\" is displayed after the kubectl", + "doc_type":"usermanual2", + "kw":"How Do I Rectify the Error Reported When Running the kubectl top node Command?,API & kubectl FAQs,Us", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Rectify the Error Reported When Running the kubectl top node Command?", + "githuburl":"" + }, + { + "uri":"cce_faq_00311.html", + "node_id":"cce_faq_00311.xml", + "product_code":"cce", + "code":"468", + "des":"When you use kubectl to create or query Kubernetes resources, the following output is returned:# kubectl get deploy Error from server (Forbidden): deployments.apps is for", + "doc_type":"usermanual2", + "kw":"Why Is \"Error from server (Forbidden)\" Displayed When I Use kubectl?,API & kubectl FAQs,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Why Is \"Error from server (Forbidden)\" Displayed When I Use kubectl?", + "githuburl":"" + }, + { + "uri":"cce_faq_00001.html", + "node_id":"cce_faq_00001.xml", + "product_code":"cce", + "code":"469", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"DNS FAQs", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"DNS FAQs", + "githuburl":"" + }, + { + "uri":"cce_faq_00197.html", + "node_id":"cce_faq_00197.xml", + "product_code":"cce", + "code":"470", + "des":"CoreDNS QPS is positively correlated with the CPU usage. If the QPS is high, adjust the the coredns instance specifications based on the QPS.If the add-on performance rea", + "doc_type":"usermanual2", + "kw":"What Should I Do If Domain Name Resolution Fails?,DNS FAQs,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"What Should I Do If Domain Name Resolution Fails?", + "githuburl":"" + }, + { + "uri":"cce_faq_00107.html", + "node_id":"cce_faq_00107.xml", + "product_code":"cce", + "code":"471", + "des":"A customer bound its domain name to the private domain names in the DNS service and also to a specific VPC. It is found that the ECSs in the VPC can properly resolve the ", + "doc_type":"usermanual2", + "kw":"Why Does a Container in a CCE Cluster Fail to Perform DNS Resolution?,DNS FAQs,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Why Does a Container in a CCE Cluster Fail to Perform DNS Resolution?", + "githuburl":"" + }, + { + "uri":"cce_faq_00195.html", + "node_id":"cce_faq_00195.xml", + "product_code":"cce", + "code":"472", + "des":"The following is an example resolv.conf file for a container in a workload:In the preceding information:nameserver: IP address of the DNS. Set this parameter to the clust", + "doc_type":"usermanual2", + "kw":"How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out?,DNS", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out?", + "githuburl":"" + }, + { + "uri":"cce_faq_00194.html", + "node_id":"cce_faq_00194.xml", + "product_code":"cce", + "code":"473", + "des":"CCE uses dnsPolicy to identify different DNS policies for each pod. The value of dnsPolicy can be either of the following:None: No DNS policy is configured. In this mode,", + "doc_type":"usermanual2", + "kw":"How Do I Configure a DNS Policy for a Container?,DNS FAQs,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Configure a DNS Policy for a Container?", + "githuburl":"" + }, + { + "uri":"cce_faq_00093.html", + "node_id":"cce_faq_00093.xml", + "product_code":"cce", + "code":"474", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Image Repository FAQs", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Image Repository FAQs", + "githuburl":"" + }, + { + "uri":"cce_faq_00032.html", + "node_id":"cce_faq_00032.xml", + "product_code":"cce", + "code":"475", + "des":"SoftWare Repository for Container (SWR) manages images for CCE. It provides the following ways to upload images:Uploading an Image Through the Client", + "doc_type":"usermanual2", + "kw":"How Do I Upload My Images to CCE?,Image Repository FAQs,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Upload My Images to CCE?", + "githuburl":"" + }, + { + "uri":"cce_faq_00397.html", + "node_id":"cce_faq_00397.xml", + "product_code":"cce", + "code":"476", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Permissions", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Permissions", + "githuburl":"" + }, + { + "uri":"cce_faq_00398.html", + "node_id":"cce_faq_00398.xml", + "product_code":"cce", + "code":"477", + "des":"Namespace permissions and cluster management permissions are independent and complementary to each other.Namespace permissions: apply to clusters and are used to manage o", + "doc_type":"usermanual2", + "kw":"Can I Configure Only Namespace Permissions Without Cluster Management Permissions?,Permissions,User ", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Can I Configure Only Namespace Permissions Without Cluster Management Permissions?", + "githuburl":"" + }, + { + "uri":"cce_faq_00399.html", + "node_id":"cce_faq_00399.xml", + "product_code":"cce", + "code":"478", + "des":"CCE has cloud service APIs and cluster APIs.Cloud service APIs: You can perform operations on the infrastructure (such as creating nodes) and cluster resources (such as c", + "doc_type":"usermanual2", + "kw":"Can I Use CCE APIs If the Cluster Management Permissions Are Not Configured?,Permissions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Can I Use CCE APIs If the Cluster Management Permissions Are Not Configured?", + "githuburl":"" + }, + { + "uri":"cce_faq_00400.html", + "node_id":"cce_faq_00400.xml", + "product_code":"cce", + "code":"479", + "des":"IAM authentication is not required for running kubectl commands. Therefore, you can run kubectl commands without configuring cluster management (IAM) permissions. However", + "doc_type":"usermanual2", + "kw":"Can I Use kubectl If the Cluster Management Permissions Are Not Configured?,Permissions,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Can I Use kubectl If the Cluster Management Permissions Are Not Configured?", + "githuburl":"" + }, + { + "uri":"cce_faq_00292.html", + "node_id":"cce_faq_00292.xml", + "product_code":"cce", + "code":"480", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"usermanual2", + "kw":"Reference", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"Reference", + "githuburl":"" + }, + { + "uri":"cce_faq_00224.html", + "node_id":"cce_faq_00224.xml", + "product_code":"cce", + "code":"481", + "des":"The default storage size of a container is 10 GB. If a large volume of data is generated in the container, expand the capacity using the method described in this topic.Re", + "doc_type":"usermanual2", + "kw":"How Do I Expand the Storage Capacity of a Container?,Reference,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Do I Expand the Storage Capacity of a Container?", + "githuburl":"" + }, + { + "uri":"cce_faq_00192.html", + "node_id":"cce_faq_00192.xml", + "product_code":"cce", + "code":"482", + "des":"Add hostNetwork: true to the spec.spec. in the YAML file of the workload to which the containers will belong.Configure node affinity policies, in addition to perform the ", + "doc_type":"usermanual2", + "kw":"How Can Container IP Addresses Survive a Container Restart?,Reference,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "IsBot":"No", + "documenttype":"usermanual", + "IsMulti":"Yes" + } + ], + "title":"How Can Container IP Addresses Survive a Container Restart?", + "githuburl":"" + }, + { + "uri":"cce_01_9999.html", + "node_id":"cce_01_9999.xml", + "product_code":"cce", + "code":"483", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Migrating Data from CCE 1.0 to CCE 2.0", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "opensource":"true", + "documenttype":"usermanual2", + "IsMulti":"Yes" + } + ], "title":"Migrating Data from CCE 1.0 to CCE 2.0", "githuburl":"" }, { "uri":"cce_01_9998.html", + "node_id":"cce_01_9998.xml", "product_code":"cce", - "code":"382", + "code":"484", "des":"CCE 2.0 inherits and modifies the features of CCE 1.0, and release new features.Modified features:Clusters in CCE 1.0 are equivalent to Hybrid clusters in CCE 2.0.CCE 2.0", "doc_type":"usermanual2", "kw":"Differences Between CCE 1.0 and CCE 2.0,Migrating Data from CCE 1.0 to CCE 2.0,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "opensource":"true", + "documenttype":"usermanual2", + "IsMulti":"Yes" + } + ], "title":"Differences Between CCE 1.0 and CCE 2.0", "githuburl":"" }, { "uri":"cce_01_9997.html", + "node_id":"cce_01_9997.xml", "product_code":"cce", - "code":"383", + "code":"485", "des":"Migrate the images stored in the image repository of CCE 1.0 to CCE 2.0.A VM is available. The VM is bound to a public IP address and can access the Internet. Docker (ear", "doc_type":"usermanual2", "kw":"Migrating Images,Migrating Data from CCE 1.0 to CCE 2.0,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "opensource":"true", + "documenttype":"usermanual2", + "IsMulti":"Yes" + } + ], "title":"Migrating Images", "githuburl":"" }, { "uri":"cce_01_9996.html", + "node_id":"cce_01_9996.xml", "product_code":"cce", - "code":"384", + "code":"486", "des":"Create Hybrid clusters on the CCE 2.0 console. These new Hybrid clusters should have the same specifications with those created on CCE 1.0.To create clusters using APIs, ", "doc_type":"usermanual2", "kw":"Migrating Clusters,Migrating Data from CCE 1.0 to CCE 2.0,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "opensource":"true", + "documenttype":"usermanual2", + "IsMulti":"Yes" + } + ], "title":"Migrating Clusters", "githuburl":"" }, { "uri":"cce_01_9995.html", + "node_id":"cce_01_9995.xml", "product_code":"cce", - "code":"385", + "code":"487", "des":"This section describes how to create a Deployment with the same specifications as that in CCE 1.0 on the CCE 2.0 console.It is advised to delete the applications on CCE 1", "doc_type":"usermanual2", "kw":"Migrating Applications,Migrating Data from CCE 1.0 to CCE 2.0,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "opensource":"true", + "documenttype":"usermanual2", + "IsMulti":"Yes" + } + ], "title":"Migrating Applications", "githuburl":"" }, { "uri":"cce_01_0300.html", + "node_id":"cce_01_0300.xml", "product_code":"cce", - "code":"386", + "code":"488", "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "doc_type":"usermanual2", "kw":"Change History,User Guide", + "search_title":"", + "metedata":[ + { + "prodname":"cce", + "opensource":"true", + "documenttype":"usermanual2", + "IsMulti":"Yes" + } + ], "title":"Change History", "githuburl":"" } diff --git a/docs/cce/umn/CLASS.TXT.json b/docs/cce/umn/CLASS.TXT.json index c5de9cc68..830a03ed9 100644 --- a/docs/cce/umn/CLASS.TXT.json +++ b/docs/cce/umn/CLASS.TXT.json @@ -3,7 +3,7 @@ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "product_code":"cce", "title":"Service Overview", - "uri":"en-us_topic_0000001550437509.html", + "uri":"cce_productdesc_0000.html", "doc_type":"usermanual2", "p_code":"", "code":"1" @@ -18,7 +18,7 @@ "code":"2" }, { - "desc":"CCE is a container service built on Docker and Kubernetes. A wealth of features enable you to run container clusters at scale. CCE eases containerization thanks to its re", + "desc":"CCE is a container service built on Docker and Kubernetes. A wealth of features enables you to run container clusters at scale. CCE eases containerization thanks to its r", "product_code":"cce", "title":"Product Advantages", "uri":"cce_productdesc_0003.html", @@ -45,7 +45,7 @@ "code":"5" }, { - "desc":"Shopping apps and websites, especially during promotions and flash salesLive streaming, where service loads often fluctuateGames, where many players may go online in cert", + "desc":"Shopping apps and websites, especially during promotionsLive streaming, where service loads often fluctuateGames, where many players may go online in certain time periods", "product_code":"cce", "title":"Auto Scaling in Seconds", "uri":"cce_productdesc_0015.html", @@ -162,7 +162,7 @@ "code":"18" }, { - "desc":"CCE nodes in Hybrid clusters can run on EulerOS 2.5, EulerOS 2.9, CentOS 7.7 and Ubuntu 22.04. The following table lists the supported patches for these OSs.The OS patche", + "desc":"CCE nodes in Hybrid clusters can run on EulerOS 2.5, EulerOS 2.9 and Ubuntu 22.04. You are not advised to use the CentOS 7.7 image to create nodes because the OS maintena", "product_code":"cce", "title":"OS Patch Notes for Cluster Nodes", "uri":"cce_bulletin_0301.html", @@ -324,115 +324,115 @@ "code":"36" }, { - "desc":"The following table lists the differences between CCE Turbo clusters and CCE clusters:The QingTian architecture consists of data plane (software-hardware synergy) and man", + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "product_code":"cce", - "title":"CCE Turbo Clusters and CCE Clusters", - "uri":"cce_10_0342.html", + "title":"Kubernetes Release Notes", + "uri":"cce_10_0068.html", "doc_type":"usermanual2", "p_code":"35", "code":"37" }, { - "desc":"kube-proxy is a key component of a Kubernetes cluster. It is responsible for load balancing and forwarding between a Service and its backend pod.CCE supports two forwardi", + "desc":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This document describes the changes made in Kubernetes 1.25 compared w", "product_code":"cce", - "title":"Comparing iptables and IPVS", - "uri":"cce_10_0349.html", + "title":"Kubernetes 1.25 Release Notes", + "uri":"cce_bulletin_0058.html", "doc_type":"usermanual2", - "p_code":"35", + "p_code":"37", "code":"38" }, { - "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "desc":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.23.Kubernetes 1", "product_code":"cce", - "title":"Release Notes", - "uri":"cce_10_0068.html", + "title":"Kubernetes 1.23 Release Notes", + "uri":"cce_bulletin_0027.html", "doc_type":"usermanual2", - "p_code":"35", + "p_code":"37", "code":"39" }, - { - "desc":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.25.Kubernetes 1", - "product_code":"cce", - "title":"CCE Kubernetes 1.25 Release Notes", - "uri":"cce_10_0467.html", - "doc_type":"usermanual2", - "p_code":"39", - "code":"40" - }, - { - "desc":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.23.Changes in C", - "product_code":"cce", - "title":"CCE Kubernetes 1.23 Release Notes", - "uri":"cce_10_0468.html", - "doc_type":"usermanual2", - "p_code":"39", - "code":"41" - }, { "desc":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.21.Kubernetes 1", "product_code":"cce", - "title":"CCE Kubernetes 1.21 Release Notes", - "uri":"cce_10_0469.html", + "title":"Kubernetes 1.21 Release Notes", + "uri":"cce_bulletin_0026.html", "doc_type":"usermanual2", - "p_code":"39", - "code":"42" + "p_code":"37", + "code":"40" }, { - "desc":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.19.Kubernetes 1", + "desc":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.19.Kubernetes v", "product_code":"cce", - "title":"CCE Kubernetes 1.19 Release Notes", - "uri":"cce_10_0470.html", + "title":"Kubernetes 1.19 Release Notes", + "uri":"cce_whsnew_0010.html", "doc_type":"usermanual2", - "p_code":"39", - "code":"43" + "p_code":"37", + "code":"41" }, { "desc":"CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.17.All resource", "product_code":"cce", - "title":"CCE Kubernetes 1.17 Release Notes", - "uri":"cce_10_0471.html", + "title":"Kubernetes 1.17 (EOM) Release Notes", + "uri":"cce_whsnew_0007.html", "doc_type":"usermanual2", - "p_code":"39", - "code":"44" + "p_code":"37", + "code":"42" + }, + { + "desc":"All nodes in the CCE clusters of version 1.25, except the ones running EulerOS 2.5, use containerd by default.", + "product_code":"cce", + "title":"Release Notes for CCE Cluster Versions", + "uri":"cce_10_0405.html", + "doc_type":"usermanual2", + "p_code":"35", + "code":"43" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "product_code":"cce", - "title":"Cluster Patch Version Release Notes", - "uri":"cce_10_0405.html", - "doc_type":"usermanual2", - "p_code":"35", - "code":"45" - }, - { - "desc":"CCE Turbo clusters run on a cloud native infrastructure that features software-hardware synergy to support passthrough networking, high security and reliability, and inte", - "product_code":"cce", - "title":"Creating a CCE Turbo Cluster", + "title":"Creating a Cluster", "uri":"cce_10_0298.html", "doc_type":"usermanual2", "p_code":"34", + "code":"44" + }, + { + "desc":"The following table lists the differences between CCE Turbo clusters and CCE clusters.", + "product_code":"cce", + "title":"CCE Turbo Clusters and CCE Clusters", + "uri":"cce_10_0342.html", + "doc_type":"usermanual2", + "p_code":"44", + "code":"45" + }, + { + "desc":"On the CCE console, you can easily create Kubernetes clusters. After a cluster is created, the master node is hosted by CCE. You only need to create worker nodes. In this", + "product_code":"cce", + "title":"Creating a Cluster", + "uri":"cce_10_0028.html", + "doc_type":"usermanual2", + "p_code":"44", "code":"46" }, { - "desc":"On the CCE console, you can easily create Kubernetes clusters. Kubernetes can manage container clusters at scale. A cluster manages a group of node resources.In CCE, you ", + "desc":"kube-proxy is a key component of a Kubernetes cluster. It is used for load balancing and forwarding data between a Service and its backend pods.CCE supports the iptables ", "product_code":"cce", - "title":"Creating a CCE Cluster", - "uri":"cce_10_0028.html", + "title":"Comparing iptables and IPVS", + "uri":"cce_10_0349.html", "doc_type":"usermanual2", - "p_code":"34", + "p_code":"44", "code":"47" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "product_code":"cce", - "title":"Using kubectl to Run a Cluster", + "title":"Connecting to a Cluster", "uri":"cce_10_0140.html", "doc_type":"usermanual2", "p_code":"34", "code":"48" }, { - "desc":"This section uses a CCE cluster as an example to describe how to connect to a CCE cluster using kubectl.When you access a cluster using kubectl, CCE uses thekubeconfig.js", + "desc":"This section uses a CCE cluster as an example to describe how to connect to a CCE cluster using kubectl.When you access a cluster using kubectl, CCE uses kubeconfig.json ", "product_code":"cce", "title":"Connecting to a Cluster Using kubectl", "uri":"cce_10_0107.html", @@ -441,19 +441,19 @@ "code":"49" }, { - "desc":"A Subject Alternative Name (SAN) can be signed in to a cluster server certificate. A SAN is usually used by the client to verify the server validity in TLS handshakes. Sp", + "desc":"This section describes how to obtain the cluster certificate from the console and use it access Kubernetes clusters.The downloaded certificate contains three files: clien", "product_code":"cce", - "title":"Customizing a Cluster Certificate SAN", - "uri":"cce_10_0367.html", + "title":"Connecting to a Cluster Using an X.509 Certificate", + "uri":"cce_10_0175.html", "doc_type":"usermanual2", "p_code":"48", "code":"50" }, { - "desc":"getThe get command displays one or many resources of a cluster.This command prints a table of the most important information about all resources, including cluster nodes,", + "desc":"A Subject Alternative Name (SAN) can be signed in to a cluster server certificate. A SAN is usually used by the client to verify the server validity in TLS handshakes. Sp", "product_code":"cce", - "title":"Common kubectl Commands", - "uri":"cce_10_0139.html", + "title":"Accessing a Cluster Using a Custom Domain Name", + "uri":"cce_10_0367.html", "doc_type":"usermanual2", "p_code":"48", "code":"51" @@ -477,7 +477,7 @@ "code":"53" }, { - "desc":"Before the upgrade, you can check whether your cluster can be upgraded and which versions are available on the CCE console. For details, see Upgrade Overview.Upgraded clu", + "desc":"Before the upgrade, you can check whether your cluster can be upgraded and which versions are available on the CCE console. For details, see Upgrade Overview.Before upgra", "product_code":"cce", "title":"Before You Start", "uri":"cce_10_0302.html", @@ -486,31 +486,40 @@ "code":"54" }, { - "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "desc":"You can upgrade your clusters to a newer version on the CCE console.Before the upgrade, learn about the target version to which each CCE cluster can be upgraded in what w", "product_code":"cce", - "title":"Post-Upgrade Verification", - "uri":"cce_10_0560.html", + "title":"Performing In-place Upgrade", + "uri":"cce_10_0301.html", "doc_type":"usermanual2", "p_code":"52", "code":"55" }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Performing Post-Upgrade Verification", + "uri":"cce_10_0560.html", + "doc_type":"usermanual2", + "p_code":"52", + "code":"56" + }, { "desc":"After the cluster is upgraded, check whether the services are running normal.Different services have different verification mode. Select a suitable one and verify the ser", "product_code":"cce", "title":"Service Verification", "uri":"cce_10_0561.html", "doc_type":"usermanual2", - "p_code":"55", - "code":"56" + "p_code":"56", + "code":"57" }, { - "desc":"Check whether unexpected pods exist in the cluster.Check whether there are pods restart unexpectedly in the cluster.Go to the CCE console and access the cluster console. ", + "desc":"Check whether there are unexpected pods in the cluster.Check whether there are any pods that ran properly originally in the cluster restart unexpectedly.Log in to the CCE", "product_code":"cce", "title":"Pod Check", "uri":"cce_10_0562.html", "doc_type":"usermanual2", - "p_code":"55", - "code":"57" + "p_code":"56", + "code":"58" }, { "desc":"Check whether the nodes are running properly.Check whether the node network is normal.Check whether the container network is normal.The node status reflects whether the n", @@ -518,26 +527,26 @@ "title":"Node and Container Network Check", "uri":"cce_10_0563.html", "doc_type":"usermanual2", - "p_code":"55", - "code":"58" + "p_code":"56", + "code":"59" }, { - "desc":"Check whether the label is lost.Check whether there are unexpected taints.Go to the CCE console, access the cluster console, and choose Nodes in the navigation pane. On t", + "desc":"Check whether custom node labels are lost.Check whether there are any unexpected taints newly added on the node, which will affect workload scheduling.Go to the CCE conso", "product_code":"cce", "title":"Node Label and Taint Check", "uri":"cce_10_0564.html", "doc_type":"usermanual2", - "p_code":"55", - "code":"59" + "p_code":"56", + "code":"60" }, { - "desc":"Check whether nodes can be created in the cluster.Go to the CCE console and access the cluster console. Choose Nodes in the navigation pane, and click Create Node.If node", + "desc":"Check whether nodes can be created in the cluster.Log in to the CCE console and access the cluster console. Choose Nodes in the navigation pane, and click Create Node. Fo", "product_code":"cce", "title":"New Node Check", "uri":"cce_10_0565.html", "doc_type":"usermanual2", - "p_code":"55", - "code":"60" + "p_code":"56", + "code":"61" }, { "desc":"Check whether pods can be created on the existing nodes after the cluster is upgraded.Check whether pods can be created on new nodes after the cluster is upgraded.After c", @@ -545,36 +554,18 @@ "title":"New Pod Check", "uri":"cce_10_0566.html", "doc_type":"usermanual2", - "p_code":"55", - "code":"61" + "p_code":"56", + "code":"62" }, { - "desc":"After the cluster is upgraded, you need to reset the nodes that fail to be upgraded.Go back to the previous step or view the upgrade details on the upgrade history page t", + "desc":"After the cluster is upgraded, reset the nodes that fail to be upgraded.Go back to the previous step or view the upgrade details on the upgrade history page to view the n", "product_code":"cce", "title":"Node Skipping Check for Reset", "uri":"cce_10_0567.html", "doc_type":"usermanual2", - "p_code":"55", - "code":"62" - }, - { - "desc":"You can upgrade your clusters to a newer Kubernetes version on the CCE console.Before the upgrade, learn about the target version to which each CCE cluster can be upgrade", - "product_code":"cce", - "title":"Performing Replace/Rolling Upgrade", - "uri":"cce_10_0120.html", - "doc_type":"usermanual2", - "p_code":"52", + "p_code":"56", "code":"63" }, - { - "desc":"You can upgrade your clusters to a newer version on the CCE console.Before the upgrade, learn about the target version to which each CCE cluster can be upgraded in what w", - "product_code":"cce", - "title":"Performing In-place Upgrade", - "uri":"cce_10_0301.html", - "doc_type":"usermanual2", - "p_code":"52", - "code":"64" - }, { "desc":"This section describes how to migrate services from a cluster of an earlier version to a cluster of a later version in CCE.This operation is applicable when a cross-versi", "product_code":"cce", @@ -582,7 +573,7 @@ "uri":"cce_10_0210.html", "doc_type":"usermanual2", "p_code":"52", - "code":"65" + "code":"64" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -591,115 +582,115 @@ "uri":"cce_10_0550.html", "doc_type":"usermanual2", "p_code":"52", - "code":"66" + "code":"65" }, { "desc":"The system performs a comprehensive pre-upgrade check before the cluster upgrade. If the cluster does not meet the pre-upgrade check conditions, the upgrade cannot contin", "product_code":"cce", - "title":"Performing Pre-upgrade Check", + "title":"Pre-upgrade Check", "uri":"cce_10_0549.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"67" + "p_code":"65", + "code":"66" }, { "desc":"Check the following aspects:Check whether the node is available.Check whether the node OS supports the upgrade.Check whether there are unexpected node pool tags in the no", "product_code":"cce", - "title":"Checking the Node", + "title":"Node Restrictions", "uri":"cce_10_0431.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"68" + "p_code":"65", + "code":"67" }, { "desc":"Check whether the current user is in the upgrade blocklist.CCE temporarily disables the cluster upgrade function due to the following reasons:The cluster is identified as", "product_code":"cce", - "title":"Checking the Blocklist", + "title":"Blocklist", "uri":"cce_10_0432.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"69" + "p_code":"65", + "code":"68" }, { - "desc":"Check the following aspects:Check whether the add-on status is normal.Check whether the add-on supports the target version.Scenario 1: The add-on status is abnormal.Log i", + "desc":"Check the following aspects:Check whether the add-on status is normal.Check whether the add-on support the target version.Scenario 1: The add-on status is abnormal.Log in", "product_code":"cce", - "title":"Checking the Add-on", + "title":"Add-ons", "uri":"cce_10_0433.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"70" + "p_code":"65", + "code":"69" }, { "desc":"Check whether the current HelmRelease record contains discarded Kubernetes APIs that are not supported by the target cluster version. If yes, the Helm chart may be unavai", "product_code":"cce", - "title":"Checking the Helm Chart", + "title":"Helm Charts", "uri":"cce_10_0434.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"71" + "p_code":"65", + "code":"70" }, { "desc":"Check whether CCE can connect to your master nodes.Contact technical support.", "product_code":"cce", - "title":"Checking the Master Node SSH Connectivity", + "title":"SSH Connectivity of Master Nodes", "uri":"cce_10_0435.html", "doc_type":"usermanual2", - "p_code":"66", + "p_code":"65", + "code":"71" + }, + { + "desc":"Check the node pool status.Scenario: The node pool malfunctions.Log in to the CCE console, go to the target cluster and choose Nodes. On the displayed page, click Node Po", + "product_code":"cce", + "title":"Node Pools", + "uri":"cce_10_0436.html", + "doc_type":"usermanual2", + "p_code":"65", "code":"72" }, { - "desc":"Check the following aspects:Check the node status.Check whether the auto scaling function of the node pool is disabled.Scenario 1: The node pool status is abnormal.Log in", + "desc":"Check whether the security group allows the master node to access nodes using ICMP.This check item is performed only for clusters using VPC networking. For clusters using", "product_code":"cce", - "title":"Checking the Node Pool", - "uri":"cce_10_0436.html", + "title":"Security Groups", + "uri":"cce_10_0437.html", "doc_type":"usermanual2", - "p_code":"66", + "p_code":"65", "code":"73" }, { - "desc":"Check whether the security group allows the master node to access nodes using ICMP.Log in to the VPC console, choose Access Control > Security Groups, and enter the targe", + "desc":"Check whether the node needs to be migrated.For the 1.15 cluster that is upgraded from 1.13 in rolling mode, migrate (reset or create and replace) all nodes before perfor", "product_code":"cce", - "title":"Checking the Security Group", - "uri":"cce_10_0437.html", + "title":"To-Be-Migrated Nodes", + "uri":"cce_10_0439.html", "doc_type":"usermanual2", - "p_code":"66", + "p_code":"65", "code":"74" }, { - "desc":"Check whether the node needs to be migrated.For the 1.15 cluster that is upgraded from 1.13 in rolling mode, you need to migrate (reset or create and replace) all nodes b", + "desc":"Check whether there are discarded resources in the clusters.Scenario 1: The PodSecurityPolicy resource object has been discarded since clusters of 1.25.Run the kubectl ge", "product_code":"cce", - "title":"To-Be-Migrated Node", - "uri":"cce_10_0439.html", + "title":"Discarded Kubernetes Resources", + "uri":"cce_10_0440.html", "doc_type":"usermanual2", - "p_code":"66", + "p_code":"65", "code":"75" }, { - "desc":"Check whether there are discarded resources in the clusters.Scenario 1: The PodSecurityPolicy resource object has been discarded since clusters of v1.25.Run the kubectl g", + "desc":"Read the version compatibility differences and ensure that they are not affected. The patch upgrade does not involve version compatibility differences.", "product_code":"cce", - "title":"Discarded Kubernetes Resource", - "uri":"cce_10_0440.html", + "title":"Compatibility Risks", + "uri":"cce_10_0441.html", "doc_type":"usermanual2", - "p_code":"66", + "p_code":"65", "code":"76" }, { - "desc":"Read the version compatibility differences and ensure that they are not affected.The patch upgrade does not involve version compatibility differences.", + "desc":"Check whether cce-agent on the current node is of the latest version.Scenario 1: The error message \"you cce-agent no update, please restart it\" is displayed.cce-agent doe", "product_code":"cce", - "title":"Compatibility Risk", - "uri":"cce_10_0441.html", - "doc_type":"usermanual2", - "p_code":"66", - "code":"77" - }, - { - "desc":"Check whether cce-agent on the current node is of the latest version.If cce-agent is not of the latest version, the automatic update fails. This problem is usually caused", - "product_code":"cce", - "title":"Node CCEAgent Version", + "title":"Node CCE Agent Versions", "uri":"cce_10_0442.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"78" + "p_code":"65", + "code":"77" }, { "desc":"Check whether the CPU usage of the node exceeds 90%.Upgrade the cluster during off-peak hours.Check whether too many pods are deployed on the node. If yes, reschedule pod", @@ -707,26 +698,26 @@ "title":"Node CPU Usage", "uri":"cce_10_0443.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"79" + "p_code":"65", + "code":"78" }, { "desc":"Check the following aspects:Check whether the key CRD packageversions.version.cce.io of the cluster is deleted.Check whether the cluster key CRD network-attachment-defini", "product_code":"cce", - "title":"CRD Check", + "title":"CRDs", "uri":"cce_10_0444.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"80" + "p_code":"65", + "code":"79" }, { "desc":"Check the following aspects:Check whether the key data disks on the node meet the upgrade requirements.Check whether the /tmp directory has 500 MB available space.During ", "product_code":"cce", - "title":"Node Disk", + "title":"Node Disks", "uri":"cce_10_0445.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"81" + "p_code":"65", + "code":"80" }, { "desc":"Check the following aspects:Check whether the DNS configuration of the current node can resolve the OBS address.Check whether the current node can access the OBS address ", @@ -734,26 +725,26 @@ "title":"Node DNS", "uri":"cce_10_0446.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"82" + "p_code":"65", + "code":"81" }, { - "desc":"Check whether the key directory /var/paas on the nodes contain files with abnormal owners or owner groups.CCE uses the /var/paas directory to manage nodes and store file ", + "desc":"Check whether the key directory /var/paas on the nodes contain files with abnormal owners or owner groups.Scenario 1: The error message \"xx file permission has been chang", "product_code":"cce", "title":"Node Key Directory File Permissions", "uri":"cce_10_0447.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"83" + "p_code":"65", + "code":"82" }, { - "desc":"Check whether the kubelet on the node is running properly.Scenario 1: The kubelet status is abnormal.If the kubelet is abnormal, the node is unavailable. Restore the node", + "desc":"Check whether the kubelet on the node is running properly.Scenario 1: The kubelet status is abnormal.If the kubelet malfunctions, the node is unavailable. Restore the nod", "product_code":"cce", "title":"Kubelet", "uri":"cce_10_0448.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"84" + "p_code":"65", + "code":"83" }, { "desc":"Check whether the memory usage of the node exceeds 90%.Upgrade the cluster during off-peak hours.Check whether too many pods are deployed on the node. If yes, reschedule ", @@ -761,8 +752,8 @@ "title":"Node Memory", "uri":"cce_10_0449.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"85" + "p_code":"65", + "code":"84" }, { "desc":"Check whether the clock synchronization server ntpd or chronyd of the node is running properly.Scenario 1: ntpd is running abnormally.Log in to the node and run the syste", @@ -770,8 +761,8 @@ "title":"Node Clock Synchronization Server", "uri":"cce_10_0450.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"86" + "p_code":"65", + "code":"85" }, { "desc":"Check whether the OS kernel version of the node is supported by CCE.Running nodes depend on the initial standard kernel version when they are created. CCE has performed c", @@ -779,26 +770,26 @@ "title":"Node OS", "uri":"cce_10_0451.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"87" + "p_code":"65", + "code":"86" }, { "desc":"Check whether the number of CPUs on the master node is greater than 2.If the number of CPUs on the master node is 2, contact technical support to expand the number to 4 o", "product_code":"cce", - "title":"Node CPU Count", + "title":"Node CPUs", "uri":"cce_10_0452.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"88" + "p_code":"65", + "code":"87" }, { "desc":"Check whether the Python commands are available on a node.If the command output is not 0, the check fails.Install Python before the upgrade.", "product_code":"cce", - "title":"Node Python Command", + "title":"Node Python Commands", "uri":"cce_10_0453.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"89" + "p_code":"65", + "code":"88" }, { "desc":"Check whether the nodes in the cluster are ready.Scenario 1: The nodes are in the unavailable status.Log in to the CCE console and access the cluster console. Choose Node", @@ -806,134 +797,134 @@ "title":"Node Readiness", "uri":"cce_10_0455.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"90" + "p_code":"65", + "code":"89" }, { - "desc":"Check whether journald of a node is normal.Log in to the node and run the systemctl is-active systemd-journald command to query the running status of journald. If the com", + "desc":"Check whether journald of a node is normal.Log in to the node and run the systemctl is-active systemd-journald command to obtain the running status of journald. If the co", "product_code":"cce", "title":"Node journald", "uri":"cce_10_0456.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"91" + "p_code":"65", + "code":"90" }, { "desc":"Check whether the containerd.sock file exists on the node. This file affects the startup of container runtime in the Euler OS.Scenario: The Docker used by the node is the", "product_code":"cce", - "title":"containerd.sock Check", + "title":"containerd.sock", "uri":"cce_10_0457.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"92" + "p_code":"65", + "code":"91" }, { "desc":"Before the upgrade, check whether an internal error occurs.If this check fails, contact technical support.", "product_code":"cce", - "title":"Internal Error", + "title":"Internal Errors", "uri":"cce_10_0458.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"93" + "p_code":"65", + "code":"92" }, { "desc":"Check whether inaccessible mount points exist on the node.Scenario: There are inaccessible mount points on the node.If network NFS (such as OBS, SFS, and SFS) is used by ", "product_code":"cce", - "title":"Node Mount Point", + "title":"Node Mount Points", "uri":"cce_10_0459.html", "doc_type":"usermanual2", - "p_code":"66", + "p_code":"65", + "code":"93" + }, + { + "desc":"Check whether the taint needed for cluster upgrade exists on the node.Scenario 1: The node is skipped during the cluster upgrade.If the version of the node is different f", + "product_code":"cce", + "title":"Kubernetes Node Taints", + "uri":"cce_10_0460.html", + "doc_type":"usermanual2", + "p_code":"65", "code":"94" }, { - "desc":"Check whether the taint, as shown in Table 1, exists on the node.Taint checklistNameImpactnode.kubernetes.io/upgradeNoScheduleScenario 1: The node is skipped during the c", + "desc":"Check whether there are any compatibility restrictions on the current everest add-on.There are compatibility restrictions on the current everest add-on and it cannot be u", "product_code":"cce", - "title":"Kubernetes Node Taint", - "uri":"cce_10_0460.html", - "doc_type":"usermanual2", - "p_code":"66", - "code":"95" - }, - { - "desc":"Check whether the current everest add-on has compatibility restrictions. See Table 1.The current everest add-on has compatibility restrictions and cannot be upgraded with", - "product_code":"cce", - "title":"everest Restriction Check", + "title":"everest Restrictions", "uri":"cce_10_0478.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"96" + "p_code":"65", + "code":"95" }, { "desc":"Check whether the current cce-controller-hpa add-on has compatibility restrictions.The current cce-controller-hpa add-on has compatibility restrictions. An add-on that ca", "product_code":"cce", - "title":"cce-hpa-controller Restriction Check", + "title":"cce-hpa-controller Restrictions", "uri":"cce_10_0479.html", "doc_type":"usermanual2", - "p_code":"66", + "p_code":"65", + "code":"96" + }, + { + "desc":"Check whether the current cluster version and the target version support the enhanced CPU policy.Scenario: Only the current cluster version supports the enhanced CPU poli", + "product_code":"cce", + "title":"Enhanced CPU Policies", + "uri":"cce_10_0480.html", + "doc_type":"usermanual2", + "p_code":"65", "code":"97" }, { - "desc":"Check whether the current cluster version and the target version support enhanced CPU policy.Scenario: The current cluster version uses the enhanced CPU management policy", + "desc":"Check whether the container runtime and network components on the worker nodes are healthy.If a worker node component malfunctions, log in to the node to check the status", "product_code":"cce", - "title":"Enhanced CPU Management Policy", - "uri":"cce_10_0480.html", + "title":"Health of Worker Node Components", + "uri":"cce_10_0484.html", "doc_type":"usermanual2", - "p_code":"66", + "p_code":"65", "code":"98" }, { - "desc":"Check whether the container runtime and network components on the user node are healthy.If a component is abnormal, log in to the node to check the status of the abnormal", + "desc":"Check whether the Kubernetes, container runtime, and network components of the master nodes are healthy.If a master node component malfunctions, contact technical support", "product_code":"cce", - "title":"User Node Components Health", - "uri":"cce_10_0484.html", + "title":"Health of Master Node Components", + "uri":"cce_10_0485.html", "doc_type":"usermanual2", - "p_code":"66", + "p_code":"65", "code":"99" }, { - "desc":"Check whether the Kubernetes, container runtime, and network components of the controller node are healthy.If a component on the controller node is abnormal, contact tech", - "product_code":"cce", - "title":"Controller Node Components Health", - "uri":"cce_10_0485.html", - "doc_type":"usermanual2", - "p_code":"66", - "code":"100" - }, - { - "desc":"Check whether the resources of Kubernetes components, such as etcd and kube-controller-manager, exceed the upper limit.Solution 1: Reducing Kubernetes resourcesSolution 2", + "desc":"Check whether the resources of Kubernetes components, such as etcd and kube-controller-manager, exceed the upper limit.Solution 1: Reduce Kubernetes resources.Solution 2:", "product_code":"cce", "title":"Memory Resource Limit of Kubernetes Components", "uri":"cce_10_0486.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"101" + "p_code":"65", + "code":"100" }, { "desc":"The system scans the audit logs of the past day to check whether the user calls the deprecated APIs of the target Kubernetes version.Due to the limited time range of audi", "product_code":"cce", - "title":"Checking Deprecated Kubernetes APIs", + "title":"Discarded Kubernetes APIs", "uri":"cce_10_0487.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"102" + "p_code":"65", + "code":"101" }, { "desc":"If IPv6 is enabled for a CCE Turbo cluster, check whether the target cluster version supports IPv6.CCE Turbo clusters support IPv6 since v1.23. This feature is available ", "product_code":"cce", - "title":"IPv6 Capability of a CCE Turbo Cluster", + "title":"IPv6 Capabilities of a CCE Turbo Cluster", "uri":"cce_10_0488.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"103" + "p_code":"65", + "code":"102" }, { - "desc":"Check whether NetworkManager of a node is normal.Log in to the node and run the systemctl is-active NetworkManager command to query the running status of NetworkManager. ", + "desc":"Check whether NetworkManager of a node is normal.Log in to the node and run the systemctl is-active NetworkManager command to obtain the running status of NetworkManager.", "product_code":"cce", "title":"Node NetworkManager", "uri":"cce_10_0489.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"104" + "p_code":"65", + "code":"103" }, { "desc":"Check the ID file format.", @@ -941,8 +932,8 @@ "title":"Node ID File", "uri":"cce_10_0490.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"105" + "p_code":"65", + "code":"104" }, { "desc":"When you upgrade a CCE cluster to v1.19 or later, the system checks whether the following configuration files have been modified in the background:/opt/cloud/cce/kubernet", @@ -950,8 +941,8 @@ "title":"Node Configuration Consistency", "uri":"cce_10_0491.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"106" + "p_code":"65", + "code":"105" }, { "desc":"Check whether the configuration files of key components exist on the node.The following table lists the files to be checked.Contact technical support to restore the confi", @@ -959,17 +950,17 @@ "title":"Node Configuration File", "uri":"cce_10_0492.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"107" + "p_code":"65", + "code":"106" }, { - "desc":"Check whether the current CoreDNS key configuration Corefile is different from the Helm Release record. The difference may be overwritten during the add-on upgrade, affec", + "desc":"Check whether the current CoreDNS key configuration Corefile is different from the Helm release record. The difference may be overwritten during the add-on upgrade, affec", "product_code":"cce", - "title":"Checking CoreDNS Configuration Consistency", + "title":"CoreDNS Configuration Consistency", "uri":"cce_10_0493.html", "doc_type":"usermanual2", - "p_code":"66", - "code":"108" + "p_code":"65", + "code":"107" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -978,7 +969,7 @@ "uri":"cce_10_0031.html", "doc_type":"usermanual2", "p_code":"34", - "code":"109" + "code":"108" }, { "desc":"CCE allows you to manage cluster parameters, through which you can let core components work under your very requirements.This function is supported only in clusters of v1", @@ -986,44 +977,17 @@ "title":"Cluster Configuration Management", "uri":"cce_10_0213.html", "doc_type":"usermanual2", - "p_code":"109", - "code":"110" + "p_code":"108", + "code":"109" }, { - "desc":"This section describes how to delete a cluster.Deleting a cluster will delete the nodes in the cluster (excluding accepted nodes), data disks attached to the nodes, workl", - "product_code":"cce", - "title":"Deleting a Cluster", - "uri":"cce_10_0212.html", - "doc_type":"usermanual2", - "p_code":"109", - "code":"111" - }, - { - "desc":"If you do not need to use a cluster temporarily, you are advised to hibernate the cluster.After a cluster is hibernated, resources such as workloads cannot be created or ", - "product_code":"cce", - "title":"Hibernating and Waking Up a Cluster", - "uri":"cce_10_0214.html", - "doc_type":"usermanual2", - "p_code":"109", - "code":"112" - }, - { - "desc":"If overload control is enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.The c", + "desc":"If enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.The cluster version must ", "product_code":"cce", "title":"Cluster Overload Control", "uri":"cce_10_0602.html", "doc_type":"usermanual2", - "p_code":"109", - "code":"113" - }, - { - "desc":"This section describes how to obtain the cluster certificate from the console and use it to access Kubernetes clusters.The downloaded certificate contains three files: cl", - "product_code":"cce", - "title":"Obtaining a Cluster Certificate", - "uri":"cce_10_0175.html", - "doc_type":"usermanual2", - "p_code":"34", - "code":"114" + "p_code":"108", + "code":"110" }, { "desc":"CCE allows you to change the number of nodes managed in a cluster.This function is supported for clusters of v1.15 and later versions.Starting from v1.15.11, the number o", @@ -1031,8 +995,26 @@ "title":"Changing Cluster Scale", "uri":"cce_10_0403.html", "doc_type":"usermanual2", - "p_code":"34", - "code":"115" + "p_code":"108", + "code":"111" + }, + { + "desc":"Deleting a cluster will delete the nodes in the cluster (excluding accepted nodes), data disks attached to the nodes, workloads, and Services. Related services cannot be ", + "product_code":"cce", + "title":"Deleting a Cluster", + "uri":"cce_10_0212.html", + "doc_type":"usermanual2", + "p_code":"108", + "code":"112" + }, + { + "desc":"If you do not need to use a cluster temporarily, you are advised to hibernate the cluster.After a cluster is hibernated, resources such as workloads cannot be created or ", + "product_code":"cce", + "title":"Hibernating and Waking Up a Cluster", + "uri":"cce_10_0214.html", + "doc_type":"usermanual2", + "p_code":"108", + "code":"113" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -1041,25 +1023,16 @@ "uri":"cce_10_0183.html", "doc_type":"usermanual2", "p_code":"", - "code":"116" - }, - { - "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "product_code":"cce", - "title":"Node Overview", - "uri":"cce_10_0180.html", - "doc_type":"usermanual2", - "p_code":"116", - "code":"117" + "code":"114" }, { "desc":"A container cluster consists of a set of worker machines, called nodes, that run containerized applications. A node can be a virtual machine (VM) or a physical machine (P", "product_code":"cce", - "title":"Precautions for Using a Node", - "uri":"cce_10_0461.html", + "title":"Node Overview", + "uri":"cce_10_0180.html", "doc_type":"usermanual2", - "p_code":"117", - "code":"118" + "p_code":"114", + "code":"115" }, { "desc":"Container engines, one of the most important components of Kubernetes, manage the lifecycle of images and containers. The kubelet interacts with a container runtime throu", @@ -1067,80 +1040,26 @@ "title":"Container Engine", "uri":"cce_10_0462.html", "doc_type":"usermanual2", - "p_code":"117", - "code":"119" + "p_code":"114", + "code":"116" }, { - "desc":"The most significant difference is that each Kata container (pod) runs on an independent micro-VM, has an independent OS kernel, and is securely isolated at the virtualiz", - "product_code":"cce", - "title":"Kata Containers and Common Containers", - "uri":"cce_10_0463.html", - "doc_type":"usermanual2", - "p_code":"117", - "code":"120" - }, - { - "desc":"The maximum number of pods that can be created on a node is determined by the following parameters:Number of container IP addresses that can be allocated on a node (alpha", - "product_code":"cce", - "title":"Maximum Number of Pods That Can Be Created on a Node", - "uri":"cce_10_0348.html", - "doc_type":"usermanual2", - "p_code":"117", - "code":"121" - }, - { - "desc":"Some of the resources on the node need to run some necessary Kubernetes system components and resources to make the node as part of your cluster. Therefore, the total num", - "product_code":"cce", - "title":"Formula for Calculating the Reserved Resources of a Node", - "uri":"cce_10_0178.html", - "doc_type":"usermanual2", - "p_code":"117", - "code":"122" - }, - { - "desc":"This section describes how to allocate data disk space.When creating a node, you need to configure a data disk whose capacity is greater than or equal to 100GB for the no", - "product_code":"cce", - "title":"Data Disk Space Allocation", - "uri":"cce_10_0341.html", - "doc_type":"usermanual2", - "p_code":"117", - "code":"123" - }, - { - "desc":"At least one cluster has been created.A key pair has been created for identity authentication upon remote node login.The node has 2-core or higher CPU, 4 GB or larger mem", + "desc":"At least one cluster has been created.A key pair has been created for identity authentication upon remote node login.The node has at least 2 vCPUs and 4 GiB of memory.To ", "product_code":"cce", "title":"Creating a Node", "uri":"cce_10_0363.html", "doc_type":"usermanual2", - "p_code":"116", - "code":"124" + "p_code":"114", + "code":"117" }, { - "desc":"In CCE, you can Creating a Node or add existing nodes (ECSs) into your cluster.While an ECS is being accepted into a cluster, the operating system of the ECS will be rese", + "desc":"In CCE, you can create a node (Creating a Node) or add existing nodes (ECSs or) to your cluster.While an ECS is being accepted into a cluster, the operating system of the", "product_code":"cce", "title":"Adding Nodes for Management", "uri":"cce_10_0198.html", "doc_type":"usermanual2", - "p_code":"116", - "code":"125" - }, - { - "desc":"Removing a node from a cluster will re-install the node OS and clear CCE components on the node.Removing a node will not delete the server corresponding to the node. You ", - "product_code":"cce", - "title":"Removing a Node", - "uri":"cce_10_0338.html", - "doc_type":"usermanual2", - "p_code":"116", - "code":"126" - }, - { - "desc":"You can reset a node to modify the node configuration, such as the node OS and login mode.Resetting a node will reinstall the node OS and the Kubernetes software on the n", - "product_code":"cce", - "title":"Resetting a Node", - "uri":"cce_10_0003.html", - "doc_type":"usermanual2", - "p_code":"116", - "code":"127" + "p_code":"114", + "code":"118" }, { "desc":"If you use SSH to log in to a node (an ECS), ensure that the ECS already has an EIP (a public IP address).Only login to a running ECS is allowed.Only the user linux can l", @@ -1148,8 +1067,17 @@ "title":"Logging In to a Node", "uri":"cce_10_0185.html", "doc_type":"usermanual2", - "p_code":"116", - "code":"128" + "p_code":"114", + "code":"119" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Management Nodes", + "uri":"cce_10_0672.html", + "doc_type":"usermanual2", + "p_code":"114", + "code":"120" }, { "desc":"You can add different labels to nodes and define different attributes for labels. By using these node labels, you can quickly understand the characteristics of each node.", @@ -1157,8 +1085,8 @@ "title":"Managing Node Labels", "uri":"cce_10_0004.html", "doc_type":"usermanual2", - "p_code":"116", - "code":"129" + "p_code":"120", + "code":"121" }, { "desc":"Taints enable a node to repel specific pods to prevent these pods from being scheduled to the node.A taint is a key-value pair associated with an effect. The following ef", @@ -1166,17 +1094,35 @@ "title":"Managing Node Taints", "uri":"cce_10_0352.html", "doc_type":"usermanual2", - "p_code":"116", - "code":"130" + "p_code":"120", + "code":"122" }, { - "desc":"Each node in a cluster is a cloud server or physical machine. After a cluster node is created, you can change the cloud server name or specifications as required.Some inf", + "desc":"You can reset a node to modify the node configuration, such as the node OS and login mode.Resetting a node will reinstall the node OS and the Kubernetes software on the n", + "product_code":"cce", + "title":"Resetting a Node", + "uri":"cce_10_0003.html", + "doc_type":"usermanual2", + "p_code":"120", + "code":"123" + }, + { + "desc":"Removing a node from a cluster will re-install the node OS and clear CCE components on the node.Removing a node will not delete the server corresponding to the node. You ", + "product_code":"cce", + "title":"Removing a Node", + "uri":"cce_10_0338.html", + "doc_type":"usermanual2", + "p_code":"120", + "code":"124" + }, + { + "desc":"Each node in a cluster is a cloud server or physical machine. After a cluster node is created, you can change the cloud server name or specifications as required. Modifyi", "product_code":"cce", "title":"Synchronizing Data with Cloud Servers", "uri":"cce_10_0184.html", "doc_type":"usermanual2", - "p_code":"116", - "code":"131" + "p_code":"120", + "code":"125" }, { "desc":"When a node in a CCE cluster is deleted, services running on the node will also be deleted. Exercise caution when performing this operation.VM nodes that are being used b", @@ -1184,8 +1130,8 @@ "title":"Deleting a Node", "uri":"cce_10_0186.html", "doc_type":"usermanual2", - "p_code":"116", - "code":"132" + "p_code":"120", + "code":"126" }, { "desc":"After a node in the cluster is stopped, services on the node are also stopped. Before stopping a node, ensure that discontinuity of the services on the node will not resu", @@ -1193,8 +1139,8 @@ "title":"Stopping a Node", "uri":"cce_10_0036.html", "doc_type":"usermanual2", - "p_code":"116", - "code":"133" + "p_code":"120", + "code":"127" }, { "desc":"In a rolling upgrade, a new node is created, existing workloads are migrated to the new node, and then the old node is deleted. Figure 1 shows the migration process.The o", @@ -1202,8 +1148,53 @@ "title":"Performing Rolling Upgrade for Nodes", "uri":"cce_10_0276.html", "doc_type":"usermanual2", - "p_code":"116", - "code":"134" + "p_code":"120", + "code":"128" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Node O&M", + "uri":"cce_10_0704.html", + "doc_type":"usermanual2", + "p_code":"114", + "code":"129" + }, + { + "desc":"Some node resources are used to run mandatory Kubernetes system components and resources to make the node as part of your cluster. Therefore, the total number of node res", + "product_code":"cce", + "title":"Node Resource Reservation Policy", + "uri":"cce_10_0178.html", + "doc_type":"usermanual2", + "p_code":"129", + "code":"130" + }, + { + "desc":"This section describes how to allocate data disk space to nodes so that you can configure the data disk space accordingly.When creating a node, configure data disks for t", + "product_code":"cce", + "title":"Data Disk Space Allocation", + "uri":"cce_10_0341.html", + "doc_type":"usermanual2", + "p_code":"129", + "code":"131" + }, + { + "desc":"The maximum number of pods that can be created on a node is calculated based on the cluster type:For a cluster using the container tunnel network model, the value depends", + "product_code":"cce", + "title":"Maximum Number of Pods That Can Be Created on a Node", + "uri":"cce_10_0348.html", + "doc_type":"usermanual2", + "p_code":"129", + "code":"132" + }, + { + "desc":"Kubernetes has removed dockershim from v1.24 and does not support Docker by default. CCE will continue to support Docker in v1.25 but just till v1.27. The following steps", + "product_code":"cce", + "title":"Migrating Nodes from Docker to containerd", + "uri":"cce_10_0601.html", + "doc_type":"usermanual2", + "p_code":"129", + "code":"133" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -1212,7 +1203,7 @@ "uri":"cce_10_0035.html", "doc_type":"usermanual2", "p_code":"", - "code":"135" + "code":"134" }, { "desc":"CCE introduces node pools to help you better manage nodes in Kubernetes clusters. A node pool contains one node or a group of nodes with identical configuration in a clus", @@ -1220,8 +1211,8 @@ "title":"Node Pool Overview", "uri":"cce_10_0081.html", "doc_type":"usermanual2", - "p_code":"135", - "code":"136" + "p_code":"134", + "code":"135" }, { "desc":"This section describes how to create a node pool and perform operations on the node pool. For details about how a node pool works, see Node Pool Overview.The autoscaler a", @@ -1229,8 +1220,8 @@ "title":"Creating a Node Pool", "uri":"cce_10_0012.html", "doc_type":"usermanual2", - "p_code":"135", - "code":"137" + "p_code":"134", + "code":"136" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -1238,7 +1229,16 @@ "title":"Managing a Node Pool", "uri":"cce_10_0222.html", "doc_type":"usermanual2", - "p_code":"135", + "p_code":"134", + "code":"137" + }, + { + "desc":"When editing the resource tags of the node pool. The modified configuration takes effect only for new nodes. To synchronize the configuration to the existing nodes, manua", + "product_code":"cce", + "title":"Updating a Node Pool", + "uri":"cce_10_0653.html", + "doc_type":"usermanual2", + "p_code":"137", "code":"138" }, { @@ -1247,16 +1247,16 @@ "title":"Configuring a Node Pool", "uri":"cce_10_0652.html", "doc_type":"usermanual2", - "p_code":"138", + "p_code":"137", "code":"139" }, { - "desc":"When editing the resource tags of the node pool. The modified configuration takes effect only for new nodes. To synchronize the configuration to the existing nodes, you n", + "desc":"You can copy the configuration of an existing node pool to create a new node pool on the CCE console.", "product_code":"cce", - "title":"Updating a Node Pool", - "uri":"cce_10_0653.html", + "title":"Copying a Node Pool", + "uri":"cce_10_0655.html", "doc_type":"usermanual2", - "p_code":"138", + "p_code":"137", "code":"140" }, { @@ -1265,35 +1265,26 @@ "title":"Synchronizing Node Pools", "uri":"cce_10_0654.html", "doc_type":"usermanual2", - "p_code":"138", + "p_code":"137", "code":"141" }, { - "desc":"When CCE releases a new OS image, existing nodes cannot be automatically upgraded. You can manually upgrade them in batches.This operation will upgrade the OS by resettin", + "desc":"When CCE releases a new OS image, existing nodes cannot be automatically upgraded. You can manually upgrade them in batches.This section describes how to upgrade an OS by", "product_code":"cce", - "title":"Upgrading the OS", + "title":"Upgrading an OS", "uri":"cce_10_0660.html", "doc_type":"usermanual2", - "p_code":"138", + "p_code":"137", "code":"142" }, - { - "desc":"You can copy the configuration of an existing node pool to create a new node pool on the CCE console.", - "product_code":"cce", - "title":"Copying a Node Pool", - "uri":"cce_10_0655.html", - "doc_type":"usermanual2", - "p_code":"138", - "code":"143" - }, { "desc":"Nodes in a node pool can be migrated. Currently, nodes in a node pool can be migrated only to the default node pool (defaultpool) in the same cluster.The migration has no", "product_code":"cce", "title":"Migrating a Node", "uri":"cce_10_0656.html", "doc_type":"usermanual2", - "p_code":"138", - "code":"144" + "p_code":"137", + "code":"143" }, { "desc":"Deleting a node pool will delete nodes in the pool. Pods on these nodes will be automatically migrated to available nodes in other node pools.Deleting a node pool will de", @@ -1301,8 +1292,8 @@ "title":"Deleting a Node Pool", "uri":"cce_10_0657.html", "doc_type":"usermanual2", - "p_code":"138", - "code":"145" + "p_code":"137", + "code":"144" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -1311,7 +1302,7 @@ "uri":"cce_10_0046.html", "doc_type":"usermanual2", "p_code":"", - "code":"146" + "code":"145" }, { "desc":"A workload is an application running on Kubernetes. No matter how many components are there in your workload, you can run it in a group of Kubernetes pods. A workload is ", @@ -1319,7 +1310,16 @@ "title":"Overview", "uri":"cce_10_0006.html", "doc_type":"usermanual2", - "p_code":"146", + "p_code":"145", + "code":"146" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Creating a Workload", + "uri":"cce_10_0673.html", + "doc_type":"usermanual2", + "p_code":"145", "code":"147" }, { @@ -1328,7 +1328,7 @@ "title":"Creating a Deployment", "uri":"cce_10_0047.html", "doc_type":"usermanual2", - "p_code":"146", + "p_code":"147", "code":"148" }, { @@ -1337,7 +1337,7 @@ "title":"Creating a StatefulSet", "uri":"cce_10_0048.html", "doc_type":"usermanual2", - "p_code":"146", + "p_code":"147", "code":"149" }, { @@ -1346,7 +1346,7 @@ "title":"Creating a DaemonSet", "uri":"cce_10_0216.html", "doc_type":"usermanual2", - "p_code":"146", + "p_code":"147", "code":"150" }, { @@ -1355,7 +1355,7 @@ "title":"Creating a Job", "uri":"cce_10_0150.html", "doc_type":"usermanual2", - "p_code":"146", + "p_code":"147", "code":"151" }, { @@ -1364,52 +1364,52 @@ "title":"Creating a Cron Job", "uri":"cce_10_0151.html", "doc_type":"usermanual2", - "p_code":"146", + "p_code":"147", "code":"152" }, - { - "desc":"After a workload is created, you can upgrade, monitor, roll back, or delete the workload, as well as edit its YAML file.Workload/Job managementOperationDescriptionMonitor", - "product_code":"cce", - "title":"Managing Workloads and Jobs", - "uri":"cce_10_0007.html", - "doc_type":"usermanual2", - "p_code":"146", - "code":"153" - }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "product_code":"cce", "title":"Configuring a Container", "uri":"cce_10_0130.html", "doc_type":"usermanual2", - "p_code":"146", + "p_code":"145", + "code":"153" + }, + { + "desc":"When creating a workload, you can configure containers to use the same time zone as the node. You can enable time zone synchronization when creating a workload.The time z", + "product_code":"cce", + "title":"Configuring Time Zone Synchronization", + "uri":"cce_10_0354.html", + "doc_type":"usermanual2", + "p_code":"153", "code":"154" }, { - "desc":"A workload is an abstract model of a group of pods. One pod can encapsulate one or more containers. You can click Add Container in the upper right corner to add multiple ", + "desc":"When a workload is created, the container image is pulled from the image repository to the node. The image is also pulled when the workload is restarted or upgraded.By de", "product_code":"cce", - "title":"Setting Basic Container Information", - "uri":"cce_10_0396.html", + "title":"Configuring an Image Pull Policy", + "uri":"cce_10_0353.html", "doc_type":"usermanual2", - "p_code":"154", + "p_code":"153", "code":"155" }, { "desc":"CCE allows you to create workloads using images pulled from third-party image repositories.Generally, a third-party image repository can be accessed only after authentica", "product_code":"cce", - "title":"Using a Third-Party Image", + "title":"Using Third-Party Images", "uri":"cce_10_0009.html", "doc_type":"usermanual2", - "p_code":"154", + "p_code":"153", "code":"156" }, { - "desc":"CCE allows you to set resource limits for added containers during workload creation. You can apply for and limit the CPU and memory quotas used by each pod in a workload.", + "desc":"CCE allows you to set resource requirements and limits, such as CPU and RAM, for added containers during workload creation. Kubernetes also allows using YAML to set requi", "product_code":"cce", "title":"Setting Container Specifications", "uri":"cce_10_0163.html", "doc_type":"usermanual2", - "p_code":"154", + "p_code":"153", "code":"157" }, { @@ -1418,7 +1418,7 @@ "title":"Setting Container Lifecycle Parameters", "uri":"cce_10_0105.html", "doc_type":"usermanual2", - "p_code":"154", + "p_code":"153", "code":"158" }, { @@ -1427,7 +1427,7 @@ "title":"Setting Health Check for a Container", "uri":"cce_10_0112.html", "doc_type":"usermanual2", - "p_code":"154", + "p_code":"153", "code":"159" }, { @@ -1436,125 +1436,170 @@ "title":"Setting an Environment Variable", "uri":"cce_10_0113.html", "doc_type":"usermanual2", - "p_code":"154", + "p_code":"153", "code":"160" }, - { - "desc":"When a workload is created, the container image is pulled from the image repository to the node. The image is also pulled when the workload is restarted or upgraded.By de", - "product_code":"cce", - "title":"Configuring an Image Pull Policy", - "uri":"cce_10_0353.html", - "doc_type":"usermanual2", - "p_code":"154", - "code":"161" - }, - { - "desc":"When creating a workload, you can configure containers to use the same time zone as the node. You can enable time zone synchronization when creating a workload.The time z", - "product_code":"cce", - "title":"Configuring Time Zone Synchronization", - "uri":"cce_10_0354.html", - "doc_type":"usermanual2", - "p_code":"154", - "code":"162" - }, { "desc":"In actual applications, upgrade is a common operation. A Deployment, StatefulSet, or DaemonSet can easily support application upgrade.You can set different upgrade polici", "product_code":"cce", "title":"Configuring the Workload Upgrade Policy", "uri":"cce_10_0397.html", "doc_type":"usermanual2", - "p_code":"154", - "code":"163" + "p_code":"153", + "code":"161" }, { - "desc":"A nodeSelector provides a very simple way to constrain pods to nodes with particular labels, as mentioned in Creating a DaemonSet. The affinity and anti-affinity feature ", + "desc":"Kubernetes supports node affinity and pod affinity/anti-affinity. You can configure custom rules to achieve affinity and anti-affinity scheduling. For example, you can de", "product_code":"cce", "title":"Scheduling Policy (Affinity/Anti-affinity)", "uri":"cce_10_0232.html", "doc_type":"usermanual2", - "p_code":"154", - "code":"164" + "p_code":"153", + "code":"162" }, { - "desc":"You can use GPUs in CCE containers.A GPU node has been created. For details, see Creating a Node.The gpu-beta add-on has been installed. During the installation, select t", + "desc":"Tolerations allow the scheduler to schedule pods to nodes with target taints. Tolerances work with node taints. Each node allows one or more taints. If no tolerance is co", "product_code":"cce", - "title":"GPU Scheduling", - "uri":"cce_10_0345.html", + "title":"Taints and Tolerations", + "uri":"cce_10_0728.html", "doc_type":"usermanual2", - "p_code":"146", - "code":"165" - }, - { - "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "product_code":"cce", - "title":"CPU Core Binding", - "uri":"cce_10_0551.html", - "doc_type":"usermanual2", - "p_code":"146", - "code":"166" - }, - { - "desc":"By default, kubelet uses CFS quotas to enforce pod CPU limits. When the node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether t", - "product_code":"cce", - "title":"Binding CPU Cores", - "uri":"cce_10_0351.html", - "doc_type":"usermanual2", - "p_code":"166", - "code":"167" - }, - { - "desc":"If you encounter unexpected problems when using a container, you can log in to the container for debugging.The example output is as follows:NAME ", - "product_code":"cce", - "title":"Accessing a Container", - "uri":"cce_10_00356.html", - "doc_type":"usermanual2", - "p_code":"146", - "code":"168" + "p_code":"153", + "code":"163" }, { "desc":"CCE allows you to add annotations to a YAML file to realize some advanced pod functions. The following table describes the annotations you can add.When you create a workl", "product_code":"cce", - "title":"Pod Labels and Annotations", + "title":"Labels and Annotations", "uri":"cce_10_0386.html", "doc_type":"usermanual2", - "p_code":"146", + "p_code":"153", + "code":"164" + }, + { + "desc":"If you encounter unexpected problems when using a container, you can log in to the container to debug it.The example output is as follows:NAME ", + "product_code":"cce", + "title":"Accessing a Container", + "uri":"cce_10_00356.html", + "doc_type":"usermanual2", + "p_code":"145", + "code":"165" + }, + { + "desc":"After a workload is created, you can upgrade, monitor, roll back, or delete the workload, as well as edit its YAML file.Workload/Job managementOperationDescriptionMonitor", + "product_code":"cce", + "title":"Managing Workloads and Jobs", + "uri":"cce_10_0007.html", + "doc_type":"usermanual2", + "p_code":"145", + "code":"166" + }, + { + "desc":"The most significant difference is that each Kata container (pod) runs on an independent micro-VM, has an independent OS kernel, and is securely isolated at the virtualiz", + "product_code":"cce", + "title":"Kata Runtime and Common Runtime", + "uri":"cce_10_0463.html", + "doc_type":"usermanual2", + "p_code":"145", + "code":"167" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Scheduling", + "uri":"cce_10_0674.html", + "doc_type":"usermanual2", + "p_code":"", + "code":"168" + }, + { + "desc":"CCE supports different types of resource scheduling and task scheduling, improving application performance and overall cluster resource utilization. This section describe", + "product_code":"cce", + "title":"Overview", + "uri":"cce_10_0702.html", + "doc_type":"usermanual2", + "p_code":"168", "code":"169" }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"CPU Scheduling", + "uri":"cce_10_0551.html", + "doc_type":"usermanual2", + "p_code":"168", + "code":"170" + }, + { + "desc":"By default, kubelet uses CFS quotas to enforce pod CPU limits. When the node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether t", + "product_code":"cce", + "title":"CPU Policy", + "uri":"cce_10_0351.html", + "doc_type":"usermanual2", + "p_code":"170", + "code":"171" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"GPU Scheduling", + "uri":"cce_10_0720.html", + "doc_type":"usermanual2", + "p_code":"168", + "code":"172" + }, + { + "desc":"You can use GPUs in CCE containers.A GPU node has been created. For details, see Creating a Node.The gpu-device-plugin (previously gpu-beta add-on) has been installed. Du", + "product_code":"cce", + "title":"Default GPU Scheduling in Kubernetes", + "uri":"cce_10_0345.html", + "doc_type":"usermanual2", + "p_code":"172", + "code":"173" + }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "product_code":"cce", "title":"Volcano Scheduling", "uri":"cce_10_0423.html", "doc_type":"usermanual2", - "p_code":"146", - "code":"170" + "p_code":"168", + "code":"174" }, { - "desc":"Jobs can be classified into online jobs and offline jobs based on whether services are always online.Online job: Such jobs run for a long time, with regular traffic surge", + "desc":"When the node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the pod is throttled and which CPU cores are available at schedu", "product_code":"cce", - "title":"Hybrid Deployment of Online and Offline Jobs", - "uri":"cce_10_0384.html", + "title":"NUMA Affinity Scheduling", + "uri":"cce_10_0425.html", "doc_type":"usermanual2", - "p_code":"170", - "code":"171" - }, - { - "desc":"When the Cloud Native Network 2.0 model is used, pods use VPC ENIs or sub-ENIs for networking. You can directly bind security groups and EIPs to pods. CCE provides a cust", - "product_code":"cce", - "title":"Security Group Policies", - "uri":"cce_10_0288.html", - "doc_type":"usermanual2", - "p_code":"146", - "code":"172" + "p_code":"174", + "code":"175" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "product_code":"cce", - "title":"Networking", + "title":"Cloud Native Hybrid Deployment", + "uri":"cce_10_0709.html", + "doc_type":"usermanual2", + "p_code":"168", + "code":"176" + }, + { + "desc":"Many services see surges in traffic. To ensure performance and stability, resources are often requested at the maximum needed. However, the surges may ebb very shortly an", + "product_code":"cce", + "title":"Dynamic Resource Oversubscription", + "uri":"cce_10_0384.html", + "doc_type":"usermanual2", + "p_code":"176", + "code":"177" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Network", "uri":"cce_10_0020.html", "doc_type":"usermanual2", "p_code":"", - "code":"173" + "code":"178" }, { "desc":"You can learn about a cluster network from the following two aspects:What is a cluster network like? A cluster consists of multiple nodes, and pods (or containers) are ru", @@ -1562,8 +1607,8 @@ "title":"Overview", "uri":"cce_10_0010.html", "doc_type":"usermanual2", - "p_code":"173", - "code":"174" + "p_code":"178", + "code":"179" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -1571,17 +1616,17 @@ "title":"Container Network Models", "uri":"cce_10_0280.html", "doc_type":"usermanual2", - "p_code":"173", - "code":"175" + "p_code":"178", + "code":"180" }, { - "desc":"The container network assigns IP addresses to pods in a cluster and provides networking services. In CCE, you can select the following network models for your cluster:Con", + "desc":"The container network assigns IP addresses to pods in a cluster and provides networking services. In CCE, you can select the following network models for your cluster:Tun", "product_code":"cce", "title":"Overview", "uri":"cce_10_0281.html", "doc_type":"usermanual2", - "p_code":"175", - "code":"176" + "p_code":"180", + "code":"181" }, { "desc":"The container tunnel network is constructed on but independent of the node network through tunnel encapsulation. This network model uses VXLAN to encapsulate Ethernet pac", @@ -1589,8 +1634,8 @@ "title":"Container Tunnel Network", "uri":"cce_10_0282.html", "doc_type":"usermanual2", - "p_code":"175", - "code":"177" + "p_code":"180", + "code":"182" }, { "desc":"The VPC network uses VPC routing to integrate with the underlying network. This network model is suitable for performance-intensive scenarios. The maximum number of nodes", @@ -1598,80 +1643,89 @@ "title":"VPC Network", "uri":"cce_10_0283.html", "doc_type":"usermanual2", - "p_code":"175", - "code":"178" - }, - { - "desc":"Developed by CCE, Cloud Native Network 2.0 deeply integrates Elastic Network Interfaces (ENIs) and sub-ENIs of Virtual Private Cloud (VPC). Container IP addresses are all", - "product_code":"cce", - "title":"Cloud Native Network 2.0", - "uri":"cce_10_0284.html", - "doc_type":"usermanual2", - "p_code":"175", - "code":"179" - }, - { - "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", - "product_code":"cce", - "title":"Services", - "uri":"cce_10_0247.html", - "doc_type":"usermanual2", - "p_code":"173", - "code":"180" - }, - { - "desc":"After a pod is created, the following problems may occur if you directly access the pod:The pod can be deleted and recreated at any time by a controller such as a Deploym", - "product_code":"cce", - "title":"Service Overview", - "uri":"cce_10_0249.html", - "doc_type":"usermanual2", - "p_code":"180", - "code":"181" - }, - { - "desc":"ClusterIP Services allow workloads in the same cluster to use their cluster-internal domain names to access each other.The cluster-internal domain name format is Deployments or StatefulSets in the navigation pane ", - "product_code":"cce", - "title":"Fault Locating and Troubleshooting for Abnormal Workloads", - "uri":"cce_faq_00134.html", - "doc_type":"usermanual2", - "p_code":"302", - "code":"303" - }, - { - "desc":"Viewing K8s Event InformationCheck Item 1: Checking Whether a Node Is Available in the ClusterCheck Item 2: Checking Whether Node Resources (CPU and Memory) Are Sufficien", - "product_code":"cce", - "title":"Failed to Schedule an Instance", - "uri":"cce_faq_00098.html", - "doc_type":"usermanual2", - "p_code":"302", - "code":"304" - }, - { - "desc":"If the workload details page displays an event indicating that image pulling fails, perform the following operations to locate the fault:Check Item 1: Checking Whether im", - "product_code":"cce", - "title":"Failed to Pull an Image", - "uri":"cce_faq_00015.html", - "doc_type":"usermanual2", - "p_code":"302", - "code":"305" - }, - { - "desc":"On the details page of a workload, if an event is displayed indicating that the container fails to be restarted, perform the following operations to locate the fault:Rect", - "product_code":"cce", - "title":"Failed to Restart a Container", - "uri":"cce_faq_00018.html", - "doc_type":"usermanual2", - "p_code":"302", - "code":"306" - }, - { - "desc":"Pod actions are classified into the following two types:kube-controller-manager periodically checks the status of all nodes. If a node is in the NotReady state for a peri", - "product_code":"cce", - "title":"What Should I Do If An Evicted Pod Exists?", - "uri":"cce_faq_00209.html", - "doc_type":"usermanual2", - "p_code":"302", - "code":"307" - }, - { - "desc":"When a node is faulty, pods on the node are evicted to ensure workload availability. If the pods are not evicted when the node is faulty, perform the following steps:Use ", - "product_code":"cce", - "title":"Instance Eviction Exception", - "uri":"cce_faq_00140.html", - "doc_type":"usermanual2", - "p_code":"302", - "code":"308" - }, - { - "desc":"When a node is in the Unavailable state, CCE migrates container pods on the node and sets the pods running on the node to the Terminating state.After the node is restored", - "product_code":"cce", - "title":"What Should I Do If Pods in the Terminating State Cannot Be Deleted?", - "uri":"cce_faq_00210.html", - "doc_type":"usermanual2", - "p_code":"302", - "code":"309" - }, - { - "desc":"The metadata.enable field in the YAML file of the workload is false. As a result, the pod of the workload is deleted and the workload is in the stopped status.The workloa", - "product_code":"cce", - "title":"What Should I Do If a Workload Is Stopped Caused by Pod Deletion?", - "uri":"cce_faq_00012.html", - "doc_type":"usermanual2", - "p_code":"302", - "code":"310" - }, - { - "desc":"The pod remains in the creating state for a long time, and the sandbox-related errors are reported.Select a troubleshooting method for your cluster:Clusters of V1.13 or l", - "product_code":"cce", - "title":"What Should I Do If Sandbox-Related Errors Are Reported When the Pod Remains in the Creating State?", - "uri":"cce_faq_00005.html", - "doc_type":"usermanual2", - "p_code":"302", - "code":"311" - }, - { - "desc":"Workload pods in the cluster fail and are being redeployed constantly.After the following command is run, the command output shows that many pods are in the evicted state", - "product_code":"cce", - "title":"What Should I Do If a Pod Is in the Evicted State?", - "uri":"cce_faq_00199.html", - "doc_type":"usermanual2", - "p_code":"302", - "code":"312" - }, - { - "desc":"If a node has sufficient memory resources, a container on this node can use more memory resources than requested, but no more than limited. If the memory allocated to a c", - "product_code":"cce", - "title":"What Should I Do If the OOM Killer Is Triggered When a Container Uses Memory Resources More Than Limited?", - "uri":"cce_faq_00002.html", - "doc_type":"usermanual2", - "p_code":"302", - "code":"313" - }, - { - "desc":"A workload can be accessed from public networks through a load balancer. LoadBalancer provides higher reliability than EIP-based NodePort because an EIP is no longer boun", - "product_code":"cce", - "title":"What Should I Do If a Service Released in a Workload Cannot Be Accessed from Public Networks?", - "uri":"cce_faq_00202.html", - "doc_type":"usermanual2", - "p_code":"293", - "code":"314" - }, - { - "desc":"A VPC is similar to a private local area network (LAN) managed by a home gateway whose IP address is 192.168.0.0/16. A VPC is a private network built on the cloud and pro", - "product_code":"cce", - "title":"What Is the Relationship Between Clusters, VPCs, and Subnets?", - "uri":"cce_faq_00266.html", - "doc_type":"usermanual2", - "p_code":"293", - "code":"315" - }, - { - "desc":"CCE is a universal container platform. Its default security group rules apply to common scenarios. Based on security requirements, you can harden the security group rules", - "product_code":"cce", - "title":"How Do I Harden the VPC Security Group Rules for CCE Cluster Nodes?", - "uri":"cce_faq_00265.html", - "doc_type":"usermanual2", - "p_code":"293", - "code":"316" + "p_code":"308", + "code":"317" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "product_code":"cce", "title":"Best Practice", - "uri":"cce_bestpractice.html", + "uri":"cce_bestpractice_0000.html", "doc_type":"usermanual2", "p_code":"", - "code":"317" + "code":"318" }, { "desc":"Security, efficiency, stability, and availability are common requirements on all cloud services. To meet these requirements, the system availability, data reliability, an", @@ -2858,8 +2867,8 @@ "title":"Checklist for Deploying Containerized Applications in the Cloud", "uri":"cce_bestpractice_00006.html", "doc_type":"usermanual2", - "p_code":"317", - "code":"318" + "p_code":"318", + "code":"319" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -2867,8 +2876,8 @@ "title":"Containerization", "uri":"cce_bestpractice_0321.html", "doc_type":"usermanual2", - "p_code":"317", - "code":"319" + "p_code":"318", + "code":"320" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -2876,8 +2885,8 @@ "title":"Containerizing an Enterprise Application (ERP)", "uri":"cce_bestpractice_0001.html", "doc_type":"usermanual2", - "p_code":"319", - "code":"320" + "p_code":"320", + "code":"321" }, { "desc":"This chapter provides CCE best practices to walk you through the application containerization.A container is a lightweight high-performance resource isolation mechanism i", @@ -2885,8 +2894,8 @@ "title":"Solution Overview", "uri":"cce_bestpractice_0002.html", "doc_type":"usermanual2", - "p_code":"320", - "code":"321" + "p_code":"321", + "code":"322" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -2894,8 +2903,8 @@ "title":"Procedure", "uri":"cce_bestpractice_0340.html", "doc_type":"usermanual2", - "p_code":"320", - "code":"322" + "p_code":"321", + "code":"323" }, { "desc":"This tutorial describes how to containerize an ERP system by migrating it from a VM to CCE.No recoding or re-architecting is required. You only need to pack the entire ap", @@ -2903,8 +2912,8 @@ "title":"Containerizing an Entire Application", "uri":"cce_bestpractice_0003.html", "doc_type":"usermanual2", - "p_code":"322", - "code":"323" + "p_code":"323", + "code":"324" }, { "desc":"The following figure illustrates the process of containerizing an application.", @@ -2912,35 +2921,35 @@ "title":"Containerization Process", "uri":"cce_bestpractice_0004.html", "doc_type":"usermanual2", - "p_code":"322", - "code":"324" + "p_code":"323", + "code":"325" }, { - "desc":"Before containerizing an application, you need to analyze the running environment and dependencies of the application, and get familiar with the application deployment mo", + "desc":"Before containerizing an application, analyze the running environment and dependencies of the application, and get familiar with the application deployment mode. For deta", "product_code":"cce", "title":"Analyzing the Application", "uri":"cce_bestpractice_0005.html", "doc_type":"usermanual2", - "p_code":"322", - "code":"325" + "p_code":"323", + "code":"326" }, { - "desc":"After application analysis, you have gained the understanding of the OS and runtime required for running the application. You need to make the following preparations:Inst", + "desc":"After application analysis, you have gained the understanding of the OS and runtime required for running the application. Make the following preparations:Installing Docke", "product_code":"cce", "title":"Preparing the Application Runtime", "uri":"cce_bestpractice_0006.html", "doc_type":"usermanual2", - "p_code":"322", - "code":"326" + "p_code":"323", + "code":"327" }, { - "desc":"During application containerization, you need to prepare a startup script. The method of compiling this script is the same as that of compiling a shell script. The startu", + "desc":"During application containerization, prepare a startup script. The method of compiling this script is the same as that of compiling a shell script. The startup script is ", "product_code":"cce", "title":"Compiling a Startup Script", "uri":"cce_bestpractice_0007.html", "doc_type":"usermanual2", - "p_code":"322", - "code":"327" + "p_code":"323", + "code":"328" }, { "desc":"An image is the basis of a container. A container runs based on the content defined in the image. An image has multiple layers. Each layer includes the modifications made", @@ -2948,8 +2957,8 @@ "title":"Compiling the Dockerfile", "uri":"cce_bestpractice_0008.html", "doc_type":"usermanual2", - "p_code":"322", - "code":"328" + "p_code":"323", + "code":"329" }, { "desc":"This section describes how to build an entire application into a Docker image. After building an image, you can use the image to deploy and upgrade the application. This ", @@ -2957,8 +2966,8 @@ "title":"Building and Uploading an Image", "uri":"cce_bestpractice_0009.html", "doc_type":"usermanual2", - "p_code":"322", - "code":"329" + "p_code":"323", + "code":"330" }, { "desc":"This section describes how to deploy a workload on CCE. When using CCE for the first time, create an initial cluster and add a node into the cluster.Containerized workloa", @@ -2966,8 +2975,8 @@ "title":"Creating a Container Workload", "uri":"cce_bestpractice_0010.html", "doc_type":"usermanual2", - "p_code":"322", - "code":"330" + "p_code":"323", + "code":"331" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -2975,8 +2984,8 @@ "title":"Migration", "uri":"cce_bestpractice_00237.html", "doc_type":"usermanual2", - "p_code":"317", - "code":"331" + "p_code":"318", + "code":"332" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -2984,8 +2993,8 @@ "title":"Migrating On-premises Kubernetes Clusters to CCE", "uri":"cce_bestpractice_0306.html", "doc_type":"usermanual2", - "p_code":"331", - "code":"332" + "p_code":"332", + "code":"333" }, { "desc":"Containers are growing in popularity and Kubernetes simplifies containerized deployment. Many companies choose to build their own Kubernetes clusters. However, the O&M wo", @@ -2993,8 +3002,8 @@ "title":"Solution Overview", "uri":"cce_bestpractice_0307.html", "doc_type":"usermanual2", - "p_code":"332", - "code":"333" + "p_code":"333", + "code":"334" }, { "desc":"CCE allows you to customize cluster resources to meet various service requirements. Table 1 lists the key performance parameters of a cluster and provides the planned val", @@ -3002,8 +3011,8 @@ "title":"Planning Resources for the Target Cluster", "uri":"cce_bestpractice_0308.html", "doc_type":"usermanual2", - "p_code":"332", - "code":"334" + "p_code":"333", + "code":"335" }, { "desc":"If your migration does not involve resources outside a cluster listed in Table 1 or you do not need to use other services to update resources after the migration, skip th", @@ -3011,8 +3020,8 @@ "title":"Migrating Resources Outside a Cluster", "uri":"cce_bestpractice_0309.html", "doc_type":"usermanual2", - "p_code":"332", - "code":"335" + "p_code":"333", + "code":"336" }, { "desc":"Velero is an open-source backup and migration tool for Kubernetes clusters. It integrates the persistent volume (PV) data backup capability of the Restic tool and can be ", @@ -3020,8 +3029,8 @@ "title":"Installing the Migration Tool", "uri":"cce_bestpractice_0310.html", "doc_type":"usermanual2", - "p_code":"332", - "code":"336" + "p_code":"333", + "code":"337" }, { "desc":"WordPress is used as an example to describe how to migrate an application from an on-premises Kubernetes cluster to a CCE cluster. The WordPress application consists of t", @@ -3029,8 +3038,8 @@ "title":"Migrating Resources in a Cluster", "uri":"cce_bestpractice_0311.html", "doc_type":"usermanual2", - "p_code":"332", - "code":"337" + "p_code":"333", + "code":"338" }, { "desc":"The WordPress and MySQL images used in this example can be pulled from SWR. Therefore, the image pull failure (ErrImagePull) will not occur. If the application to be migr", @@ -3038,8 +3047,8 @@ "title":"Updating Resources Accordingly", "uri":"cce_bestpractice_0312.html", "doc_type":"usermanual2", - "p_code":"332", - "code":"338" + "p_code":"333", + "code":"339" }, { "desc":"Cluster migration involves full migration of application data, which may cause intra-application adaptation problems. In this example, after the cluster is migrated, the ", @@ -3047,8 +3056,8 @@ "title":"Performing Additional Tasks", "uri":"cce_bestpractice_0313.html", "doc_type":"usermanual2", - "p_code":"332", - "code":"339" + "p_code":"333", + "code":"340" }, { "desc":"Both HostPath and Local volumes are local storage volumes. However, the Restic tool integrated in Velero cannot back up the PVs of the HostPath type and supports only the", @@ -3056,8 +3065,8 @@ "title":"Troubleshooting", "uri":"cce_bestpractice_0314.html", "doc_type":"usermanual2", - "p_code":"332", - "code":"340" + "p_code":"333", + "code":"341" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -3065,8 +3074,8 @@ "title":"DevOps", "uri":"cce_bestpractice_0322.html", "doc_type":"usermanual2", - "p_code":"317", - "code":"341" + "p_code":"318", + "code":"342" }, { "desc":"GitLab is an open-source version management system developed with Ruby on Rails for Git project repository management. It supports web-based access to public and private ", @@ -3074,8 +3083,8 @@ "title":"Interconnecting GitLab with SWR and CCE for CI/CD", "uri":"cce_bestpractice_0324.html", "doc_type":"usermanual2", - "p_code":"341", - "code":"342" + "p_code":"342", + "code":"343" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -3083,17 +3092,17 @@ "title":"Disaster Recovery", "uri":"cce_bestpractice_0323.html", "doc_type":"usermanual2", - "p_code":"317", - "code":"343" + "p_code":"318", + "code":"344" }, { - "desc":"To achieve high availability for your CCE containers, you can do as follows:Deploy three master nodes for the cluster.When nodes are deployed across AZs, set custom sched", + "desc":"To achieve high availability for your CCE containers, you can do as follows:Deploy three master nodes for the cluster.Create nodes in different AZs. When nodes are deploy", "product_code":"cce", - "title":"Implementing High Availability for Containers in CCE", + "title":"Implementing High Availability for Applications in CCE", "uri":"cce_bestpractice_00220.html", "doc_type":"usermanual2", - "p_code":"343", - "code":"344" + "p_code":"344", + "code":"345" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -3101,8 +3110,8 @@ "title":"Security", "uri":"cce_bestpractice_0315.html", "doc_type":"usermanual2", - "p_code":"317", - "code":"345" + "p_code":"318", + "code":"346" }, { "desc":"For security purposes, you are advised to configure a cluster as follows.Kubernetes releases a major version in about four months. CCE follows the same frequency as Kuber", @@ -3110,8 +3119,8 @@ "title":"Cluster Security", "uri":"cce_bestpractice_0317.html", "doc_type":"usermanual2", - "p_code":"345", - "code":"346" + "p_code":"346", + "code":"347" }, { "desc":"Do not bind an EIP to a node unless necessary to reduce the attack surface.If an EIP must be used, properly configure the firewall or security group rules to restrict acc", @@ -3119,8 +3128,8 @@ "title":"Node Security", "uri":"cce_bestpractice_0318.html", "doc_type":"usermanual2", - "p_code":"345", - "code":"347" + "p_code":"346", + "code":"348" }, { "desc":"The nodeSelector or nodeAffinity is used to limit the range of nodes to which applications can be scheduled, preventing the entire cluster from being threatened due to th", @@ -3128,8 +3137,8 @@ "title":"Container Security", "uri":"cce_bestpractice_0319.html", "doc_type":"usermanual2", - "p_code":"345", - "code":"348" + "p_code":"346", + "code":"349" }, { "desc":"Currently, CCE has configured static encryption for secret resources. The secrets created by users will be encrypted and stored in etcd of the CCE cluster. Secrets can be", @@ -3137,8 +3146,8 @@ "title":"Secret Security", "uri":"cce_bestpractice_0320.html", "doc_type":"usermanual2", - "p_code":"345", - "code":"349" + "p_code":"346", + "code":"350" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -3146,17 +3155,17 @@ "title":"Auto Scaling", "uri":"cce_bestpractice_0090.html", "doc_type":"usermanual2", - "p_code":"317", - "code":"350" + "p_code":"318", + "code":"351" }, { - "desc":"The best way to handle surging traffic is to automatically adjust the number of machines based on the traffic volume or resource usage, which is called scaling.In CCE, th", + "desc":"The best way to handle surging traffic is to automatically adjust the number of machines based on the traffic volume or resource usage, which is called scaling.When pods ", "product_code":"cce", "title":"Using HPA and CA for Auto Scaling of Workloads and Nodes", "uri":"cce_bestpractice_00282.html", "doc_type":"usermanual2", - "p_code":"350", - "code":"351" + "p_code":"351", + "code":"352" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -3164,8 +3173,8 @@ "title":"Monitoring", "uri":"cce_bestpractice_10008.html", "doc_type":"usermanual2", - "p_code":"317", - "code":"352" + "p_code":"318", + "code":"353" }, { "desc":"Generally, a user has different clusters for different purposes, such as production, testing, and development. To monitor, collect, and view metrics of these clusters, yo", @@ -3173,8 +3182,8 @@ "title":"Using Prometheus for Multi-cluster Monitoring", "uri":"cce_bestpractice_10009.html", "doc_type":"usermanual2", - "p_code":"352", - "code":"353" + "p_code":"353", + "code":"354" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -3182,8 +3191,8 @@ "title":"Cluster", "uri":"cce_bestpractice_0050.html", "doc_type":"usermanual2", - "p_code":"317", - "code":"354" + "p_code":"318", + "code":"355" }, { "desc":"When you have multiple CCE clusters, you may find it difficult to efficiently connect to all of them.This section describes how to configure access to multiple clusters b", @@ -3191,25 +3200,16 @@ "title":"Connecting to Multiple Clusters Using kubectl", "uri":"cce_bestpractice_00254.html", "doc_type":"usermanual2", - "p_code":"354", - "code":"355" - }, - { - "desc":"You can use the pre-installation script feature to configure CCE cluster nodes (ECSs).When creating a node in a cluster of v1.13.10 or later, if a data disk is not manage", - "product_code":"cce", - "title":"Adding a Second Data Disk to a Node in a CCE Cluster", - "uri":"cce_bestpractice_00190.html", - "doc_type":"usermanual2", - "p_code":"354", + "p_code":"355", "code":"356" }, { - "desc":"When a node is created, a data disk is created by default for container runtime and kubelet components to use. The data disk used by the container runtime and kubelet co", + "desc":"When a node is created, a data disk is attached by default for a container runtime and kubelet. The data disk used by the container runtime and kubelet cannot be detached", "product_code":"cce", "title":"Selecting a Data Disk for the Node", "uri":"cce_bestpractice_10012.html", "doc_type":"usermanual2", - "p_code":"354", + "p_code":"355", "code":"357" }, { @@ -3218,7 +3218,7 @@ "title":"Networking", "uri":"cce_bestpractice_0052.html", "doc_type":"usermanual2", - "p_code":"317", + "p_code":"318", "code":"358" }, { @@ -3257,23 +3257,32 @@ "p_code":"358", "code":"362" }, + { + "desc":"In the Cloud Native Network 2.0 model, each pod is allocated an ENI or a sub-ENI (called container ENI). The speed of ENI creation and binding is slower than that of pod ", + "product_code":"cce", + "title":"Pre-Binding Container ENI for CCE Turbo Clusters", + "uri":"cce_bestpractice_10010.html", + "doc_type":"usermanual2", + "p_code":"358", + "code":"363" + }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", "product_code":"cce", "title":"Storage", "uri":"cce_bestpractice_0053.html", "doc_type":"usermanual2", - "p_code":"317", - "code":"363" + "p_code":"318", + "code":"364" }, { - "desc":"EulerOS 2.9 is used as the sample OS. Originally, system disk /dev/vda has 50 GB and one partition (/dev/vda1), and then 50 GB is added to the disk. In this example, the ", + "desc":"The storage classes that can be expanded for CCE nodes are as follows:EulerOS 2.9 is used as the sample OS. There is only one partition (/dev/vda1) with a capacity of 50 ", "product_code":"cce", - "title":"Expanding Node Disk Capacity", + "title":"Expanding the Storage Space", "uri":"cce_bestpractice_00198.html", "doc_type":"usermanual2", - "p_code":"363", - "code":"364" + "p_code":"364", + "code":"365" }, { "desc":"This section describes how to mount OBS buckets and OBS parallel file systems (preferred) of third-party tenants.The CCE cluster of a SaaS service provider needs to be mo", @@ -3281,17 +3290,17 @@ "title":"Mounting an Object Storage Bucket of a Third-Party Tenant", "uri":"cce_bestpractice_00199.html", "doc_type":"usermanual2", - "p_code":"363", - "code":"365" + "p_code":"364", + "code":"366" }, { - "desc":"The minimum capacity of an SFS Turbo file system is 500 GB, and the SFS Turbo file system cannot be billed by usage. By default, the root directory of an SFS Turbo file s", + "desc":"The minimum capacity of an SFS Turbo file system is 500 GiB, and the SFS Turbo file system cannot be billed by usage. By default, the root directory of an SFS Turbo file ", "product_code":"cce", "title":"Dynamically Creating and Mounting Subdirectories of an SFS Turbo File System", "uri":"cce_bestpractice_00253.html", "doc_type":"usermanual2", - "p_code":"363", - "code":"366" + "p_code":"364", + "code":"367" }, { "desc":"In clusters later than v1.15.11-r1, CSI (the everest add-on) has taken over all functions of fuxi FlexVolume (the storage-driver add-on) for managing container storage. Y", @@ -3299,8 +3308,8 @@ "title":"How Do I Change the Storage Class Used by a Cluster of v1.15 from FlexVolume to CSI Everest?", "uri":"cce_bestpractice_0107.html", "doc_type":"usermanual2", - "p_code":"363", - "code":"367" + "p_code":"364", + "code":"368" }, { "desc":"When using storage resources in CCE, the most common method is to specify storageClassName to define the type of storage resources to be created when creating a PVC. The ", @@ -3308,17 +3317,17 @@ "title":"Custom Storage Classes", "uri":"cce_bestpractice_00281.html", "doc_type":"usermanual2", - "p_code":"363", - "code":"368" + "p_code":"364", + "code":"369" }, { - "desc":"EVS disks cannot be attached across AZs. For example, EVS disks in AZ 1 cannot be attached to nodes in AZ 2.If the storage class csi-disk is used for StatefulSets, when a", + "desc":"EVS disks cannot be attached to a node deployed in another AZ. For example, the EVS disks in AZ 1 cannot be attached to a node in AZ 2. If the storage class csi-disk is u", "product_code":"cce", - "title":"Realizing Automatic Topology for EVS Disks When Nodes Are Deployed Across AZs (csi-disk-topology)", + "title":"Enabling Automatic Topology for EVS Disks When Nodes Are Deployed in Different AZs (csi-disk-topology)", "uri":"cce_bestpractice_00284.html", "doc_type":"usermanual2", - "p_code":"363", - "code":"369" + "p_code":"364", + "code":"370" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -3326,8 +3335,8 @@ "title":"Container", "uri":"cce_bestpractice_0051.html", "doc_type":"usermanual2", - "p_code":"317", - "code":"370" + "p_code":"318", + "code":"371" }, { "desc":"If a node has sufficient memory resources, a container on this node can use more memory resources than requested, but no more than limited. If the memory allocated to a c", @@ -3335,35 +3344,35 @@ "title":"Properly Allocating Container Computing Resources", "uri":"cce_bestpractice_00002.html", "doc_type":"usermanual2", - "p_code":"370", - "code":"371" + "p_code":"371", + "code":"372" }, { - "desc":"To access a Kubernetes cluster from a client, you can use the Kubernetes command line tool kubectl.Create a DaemonSet file.vi daemonSet.yamlAn example YAML file is provid", + "desc":"To access a Kubernetes cluster from a client, you can use the Kubernetes command line tool kubectl.Create a daemonSet file.vi daemonSet.yamlAn example YAML file is provid", "product_code":"cce", "title":"Modifying Kernel Parameters Using a Privileged Container", "uri":"cce_bestpractice_00227.html", "doc_type":"usermanual2", - "p_code":"370", - "code":"372" + "p_code":"371", + "code":"373" }, { "desc":"Before containers running applications are started, one or some init containers are started first. If there are multiple init containers, they will be started in the defi", "product_code":"cce", - "title":"Initializing a Container", + "title":"Using Init Containers to Initialize an Application", "uri":"cce_bestpractice_00228.html", "doc_type":"usermanual2", - "p_code":"370", - "code":"373" + "p_code":"371", + "code":"374" }, { - "desc":"If DNS or other related settings are inappropriate, you can use hostAliases to overwrite the resolution of the host name at the pod level when adding entries to the /etc/", + "desc":"If DNS or other related settings are inappropriate, you can use hostAliases to overwrite the resolution of the hostname at the pod level when adding entries to the /etc/h", "product_code":"cce", "title":"Using hostAliases to Configure /etc/hosts in a Pod", "uri":"cce_bestpractice_00226.html", "doc_type":"usermanual2", - "p_code":"370", - "code":"374" + "p_code":"371", + "code":"375" }, { "desc":"Linux allows you to create a core dump file if an application crashes, which contains the data the application had in memory at the time of the crash. You can analyze the", @@ -3371,8 +3380,8 @@ "title":"Configuring Core Dumps", "uri":"cce_bestpractice_0325.html", "doc_type":"usermanual2", - "p_code":"370", - "code":"375" + "p_code":"371", + "code":"376" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -3380,8 +3389,8 @@ "title":"Permission", "uri":"cce_bestpractice_0055.html", "doc_type":"usermanual2", - "p_code":"317", - "code":"376" + "p_code":"318", + "code":"377" }, { "desc":"By default, the kubeconfig file provided by CCE for users has permissions bound to the cluster-admin role, which are equivalent to the permissions of user root. It is dif", @@ -3389,8 +3398,8 @@ "title":"Configuring kubeconfig for Fine-Grained Management on Cluster Resources", "uri":"cce_bestpractice_00221.html", "doc_type":"usermanual2", - "p_code":"376", - "code":"377" + "p_code":"377", + "code":"378" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -3398,8 +3407,8 @@ "title":"Release", "uri":"cce_bestpractice_10000.html", "doc_type":"usermanual2", - "p_code":"317", - "code":"378" + "p_code":"318", + "code":"379" }, { "desc":"When switching between old and new services, you may be challenged in ensuring the system service continuity. If a new service version is directly released to all users a", @@ -3407,17 +3416,926 @@ "title":"Overview", "uri":"cce_bestpractice_10001.html", "doc_type":"usermanual2", - "p_code":"378", - "code":"379" + "p_code":"379", + "code":"380" }, { - "desc":"To implement grayscale release for a CCE cluster, you need to deploy other open-source tools, such as Nginx Ingress, to the cluster or deploy services to a service mesh. ", + "desc":"To implement grayscale release for a CCE cluster, deploy other open-source tools, such as Nginx Ingress, to the cluster or deploy services to a service mesh. These soluti", "product_code":"cce", "title":"Using Services to Implement Simple Grayscale Release and Blue-Green Deployment", "uri":"cce_bestpractice_10002.html", "doc_type":"usermanual2", - "p_code":"378", - "code":"380" + "p_code":"379", + "code":"381" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"FAQs", + "uri":"cce_faq_0000.html", + "doc_type":"usermanual2", + "p_code":"", + "code":"382" + }, + { + "desc":"Why Can't I Create a CCE Cluster?Is Management Scale of a Cluster Related to the Number of Master Nodes?How Do I Rectify the Fault When the Cluster Status Is Unavailable?", + "product_code":"cce", + "title":"Common Questions", + "uri":"cce_faq_00006.html", + "doc_type":"usermanual2", + "p_code":"382", + "code":"383" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Cluster", + "uri":"cce_faq_00024.html", + "doc_type":"usermanual2", + "p_code":"382", + "code":"384" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Cluster Creation", + "uri":"cce_faq_00278.html", + "doc_type":"usermanual2", + "p_code":"384", + "code":"385" + }, + { + "desc":"This section describes how to locate and rectify the fault if you fail to create a CCE cluster.Possible causes:The Network Time Protocol daemon (ntpd) is not installed or", + "product_code":"cce", + "title":"Why Can't I Create a CCE Cluster?", + "uri":"cce_faq_00111.html", + "doc_type":"usermanual2", + "p_code":"385", + "code":"386" + }, + { + "desc":"Management scale indicates the maximum number of nodes that can be managed by a cluster. If you select 50 nodes, the cluster can manage a maximum of 50 nodes.The number o", + "product_code":"cce", + "title":"Is Management Scale of a Cluster Related to the Number of Master Nodes?", + "uri":"cce_faq_00090.html", + "doc_type":"usermanual2", + "p_code":"385", + "code":"387" + }, + { + "desc":"CCE restricts only the number of clusters. However, when using CCE, you may also be using other cloud services, such as Elastic Cloud Server (ECS), Elastic Volume Service", + "product_code":"cce", + "title":"Which Resource Quotas Should I Pay Attention To When Using CCE?", + "uri":"cce_faq_00154.html", + "doc_type":"usermanual2", + "p_code":"385", + "code":"388" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Cluster Running", + "uri":"cce_faq_00279.html", + "doc_type":"usermanual2", + "p_code":"384", + "code":"389" + }, + { + "desc":"If the cluster is Unavailable, perform the following operations to rectify the fault:Troubleshooting methods are sorted based on the occurrence probability of the possibl", + "product_code":"cce", + "title":"How Do I Rectify the Fault When the Cluster Status Is Unavailable?", + "uri":"cce_faq_00039.html", + "doc_type":"usermanual2", + "p_code":"389", + "code":"390" + }, + { + "desc":"After a cluster is deleted, the workload on the cluster will also be deleted and cannot be restored. Therefore, exercise caution when deleting a cluster.", + "product_code":"cce", + "title":"How Do I Retrieve Data After a Cluster Is Deleted?", + "uri":"cce_faq_00040.html", + "doc_type":"usermanual2", + "p_code":"389", + "code":"391" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Cluster Deletion", + "uri":"cce_faq_00309.html", + "doc_type":"usermanual2", + "p_code":"384", + "code":"392" + }, + { + "desc":"When deleting a cluster, CCE obtains the cluster's resources through kube-apiserver of the cluster. If the cluster is unavailable, frozen, or hibernated, the resources ma", + "product_code":"cce", + "title":"Failed to Delete a Cluster: Residual ENIs", + "uri":"cce_faq_00394.html", + "doc_type":"usermanual2", + "p_code":"392", + "code":"393" + }, + { + "desc":"If a cluster is not in the running state (for example, frozen or unavailable), resources such as PVCs, Services, and ingresses in the cluster cannot be obtained. After th", + "product_code":"cce", + "title":"How Do I Clear Residual Resources After a Non-Running Cluster Is Deleted?", + "uri":"cce_faq_00413.html", + "doc_type":"usermanual2", + "p_code":"392", + "code":"394" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Cluster Upgrade", + "uri":"cce_faq_00401.html", + "doc_type":"usermanual2", + "p_code":"384", + "code":"395" + }, + { + "desc":"This section describes how to locate and rectify the fault if you fail to upgrade an add-on during the CCE cluster upgrade.", + "product_code":"cce", + "title":"What Do I Do If a Cluster Add-On Fails to be Upgraded During the CCE Cluster Upgrade?", + "uri":"cce_faq_00402.html", + "doc_type":"usermanual2", + "p_code":"395", + "code":"396" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Node", + "uri":"cce_faq_00021.html", + "doc_type":"usermanual2", + "p_code":"382", + "code":"397" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Node Creation", + "uri":"cce_faq_00280.html", + "doc_type":"usermanual2", + "p_code":"397", + "code":"398" + }, + { + "desc":"The node images in the same cluster must be the same. Pay attention to this when creating, adding, or accepting nodes in a cluster.If you need to allocate user space from", + "product_code":"cce", + "title":"How Do I Troubleshoot Problems Occurred When Adding Nodes to a CCE Cluster?", + "uri":"cce_faq_00027.html", + "doc_type":"usermanual2", + "p_code":"398", + "code":"399" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Node Running", + "uri":"cce_faq_00281.html", + "doc_type":"usermanual2", + "p_code":"397", + "code":"400" + }, + { + "desc":"If the cluster status is available but some nodes in the cluster are unavailable, perform the following operations to rectify the fault:Kubernetes provides the heartbeat ", + "product_code":"cce", + "title":"What Should I Do If a Cluster Is Available But Some Nodes Are Unavailable?", + "uri":"cce_faq_00120.html", + "doc_type":"usermanual2", + "p_code":"400", + "code":"401" + }, + { + "desc":"The following tables list log files of CCE nodes.", + "product_code":"cce", + "title":"How Do I Collect Logs of Nodes in a CCE Cluster?", + "uri":"cce_faq_00201.html", + "doc_type":"usermanual2", + "p_code":"400", + "code":"402" + }, + { + "desc":"The vdb disk of a node is damaged and the node cannot be recovered after reset.Error ScenariosOn a normal node, delete the LV and VG. The node is unavailable.Reset an abn", + "product_code":"cce", + "title":"What Should I Do If the vdb Disk of a Node Is Damaged and the Node Cannot Be Recovered After Reset?", + "uri":"cce_faq_00263.html", + "doc_type":"usermanual2", + "p_code":"400", + "code":"403" + }, + { + "desc":"When SCSI EVS disks are used and containers are created and deleted on a CentOS node, the disks are frequently mounted and unmounted. The read/write rate of the system di", + "product_code":"cce", + "title":"What Should I Do If I/O Suspension Occasionally Occurs When SCSI EVS Disks Are Used?", + "uri":"cce_faq_00296.html", + "doc_type":"usermanual2", + "p_code":"400", + "code":"404" + }, + { + "desc":"When the disk space of a thin pool on a node is about to be used up, the following exceptions occasionally occur:Files or directories fail to be created in the container,", + "product_code":"cce", + "title":"How Do I Fix an Abnormal Container or Node Due to No Thin Pool Disk Space?", + "uri":"cce_faq_00307.html", + "doc_type":"usermanual2", + "p_code":"400", + "code":"405" + }, + { + "desc":"SymptomA node is running properly and has GPU resources. However, the following error information is displayed:0/9 nodes are available: 9 insufficient nvidia.com/gpuAnaly", + "product_code":"cce", + "title":"How Do I Rectify Failures When the NVIDIA Driver Is Used to Start Containers on GPU Nodes?", + "uri":"cce_faq_00020.html", + "doc_type":"usermanual2", + "p_code":"400", + "code":"406" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Specification Change", + "uri":"cce_faq_00282.html", + "doc_type":"usermanual2", + "p_code":"397", + "code":"407" + }, + { + "desc":"If the node whose specifications need to be changed is accepted into the cluster for management, remove the node from the cluster and then change the node specifications ", + "product_code":"cce", + "title":"How Do I Change the Node Specifications in a CCE Cluster?", + "uri":"cce_faq_00030.html", + "doc_type":"usermanual2", + "p_code":"407", + "code":"408" + }, + { + "desc":"The kubelet option cpu-manager-policy defaults to static, allowing pods with certain resource characteristics to be granted increased CPU affinity and exclusivity on the ", + "product_code":"cce", + "title":"What Should I Do If I Fail to Restart or Create Workloads on a Node After Modifying the Node Specifications?", + "uri":"cce_faq_00189.html", + "doc_type":"usermanual2", + "p_code":"407", + "code":"409" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Node Pool", + "uri":"cce_faq_00163.html", + "doc_type":"usermanual2", + "p_code":"382", + "code":"410" + }, + { + "desc":"The node pool keeps being in the expanding state, but no node creation record is displayed in the operation record.Check and rectify the following faults:Whether the spec", + "product_code":"cce", + "title":"What Should I Do If No Node Creation Record Is Displayed When the Node Pool Is Being Expanding?", + "uri":"cce_faq_00127.html", + "doc_type":"usermanual2", + "p_code":"410", + "code":"411" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Workload", + "uri":"cce_faq_00028.html", + "doc_type":"usermanual2", + "p_code":"382", + "code":"412" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Workload Abnormalities", + "uri":"cce_faq_00029.html", + "doc_type":"usermanual2", + "p_code":"412", + "code":"413" + }, + { + "desc":"If a workload is abnormal, you can first check the pod events to locate the fault and then rectify the fault by referring to Table 1.Run the kubectl describe pod{pod-name", + "product_code":"cce", + "title":"How Do I Use Events to Fix Abnormal Workloads?", + "uri":"cce_faq_00134.html", + "doc_type":"usermanual2", + "p_code":"413", + "code":"414" + }, + { + "desc":"If the pod is in the Pending state and the event contains pod scheduling failure information, locate the cause based on the event information. For details about how to vi", + "product_code":"cce", + "title":"What Should I Do If Pod Scheduling Fails?", + "uri":"cce_faq_00098.html", + "doc_type":"usermanual2", + "p_code":"413", + "code":"415" + }, + { + "desc":"When a workload enters the state of \"Pod not ready: Back-off pulling image \"xxxxx\", a Kubernetes event of PodsFailed to pull image or Failed to re-pull image will be repo", + "product_code":"cce", + "title":"What Should I Do If a Pod Fails to Pull the Image?", + "uri":"cce_faq_00015.html", + "doc_type":"usermanual2", + "p_code":"413", + "code":"416" + }, + { + "desc":"On the details page of a workload, if an event is displayed indicating that the container fails to be started, perform the following steps to locate the fault:Rectify the", + "product_code":"cce", + "title":"What Should I Do If Container Startup Fails?", + "uri":"cce_faq_00018.html", + "doc_type":"usermanual2", + "p_code":"413", + "code":"417" + }, + { + "desc":"When an exception occurs on a node, Kubernetes evicts the pods on the node to ensure the workload availability.In Kubernetes, both kube-controller-manager and kubelet can", + "product_code":"cce", + "title":"What Should I Do If a Pod Fails to Be Evicted?", + "uri":"cce_faq_00209.html", + "doc_type":"usermanual2", + "p_code":"413", + "code":"418" + }, + { + "desc":"Troubleshooting methods are sorted based on the occurrence probability of the possible causes. You are advised to check the possible causes from high probability to low p", + "product_code":"cce", + "title":"What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?", + "uri":"cce_faq_00200.html", + "doc_type":"usermanual2", + "p_code":"413", + "code":"419" + }, + { + "desc":"The workload remains in the creating state.Troubleshooting methods are sorted based on the occurrence probability of the possible causes. You are advised to check the pos", + "product_code":"cce", + "title":"What Should I Do If a Workload Remains in the Creating State?", + "uri":"cce_faq_00140.html", + "doc_type":"usermanual2", + "p_code":"413", + "code":"420" + }, + { + "desc":"When a node is in the Unavailable state, CCE migrates container pods on the node and sets the pods running on the node to the Terminating state.After the node is restored", + "product_code":"cce", + "title":"What Should I Do If Pods in the Terminating State Cannot Be Deleted?", + "uri":"cce_faq_00210.html", + "doc_type":"usermanual2", + "p_code":"413", + "code":"421" + }, + { + "desc":"A workload is in Stopped state.The metadata.enable field in the YAML file of the workload is false. As a result, the pod of the workload is deleted and the workload is in", + "product_code":"cce", + "title":"What Should I Do If a Workload Is Stopped Caused by Pod Deletion?", + "uri":"cce_faq_00012.html", + "doc_type":"usermanual2", + "p_code":"413", + "code":"422" + }, + { + "desc":"The following exceptions occur when services are deployed on the GPU nodes in a CCE cluster:The GPU memory of containers cannot be queried.Seven GPU services are deployed", + "product_code":"cce", + "title":"What Should I Do If an Error Occurs When Deploying a Service on the GPU Node?", + "uri":"cce_faq_00109.html", + "doc_type":"usermanual2", + "p_code":"413", + "code":"423" + }, + { + "desc":"The pod remains in the creating state for a long time, and the sandbox-related errors are reported.Select a troubleshooting method for your cluster:Clusters of V1.13This ", + "product_code":"cce", + "title":"What Should I Do If Sandbox-Related Errors Are Reported When the Pod Remains in the Creating State?", + "uri":"cce_faq_00005.html", + "doc_type":"usermanual2", + "p_code":"413", + "code":"424" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Container Configuration", + "uri":"cce_faq_00095.html", + "doc_type":"usermanual2", + "p_code":"412", + "code":"425" + }, + { + "desc":"Service processing takes a long time. Pre-stop processing makes sure that during an upgrade, a pod is killed only when the service in the pod has been processed.", + "product_code":"cce", + "title":"When Is Pre-stop Processing Used?", + "uri":"cce_faq_00159.html", + "doc_type":"usermanual2", + "p_code":"425", + "code":"426" + }, + { + "desc":"When creating a workload, users can specify a container, pod, and namespace as an FQDN for accessing the container in the same namespace.FQDN stands for Fully Qualified D", + "product_code":"cce", + "title":"How Do I Set an FQDN for Accessing a Specified Container in the Same Namespace?", + "uri":"cce_faq_00261.html", + "doc_type":"usermanual2", + "p_code":"425", + "code":"427" + }, + { + "desc":"When the liveness and readiness probes fail to perform the health check, locate the service fault first.Common causes are as follows:The service processing takes a long t", + "product_code":"cce", + "title":"What Should I Do If Health Check Probes Occasionally Fail?", + "uri":"cce_faq_00255.html", + "doc_type":"usermanual2", + "p_code":"425", + "code":"428" + }, + { + "desc":"A container is started in tailf /dev/null mode and the directory permission is 700 after the startup script is manually executed. If the container is started by Kubernete", + "product_code":"cce", + "title":"How Do I Set the umask Value for a Container?", + "uri":"cce_faq_00230.html", + "doc_type":"usermanual2", + "p_code":"425", + "code":"429" + }, + { + "desc":"After the JVM startup heap memory parameter is specified for ENTRYPOINT in the Dockerfile, an error message \"invalid initial heap size\" is displayed during the deployed c", + "product_code":"cce", + "title":"What Can I Do If an Error Is Reported When a Deployed Container Is Started After the JVM Startup Heap Memory Parameter Is Specified for ENTRYPOINT in Dockerfile?", + "uri":"cce_faq_00152.html", + "doc_type":"usermanual2", + "p_code":"425", + "code":"430" + }, + { + "desc":"CCE is a fully managed Kubernetes service and is fully compatible with Kubernetes APIs and kubectl.In Kubernetes, the spec of a pod contains a restartPolicy field. The va", + "product_code":"cce", + "title":"What Is the Retry Mechanism When CCE Fails to Start a Pod?", + "uri":"cce_faq_00004.html", + "doc_type":"usermanual2", + "p_code":"425", + "code":"431" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Scheduling Policies", + "uri":"cce_faq_00284.html", + "doc_type":"usermanual2", + "p_code":"412", + "code":"432" + }, + { + "desc":"The kube-scheduler component in Kubernetes is responsible pod scheduling. For each newly created pod or other unscheduled pods, kube-scheduler selects an optimal node fro", + "product_code":"cce", + "title":"How Do I Evenly Distribute Multiple Pods to Each Node?", + "uri":"cce_faq_00260.html", + "doc_type":"usermanual2", + "p_code":"432", + "code":"433" + }, + { + "desc":"During workload scheduling, two containers on a node may compete for resources. As a result, kubelet evicts both containers. This section describes how to set a policy to", + "product_code":"cce", + "title":"How Do I Prevent a Container on a Node from Being Evicted?", + "uri":"cce_faq_00262.html", + "doc_type":"usermanual2", + "p_code":"432", + "code":"434" + }, + { + "desc":"The kube-scheduler component in Kubernetes is responsible for pod scheduling. For each newly created pod or other unscheduled pods, kube-scheduler selects an optimal node", + "product_code":"cce", + "title":"Why Are Pods Not Evenly Distributed to Nodes?", + "uri":"cce_faq_00314.html", + "doc_type":"usermanual2", + "p_code":"432", + "code":"435" + }, + { + "desc":"You can run the kubectl drain command to safely evict all pods from a node.By default, the kubectl drain command retains some system pods, for example, everest-csi-driver", + "product_code":"cce", + "title":"How Do I Evict All Pods on a Node?", + "uri":"cce_faq_00326.html", + "doc_type":"usermanual2", + "p_code":"432", + "code":"436" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Others", + "uri":"cce_faq_00186.html", + "doc_type":"usermanual2", + "p_code":"412", + "code":"437" + }, + { + "desc":"If a scheduled task is stopped during running, before its restart, the system calculates the difference between the last time the task was successfully executed and the c", + "product_code":"cce", + "title":"What Should I Do If a Scheduled Task Cannot Be Restarted After Being Stopped for a Period of Time?", + "uri":"cce_faq_00213.html", + "doc_type":"usermanual2", + "p_code":"437", + "code":"438" + }, + { + "desc":"The inter-pod discovery service of CCE corresponds to the headless Service of Kubernetes. Headless Services specify None for the cluster IP (spec:clusterIP) in YAML, whic", + "product_code":"cce", + "title":"What Is a Headless Service When I Create a StatefulSet?", + "uri":"cce_faq_00289.html", + "doc_type":"usermanual2", + "p_code":"437", + "code":"439" + }, + { + "desc":"When you replace the image of a container in a created workload and use an uploaded image on the CCE console, an error message \"Auth is empty, only accept X-Auth-Token or", + "product_code":"cce", + "title":"What Should I Do If Error Message \"Auth is empty\" Is Displayed When a Private Image Is Pulled?", + "uri":"cce_faq_00106.html", + "doc_type":"usermanual2", + "p_code":"437", + "code":"440" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Why Cannot a Pod Be Scheduled to a Node?", + "uri":"cce_faq_00293.html", + "doc_type":"usermanual2", + "p_code":"437", + "code":"441" + }, + { + "desc":"A container image is required to create a container. Images may be stored locally or in a remote image repository.The imagePullPolicy field in the Kubernetes configuratio", + "product_code":"cce", + "title":"What Is the Image Pull Policy for Containers in a CCE Cluster?", + "uri":"cce_faq_00199.html", + "doc_type":"usermanual2", + "p_code":"437", + "code":"442" + }, + { + "desc":"When containerd is used as the container engine, there is a possibility that the image layer is missing when an image is pulled to a node. As a result, the workload conta", + "product_code":"cce", + "title":"What Can I Do If a Layer Is Missing During Image Pull?", + "uri":"cce_faq_00319.html", + "doc_type":"usermanual2", + "p_code":"437", + "code":"443" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Networking", + "uri":"cce_faq_00141.html", + "doc_type":"usermanual2", + "p_code":"382", + "code":"444" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Network Planning", + "uri":"cce_faq_00146.html", + "doc_type":"usermanual2", + "p_code":"444", + "code":"445" + }, + { + "desc":"A Virtual Private Cloud (VPC) is similar to a private local area network (LAN) managed by a home gateway whose IP address is 192.168.0.0/16. A VPC is a private network bu", + "product_code":"cce", + "title":"What Is the Relationship Between Clusters, VPCs, and Subnets?", + "uri":"cce_faq_00266.html", + "doc_type":"usermanual2", + "p_code":"445", + "code":"446" + }, + { + "desc":"CCE is a universal container platform. Its default security group rules apply to common scenarios. When a cluster is created, a security group is automatically created fo", + "product_code":"cce", + "title":"Configuring Cluster Security Group Rules", + "uri":"cce_faq_00265.html", + "doc_type":"usermanual2", + "p_code":"445", + "code":"447" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Network Fault", + "uri":"cce_faq_00205.html", + "doc_type":"usermanual2", + "p_code":"444", + "code":"448" + }, + { + "desc":"Troubleshooting methods are sorted based on the occurrence probability of the possible causes. You are advised to check the possible causes from high probability to low p", + "product_code":"cce", + "title":"How Do I Locate a Workload Networking Fault?", + "uri":"cce_faq_00202.html", + "doc_type":"usermanual2", + "p_code":"448", + "code":"449" + }, + { + "desc":"CCE does not return any error code when you fail to access your applications using a browser. Check your services first.404 Not FoundIf the error code shown in the follow", + "product_code":"cce", + "title":"Why Does the Browser Return Error Code 404 When I Access a Deployed Application?", + "uri":"cce_faq_00203.html", + "doc_type":"usermanual2", + "p_code":"448", + "code":"450" + }, + { + "desc":"If a container cannot access the Internet, check whether the node where the container is located can access the Internet. Then check whether the network configuration of ", + "product_code":"cce", + "title":"What Should I Do If a Container Fails to Access the Internet?", + "uri":"cce_faq_00204.html", + "doc_type":"usermanual2", + "p_code":"448", + "code":"451" + }, + { + "desc":"If a node fails to be connected to the Internet, perform the following operations:Log in to the ECS console and check whether an EIP has been bound to the ECS correspondi", + "product_code":"cce", + "title":"What Should I Do If a Node Fails to Connect to the Internet (Public Network)?", + "uri":"cce_faq_00022.html", + "doc_type":"usermanual2", + "p_code":"448", + "code":"452" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Storage", + "uri":"cce_faq_00037.html", + "doc_type":"usermanual2", + "p_code":"382", + "code":"453" + }, + { + "desc":"Container storage provides storage for container workloads. It supports multiple storage classes. A pod can use any amount of storage.Currently, CCE supports local, EVS, ", + "product_code":"cce", + "title":"What Are the Differences Among CCE Storage Classes in Terms of Persistent Storage and Multi-node Mounting?", + "uri":"cce_faq_00038.html", + "doc_type":"usermanual2", + "p_code":"453", + "code":"454" + }, + { + "desc":"No. A data disk is mandatory.A data disk dedicated for kubelet and the container engine will be attached to a new node. By default, CCE uses Logical Volume Manager (LVM)", + "product_code":"cce", + "title":"Can I Add a Node Without a Data Disk?", + "uri":"cce_faq_00089.html", + "doc_type":"usermanual2", + "p_code":"453", + "code":"455" + }, + { + "desc":"When a Service deployed on CCE attempts to upload files to OBS after receiving an access request from an offline machine, an error message is displayed, indicating that t", + "product_code":"cce", + "title":"What Should I Do If the Host Cannot Be Found When Files Need to Be Uploaded to OBS During the Access to the CCE Service from a Public Network?", + "uri":"cce_faq_00218.html", + "doc_type":"usermanual2", + "p_code":"453", + "code":"456" + }, + { + "desc":"The Kubernetes pod structure does not contain ExtendPathMode. Therefore, when a user calls the API for creating a pod or deployment by using client-go, the created pod do", + "product_code":"cce", + "title":"How Can I Achieve Compatibility Between ExtendPathMode and Kubernetes client-go?", + "uri":"cce_faq_00235.html", + "doc_type":"usermanual2", + "p_code":"453", + "code":"457" + }, + { + "desc":"CCE PersistentVolumeClaims (PVCs) are implemented as they are in Kubernetes. A PVC is defined as a storage declaration and is decoupled from underlying storage. It is not", + "product_code":"cce", + "title":"Can CCE PVCs Detect Underlying Storage Faults?", + "uri":"cce_faq_00316.html", + "doc_type":"usermanual2", + "p_code":"453", + "code":"458" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Namespace", + "uri":"cce_faq_00324.html", + "doc_type":"usermanual2", + "p_code":"382", + "code":"459" + }, + { + "desc":"The namespace remains in the Deleting state. The error message \"DiscoveryFailed\" is displayed in status in the YAML file.In the preceding figure, the full error message i", + "product_code":"cce", + "title":"Why Cannot I Delete a Namespace Due to an APIService Object Access Failure?", + "uri":"cce_faq_00325.html", + "doc_type":"usermanual2", + "p_code":"459", + "code":"460" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Chart and Add-on", + "uri":"cce_faq_00215.html", + "doc_type":"usermanual2", + "p_code":"382", + "code":"461" + }, + { + "desc":"When an add-on fails to be installed, the error message \"The release name is already exist\" is returned.The add-on release record remains in the Kubernetes cluster. Gener", + "product_code":"cce", + "title":"Why Does Add-on Installation Fail and Prompt \"The release name is already exist\"?", + "uri":"cce_faq_00322.html", + "doc_type":"usermanual2", + "p_code":"461", + "code":"462" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"API & kubectl FAQs", + "uri":"cce_faq_00207.html", + "doc_type":"usermanual2", + "p_code":"382", + "code":"463" + }, + { + "desc":"You can use either of the following methods to access the cluster API Server:(Recommended) Through the cluster API. This access mode uses certificate authentication. It i", + "product_code":"cce", + "title":"How Can I Access a CCE Cluster?", + "uri":"cce_faq_00025.html", + "doc_type":"usermanual2", + "p_code":"463", + "code":"464" + }, + { + "desc":"The CCE console does not support the display of the following Kubernetes resources: DaemonSets, ReplicationControllers, ReplicaSets, and endpoints.To query these resource", + "product_code":"cce", + "title":"Can the Resources Created Using APIs or kubectl Be Displayed on the CCE Console?", + "uri":"cce_faq_00208.html", + "doc_type":"usermanual2", + "p_code":"463", + "code":"465" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"How Do I Download kubeconfig for Connecting to a Cluster Using kubectl?", + "uri":"cce_faq_00041.html", + "doc_type":"usermanual2", + "p_code":"463", + "code":"466" + }, + { + "desc":"The error message \"Error from server (ServiceUnavailable): the server is currently unable to handle the request (get nodes.metrics.k8s.io)\" is displayed after the kubectl", + "product_code":"cce", + "title":"How Do I Rectify the Error Reported When Running the kubectl top node Command?", + "uri":"cce_faq_00321.html", + "doc_type":"usermanual2", + "p_code":"463", + "code":"467" + }, + { + "desc":"When you use kubectl to create or query Kubernetes resources, the following output is returned:# kubectl get deploy Error from server (Forbidden): deployments.apps is for", + "product_code":"cce", + "title":"Why Is \"Error from server (Forbidden)\" Displayed When I Use kubectl?", + "uri":"cce_faq_00311.html", + "doc_type":"usermanual2", + "p_code":"463", + "code":"468" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"DNS FAQs", + "uri":"cce_faq_00001.html", + "doc_type":"usermanual2", + "p_code":"382", + "code":"469" + }, + { + "desc":"CoreDNS QPS is positively correlated with the CPU usage. If the QPS is high, adjust the the coredns instance specifications based on the QPS.If the add-on performance rea", + "product_code":"cce", + "title":"What Should I Do If Domain Name Resolution Fails?", + "uri":"cce_faq_00197.html", + "doc_type":"usermanual2", + "p_code":"469", + "code":"470" + }, + { + "desc":"A customer bound its domain name to the private domain names in the DNS service and also to a specific VPC. It is found that the ECSs in the VPC can properly resolve the ", + "product_code":"cce", + "title":"Why Does a Container in a CCE Cluster Fail to Perform DNS Resolution?", + "uri":"cce_faq_00107.html", + "doc_type":"usermanual2", + "p_code":"469", + "code":"471" + }, + { + "desc":"The following is an example resolv.conf file for a container in a workload:In the preceding information:nameserver: IP address of the DNS. Set this parameter to the clust", + "product_code":"cce", + "title":"How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out?", + "uri":"cce_faq_00195.html", + "doc_type":"usermanual2", + "p_code":"469", + "code":"472" + }, + { + "desc":"CCE uses dnsPolicy to identify different DNS policies for each pod. The value of dnsPolicy can be either of the following:None: No DNS policy is configured. In this mode,", + "product_code":"cce", + "title":"How Do I Configure a DNS Policy for a Container?", + "uri":"cce_faq_00194.html", + "doc_type":"usermanual2", + "p_code":"469", + "code":"473" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Image Repository FAQs", + "uri":"cce_faq_00093.html", + "doc_type":"usermanual2", + "p_code":"382", + "code":"474" + }, + { + "desc":"SoftWare Repository for Container (SWR) manages images for CCE. It provides the following ways to upload images:Uploading an Image Through the Client", + "product_code":"cce", + "title":"How Do I Upload My Images to CCE?", + "uri":"cce_faq_00032.html", + "doc_type":"usermanual2", + "p_code":"474", + "code":"475" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Permissions", + "uri":"cce_faq_00397.html", + "doc_type":"usermanual2", + "p_code":"382", + "code":"476" + }, + { + "desc":"Namespace permissions and cluster management permissions are independent and complementary to each other.Namespace permissions: apply to clusters and are used to manage o", + "product_code":"cce", + "title":"Can I Configure Only Namespace Permissions Without Cluster Management Permissions?", + "uri":"cce_faq_00398.html", + "doc_type":"usermanual2", + "p_code":"476", + "code":"477" + }, + { + "desc":"CCE has cloud service APIs and cluster APIs.Cloud service APIs: You can perform operations on the infrastructure (such as creating nodes) and cluster resources (such as c", + "product_code":"cce", + "title":"Can I Use CCE APIs If the Cluster Management Permissions Are Not Configured?", + "uri":"cce_faq_00399.html", + "doc_type":"usermanual2", + "p_code":"476", + "code":"478" + }, + { + "desc":"IAM authentication is not required for running kubectl commands. Therefore, you can run kubectl commands without configuring cluster management (IAM) permissions. However", + "product_code":"cce", + "title":"Can I Use kubectl If the Cluster Management Permissions Are Not Configured?", + "uri":"cce_faq_00400.html", + "doc_type":"usermanual2", + "p_code":"476", + "code":"479" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"cce", + "title":"Reference", + "uri":"cce_faq_00292.html", + "doc_type":"usermanual2", + "p_code":"382", + "code":"480" + }, + { + "desc":"The default storage size of a container is 10 GB. If a large volume of data is generated in the container, expand the capacity using the method described in this topic.Re", + "product_code":"cce", + "title":"How Do I Expand the Storage Capacity of a Container?", + "uri":"cce_faq_00224.html", + "doc_type":"usermanual2", + "p_code":"480", + "code":"481" + }, + { + "desc":"Add hostNetwork: true to the spec.spec. in the YAML file of the workload to which the containers will belong.Configure node affinity policies, in addition to perform the ", + "product_code":"cce", + "title":"How Can Container IP Addresses Survive a Container Restart?", + "uri":"cce_faq_00192.html", + "doc_type":"usermanual2", + "p_code":"480", + "code":"482" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -3426,7 +4344,7 @@ "uri":"cce_01_9999.html", "doc_type":"usermanual2", "p_code":"", - "code":"381" + "code":"483" }, { "desc":"CCE 2.0 inherits and modifies the features of CCE 1.0, and release new features.Modified features:Clusters in CCE 1.0 are equivalent to Hybrid clusters in CCE 2.0.CCE 2.0", @@ -3434,8 +4352,8 @@ "title":"Differences Between CCE 1.0 and CCE 2.0", "uri":"cce_01_9998.html", "doc_type":"usermanual2", - "p_code":"381", - "code":"382" + "p_code":"483", + "code":"484" }, { "desc":"Migrate the images stored in the image repository of CCE 1.0 to CCE 2.0.A VM is available. The VM is bound to a public IP address and can access the Internet. Docker (ear", @@ -3443,8 +4361,8 @@ "title":"Migrating Images", "uri":"cce_01_9997.html", "doc_type":"usermanual2", - "p_code":"381", - "code":"383" + "p_code":"483", + "code":"485" }, { "desc":"Create Hybrid clusters on the CCE 2.0 console. These new Hybrid clusters should have the same specifications with those created on CCE 1.0.To create clusters using APIs, ", @@ -3452,8 +4370,8 @@ "title":"Migrating Clusters", "uri":"cce_01_9996.html", "doc_type":"usermanual2", - "p_code":"381", - "code":"384" + "p_code":"483", + "code":"486" }, { "desc":"This section describes how to create a Deployment with the same specifications as that in CCE 1.0 on the CCE 2.0 console.It is advised to delete the applications on CCE 1", @@ -3461,8 +4379,8 @@ "title":"Migrating Applications", "uri":"cce_01_9995.html", "doc_type":"usermanual2", - "p_code":"381", - "code":"385" + "p_code":"483", + "code":"487" }, { "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", @@ -3471,6 +4389,6 @@ "uri":"cce_01_0300.html", "doc_type":"usermanual2", "p_code":"", - "code":"386" + "code":"488" } ] \ No newline at end of file diff --git a/docs/cce/umn/cce_01_0091.html b/docs/cce/umn/cce_01_0091.html index df22ad91d..091432ce7 100644 --- a/docs/cce/umn/cce_01_0091.html +++ b/docs/cce/umn/cce_01_0091.html @@ -10,7 +10,7 @@
-
Parent topic: Service Overview
+
Parent topic: Service Overview
diff --git a/docs/cce/umn/cce_01_0203.html b/docs/cce/umn/cce_01_0203.html deleted file mode 100644 index 20f65d940..000000000 --- a/docs/cce/umn/cce_01_0203.html +++ /dev/null @@ -1,20 +0,0 @@ - - -

How Do I Troubleshoot Insufficient EIPs When a Node Is Added?

-

Symptom

When a node is added, EIP is set to Automatically assign. The node cannot be created, and a message indicating that EIPs are insufficient is displayed.

-
Figure 1 Purchasing an EIP
-
-

Solution

Two methods are available to solve the problem.

-
  • Method 1: Unbind the VMs bound with EIPs and add a node again.
    1. Log in to the management console.
    2. Choose Service List > Computing > Elastic Cloud Server.
    3. In the ECS list, locate the target ECS and click its name.
    4. On the ECS details page, click the EIPs tab. In the EIP list, click Unbind at the row of the target ECS and click Yes.
      Figure 2 Unbinding an EIP
      -
    5. Return to the Create Node page on the CCE console and click Use existing to add an EIP.
      Figure 3 Using an unbound EIP
      -
    -
  • Method 2: Increase the EIP quota.

    Quotas are used to limit the number of resources available to users. If the existing resource quota cannot meet your service requirements, you can increase your quota.

    -
-
-
-
-
-
Parent topic: Reference
-
-
- diff --git a/docs/cce/umn/cce_01_0204.html b/docs/cce/umn/cce_01_0204.html deleted file mode 100644 index 03aa6e158..000000000 --- a/docs/cce/umn/cce_01_0204.html +++ /dev/null @@ -1,80 +0,0 @@ - - -

How Do I Format a Data Disk Using Command Line Injection?

-

Before using command line injection, write a script that can format data disks and save it to your OBS bucket. Then, inject a command line that will automatically execute the disk formatting script when the node is up. Use input parameters to specify the size of each docker data disk (for example, the default docker disk of 100 GB and the additional disk of 110 GB) and the mount path (/data/code) of the additional disk. In this example, the script is named formatdisk.sh.

-

Example command line:

-
cd /tmp;curl -k -X GET OBS bucket address/formatdisk.sh -1 -O;fdisk -l;sleep 30;bash -x formatdisk.sh 100 /data/code;fdisk -l
-

Example script (formatdisk.sh):

-
dockerdisksize=$1
-mountdir=$2
-systemdisksize=40
-i=0
-while [ 20 -gt $i ]; do 
-    echo $i; 
-    if [ $(lsblk -o KNAME,TYPE | grep disk | grep -v nvme | awk '{print $1}' | awk '{ print "/dev/"$1}' |wc -l) -ge 3 ]; then 
-        break 
-    else 
-        sleep 5 
-    fi; 
-    i=$[i+1] 
-done 
-all_devices=$(lsblk -o KNAME,TYPE | grep disk | grep -v nvme | awk '{print $1}' | awk '{ print "/dev/"$1}')
-for device in ${all_devices[@]}; do
-    isRawDisk=$(sudo lsblk -n $device 2>/dev/null | grep disk | wc -l)
-    if [[ ${isRawDisk} > 0 ]]; then
-        # is it partitioned ?
-        match=$(sudo lsblk -n $device 2>/dev/null | grep -v disk | wc -l)
-        if [[ ${match} > 0 ]]; then
-            # already partited
-            [[ -n "${DOCKER_BLOCK_DEVICES}" ]] && echo "Raw disk ${device} has been partition, will skip this device"
-            continue
-        fi
-    else
-        isPart=$(sudo lsblk -n $device 2>/dev/null | grep part | wc -l)
-        if [[ ${isPart} -ne 1 ]]; then
-            # not parted
-            [[ -n "${DOCKER_BLOCK_DEVICES}" ]] && echo "Disk ${device} has not been partition, will skip this device"
-            continue
-        fi
-        # is used ?
-        match=$(sudo lsblk -n $device 2>/dev/null | grep -v part | wc -l)
-        if [[ ${match} > 0 ]]; then
-            # already used
-            [[ -n "${DOCKER_BLOCK_DEVICES}" ]] && echo "Disk ${device} has been used, will skip this device"
-            continue
-        fi
-        isMount=$(sudo lsblk -n -o MOUNTPOINT $device 2>/dev/null)
-        if [[ -n ${isMount} ]]; then
-            # already used
-            [[ -n "${DOCKER_BLOCK_DEVICES}" ]] && echo "Disk ${device} has been used, will skip this device"
-            continue
-        fi
-        isLvm=$(sudo sfdisk -lqL 2>>/dev/null | grep $device | grep "8e.*Linux LVM")
-        if [[ ! -n ${isLvm} ]]; then
-            # part system type is not Linux LVM
-            [[ -n "${DOCKER_BLOCK_DEVICES}" ]] && echo "Disk ${device} system type is not Linux LVM, will skip this device"
-            continue
-        fi
-    fi
-    block_devices_size=$(sudo lsblk -n -o SIZE $device 2>/dev/null | awk '{ print $1}')
-    if [[ ${block_devices_size}"x" != "${dockerdisksize}Gx" ]] && [[ ${block_devices_size}"x" != "${systemdisksize}Gx" ]]; then
-echo "n
-p
-1
-
-
-w
-" | fdisk $device
-        mkfs -t ext4 ${device}1
-        mkdir -p $mountdir
-        echo "${device}1  $mountdir ext4  noatime  0 0" | sudo tee -a /etc/fstab >/dev/null
-        mount $mountdir
-    fi
-done
-
-
-
-
Parent topic: Reference
-
-
- diff --git a/docs/cce/umn/cce_01_0300.html b/docs/cce/umn/cce_01_0300.html index 4515f98ea..5a6b3b2c8 100644 --- a/docs/cce/umn/cce_01_0300.html +++ b/docs/cce/umn/cce_01_0300.html @@ -8,7 +8,17 @@ -

2023-05-30

+

2023-11-06

+ + + + +

2023-08-15

+ + + + +

2023-05-30

@@ -25,7 +35,7 @@

2022-11-21

-

Added Best Practice.

+

Added Best Practice.

2022-08-27

diff --git a/docs/cce/umn/cce_01_0999.html b/docs/cce/umn/cce_01_0999.html deleted file mode 100644 index fa785574e..000000000 --- a/docs/cce/umn/cce_01_0999.html +++ /dev/null @@ -1,158 +0,0 @@ - - -

How Do I Use heapster in Clusters of v1.13.10?

-

After a cluster of v1.13.10 is created, you can use heapster only after rbac is enabled.

-

Procedure

  1. Connect to the cluster on which you need to use heapster.
  2. Delete the existing heapster cluster role.

    kubectl delete clusterrole system:heapster

    -

  3. Create a heapster cluster role.

    Copy the following file to a server on which kubectl is supported, and name the file to heapster-cluster-role.yaml.

    -
    apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  annotations:
-    rbac.authorization.kubernetes.io/autoupdate: "true"
-  labels:
-    kubernetes.io/bootstrapping: rbac-defaults
-  name: system:heapster
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - events
-  - namespaces
-  - nodes
-  - pods
-  - nodes/stats
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-- apiGroups:
-  - extensions
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - update
-  - watch
    -

    Run the following command to create a heapster cluster role.

    -

    kubectl create -f heapster-cluster-role.yaml

    -

  4. Create a heapster service account.

    Copy the following file to a server on which kubectl is supported, and name the file to heapster-serviceaccount.yaml.

    -
    apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: heapster
-  namespace: kube-system
    -

    Run the following command to create a heapster service account.

    -

    kubectl create -f heapster-serviceaccount.yaml

    -

  5. Create a heapster cluster role binding.

    Copy the following file to a server on which kubectl is supported, and name the file to heapster-cluster-rolebinding.yaml.

    -
    kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: heapster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:heapster
-subjects:
-- kind: ServiceAccount
-  name: heapster
-  namespace: kube-system
    -

    Run the following command to create a heapster cluster role binding.

    -

    kubectl create -f heapster-cluster-rolebinding.yaml

    -

  6. Re-create the heapster deployment.

    Copy the following file to a server on which kubectl is supported, and name the file to heapster-apiserver.yaml.

    -
    apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  annotations:
-    deployment.kubernetes.io/revision: "1"
-  generation: 1
-  labels:
-    k8s-app: heapster
-    module: apiserver
-    version: v6
-  name: heapster-apiserver
-  namespace: kube-system
-spec:
-  progressDeadlineSeconds: 2147483647
-  replicas: 1
-  revisionHistoryLimit: 2147483647
-  selector:
-    matchLabels:
-      k8s-app: heapster
-      module: apiserver
-      version: v6
-  strategy:
-    rollingUpdate:
-      maxSurge: 1
-      maxUnavailable: 1
-    type: RollingUpdate
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        k8s-app: heapster
-        module: apiserver
-        version: v6
-      name: heapster
-    spec:
-      containers:
-      - command:
-        - /heapster
-        - --source=kubernetes.summary_api:''?useServiceAccount=true&kubeletPort=10250&kubeletHttps=true&insecure=true&auth=/srv/config
-        - --api-server
-        - --secure-port=6443
-        image: k8s.gcr.io/heapster-amd64:v1.5.3
-        imagePullPolicy: IfNotPresent
-        name: heapster
-        ports:
-        - containerPort: 6443
-          name: https
-          protocol: TCP
-        - containerPort: 8080
-          name: http
-          protocol: TCP
-        resources: {}
-        securityContext:
-          runAsUser: 0
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-        volumeMounts:
-        - mountPath: /root/.kube
-          name: config
-        - mountPath: /srv/config
-          name: heapster
-          subPath: config
-      dnsPolicy: ClusterFirst
-      restartPolicy: Always
-      schedulerName: default-scheduler
-      securityContext: {}
-      serviceAccount: heapster
-      serviceAccountName: heapster
-      terminationGracePeriodSeconds: 30
-      volumes:
-      - hostPath:
-          path: /root/.kube
-          type: ""
-        name: config
-      - configMap:
-          defaultMode: 420
-          items:
-          - key: config
-            path: config
-          name: heapster
-        name: heapster
    -

    Run the following commands to re-create the heapster deployment.

    -

    kubectl delete -f heapster-apiserver.yaml

    -

    kubectl create -f heapster-apiserver.yaml

    -

  7. Check whether heapster is enabled.

    kubectl top nodes

    -

    heapster is enabled when statistics are displayed in the command output.

    -

-
-
-
-
-
Parent topic: Reference
-
-
- diff --git a/docs/cce/umn/cce_10_0002.html b/docs/cce/umn/cce_10_0002.html index b36429447..bd79eafbb 100644 --- a/docs/cce/umn/cce_10_0002.html +++ b/docs/cce/umn/cce_10_0002.html @@ -6,13 +6,9 @@ diff --git a/docs/cce/umn/cce_10_0003.html b/docs/cce/umn/cce_10_0003.html index 727777ad0..b9e39860f 100644 --- a/docs/cce/umn/cce_10_0003.html +++ b/docs/cce/umn/cce_10_0003.html @@ -1,15 +1,15 @@

Resetting a Node

-

Scenario

You can reset a node to modify the node configuration, such as the node OS and login mode.

+

Scenario

You can reset a node to modify the node configuration, such as the node OS and login mode.

Resetting a node will reinstall the node OS and the Kubernetes software on the node. If a node is unavailable because you modify the node configuration, you can reset the node to rectify the fault.

-

Notes and Constraints

  • For CCE clusters and CCE Turbo clusters, the version must be v1.13 or later to support node resetting.
+

Constraints

  • For CCE clusters and CCE Turbo clusters, the version must be v1.13 or later to support node resetting.
-

Notes

  • Only worker nodes can be reset. If the node is still unavailable after the resetting, delete the node and create a new one.
  • Resetting a node will reinstall the node OS and interrupt workload services running on the node. Therefore, perform this operation during off-peak hours.
  • Data in the system disk and Docker data disks will be cleared. Back up important data before resetting the node.
  • When an extra data disk is mounted to a node, data in this disk will be cleared if the disk has not been unmounted before the node reset. To prevent data loss, back up data in advance and mount the data disk again after the node reset is complete.
  • The IP addresses of the workload pods on the node will change, but the container network access is not affected.
  • There is remaining EVS disk quota.
  • While the node is being deleted, the backend will set the node to the unschedulable state.
+

Precautions

  • Only worker nodes can be reset. If the node is still unavailable after the resetting, delete the node and create a new one.
  • Resetting a node will reinstall the node OS and interrupt workload services running on the node. Therefore, perform this operation during off-peak hours.
  • Data in the system disk and Docker data disks will be cleared. Back up important data before resetting the node.
  • When an extra data disk is mounted to a node, data in this disk will be cleared if the disk has not been unmounted before the node reset. To prevent data loss, back up data in advance and mount the data disk again after the node reset is complete.
  • The IP addresses of the workload pods on the node will change, but the container network access is not affected.
  • There is remaining EVS disk quota.
  • While the node is being deleted, the backend will set the node to the unschedulable state.
  • Resetting a node will cause PVC/PV data loss for the local PV associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the reset node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod is always in the creating state because the underlying logical volume corresponding to the PVC does not exist.
-

Procedure

The new console allows you to reset nodes in batches. You can also use private images to reset nodes in batches.

-
  1. Log in to the CCE console.
  2. Click the cluster name and access the cluster details page, choose Nodes in the navigation pane, and select one or multiple nodes to be reset in the list on the right. Choose More > Reset.
  3. In the displayed dialog box, click Yes.

    • For nodes in the DefaultPool node pool, the parameter setting page is displayed. Set the parameters by referring to 4.
    • For a node you create in a node pool, resetting the node does not support parameter configuration. You can directly use the configuration image of the node pool to reset the node.
    +

    Procedure

    The new console allows you to reset nodes in batches. You can also use a private image to reset nodes in batches.

    +
    1. Log in to the CCE console and click the cluster name to access the cluster console.
    2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane, and select one or multiple nodes to be reset in the list. Choose More > Reset Node.
    3. In the displayed dialog box, click Next.

      • For nodes in the DefaultPool node pool, the parameter setting page is displayed. Set the parameters by referring to 4.
      • For a node you create in a node pool, resetting the node does not support parameter configuration. You can directly use the configuration image of the node pool to reset the node.

    4. Specify node parameters.

      Compute Settings
      @@ -17,27 +17,27 @@ - - - - @@ -47,22 +47,22 @@

      Storage Settings

      Configure storage resources on a node for the containers running on it. -
      Table 1 Configuration parameters

      Parameter

      Specification

      +

      Specifications

      Node specifications cannot be modified when you reset a node.

      +

      Specifications cannot be modified when you reset a node.

      Container Engine

      CCE clusters support Docker and containerd in some scenarios.
      • VPC network clusters of v1.23 and later versions support containerd. Container tunnel network clusters of v1.23.2-r0 and later versions support containerd.
      • For a CCE Turbo cluster, both Docker and containerd are supported. For details, see Mapping between Node OSs and Container Engines.
      +
      CCE clusters support Docker and containerd in some scenarios.
      • VPC network clusters of v1.23 and later versions support containerd. Tunnel network clusters of v1.23.2-r0 and later versions support containerd.
      • For a CCE Turbo cluster, both Docker and containerd are supported. For details, see Mapping between Node OSs and Container Engines.

      OS

      Public image: Select an OS for the node.

      -

      Private image: You can use private images.

      +

      Private image: You can use private images.

      Login Mode

      • Key Pair

        Select the key pair used to log in to the node. You can select a shared key.

        -

        A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.

        +
      • Key Pair

        Select the key pair used to log in to the node. You can select a shared key.

        +

        A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
      Table 2 Configuration parameters

      Parameter

      +
      - - - - - @@ -70,62 +70,62 @@
      Advanced Settings -
      Table 2 Configuration parameters

      Parameter

      Description

      +

      Description

      System Disk

      +

      System Disk

      Directly use the system disk of the cloud server.

      +

      Directly use the system disk of the cloud server.

      Data Disk

      +

      Data Disk

      At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.

      -

      Click Expand and select Allocate Disk Space to define the disk space occupied by the container runtime to store the working directories, container image data, and image metadata. For details about how to allocate data disk space, see Data Disk Space Allocation.

      -

      For other data disks, a raw disk is created without any processing by default. You can also click Expand and select Mount Disk to mount the data disk to a specified directory.

      +

      At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.

      +

      Click Expand and select Allocate Disk Space to define the disk space occupied by the container runtime to store the working directories, container image data, and image metadata. For details about how to allocate data disk space, see Data Disk Space Allocation.

      +

      For other data disks, a raw disk is created without any processing by default. You can also click Expand and select Mount Disk to mount the data disk to a specified directory.

      -
      Table 3 Advanced configuration parameters

      Parameter

      +
      - - - - - - - - - - - - -
      Table 3 Advanced configuration parameters

      Parameter

      Description

      +

      Description

      Kubernetes Label

      +

      Kubernetes Label

      Click Add to set the key-value pair attached to the Kubernetes objects (such as pods). A maximum of 20 labels can be added.

      -

      Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.

      +

      Click Add to set the key-value pair attached to the Kubernetes objects (such as pods). A maximum of 20 labels can be added.

      +

      Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.

      Resource Tag

      +

      Resource Tag

      You can add resource tags to classify resources.

      -

      You can create predefined tags in Tag Management Service (TMS). Predefined tags are visible to all service resources that support the tagging function. You can use these tags to improve tagging and resource migration efficiency.

      -

      CCE will automatically create the "CCE-Dynamic-Provisioning-Node=node id" tag.

      +

      You can add resource tags to classify resources.

      +

      You can create predefined tags in Tag Management Service (TMS). Predefined tags are available to all service resources that support tags. You can use these tags to improve tagging and resource migration efficiency.

      +

      CCE will automatically create the "CCE-Dynamic-Provisioning-Node=node id" tag.

      Taint

      +

      Taint

      This parameter is left blank by default. You can add taints to set anti-affinity for the node. A maximum of 10 taints are allowed for each node. Each taint contains the following parameters:
      • Key: A key must contain 1 to 63 characters starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
      • Value: A value must start with a letter or digit and can contain a maximum of 63 characters, including letters, digits, hyphens (-), underscores (_), and periods (.).
      • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
      -
      NOTICE:
      • If taints are used, you must configure tolerations in the YAML files of pods. Otherwise, scale-up may fail or pods cannot be scheduled onto the added nodes.
      • After a node pool is created, you can click Edit to modify its configuration. The modification will be synchronized to all nodes in the node pool.
      +
      This field is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
      • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
      • Value: A value must start with a letter or digit and can contain a maximum of 63 characters, including letters, digits, hyphens (-), underscores (_), and periods (.).
      • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
      +
      NOTICE:
      • If taints are used, you must configure tolerations in the YAML files of pods. Otherwise, scale-up may fail or pods cannot be scheduled onto the added nodes.
      • After a node pool is created, you can click Edit to modify its configuration. The modification will be synchronized to all nodes in the node pool.

      Max. Pods

      +

      Max. Pods

      Maximum number of pods that can run on the node, including the default system pods.

      -

      This limit prevents the node from being overloaded with pods.

      +

      Maximum number of pods that can run on the node, including the default system pods.

      +

      This limit prevents the node from being overloaded with pods.

      Pre-installation Command

      +

      Pre-installation Command

      Enter commands. A maximum of 1,000 characters are allowed.

      -

      The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.

      +

      Enter commands. A maximum of 1,000 characters are allowed.

      +

      The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.

      Post-installation Command

      +

      Post-installation Command

      Enter commands. A maximum of 1,000 characters are allowed.

      -

      The script will be executed after Kubernetes software is installed and will not affect the installation.

      +

      Enter commands. A maximum of 1,000 characters are allowed.

      +

      The script will be executed after Kubernetes software is installed and will not affect the installation.
      -

    5. Click Next: Confirm.
    6. Click Submit.
      7. +

    7. Click Next: Confirm.
    8. Click Submit.

      9. -
      Parent topic: Nodes
      +
      Parent topic: Management Nodes
      diff --git a/docs/cce/umn/cce_10_0004.html b/docs/cce/umn/cce_10_0004.html index bbe9012a5..e72ea998b 100644 --- a/docs/cce/umn/cce_10_0004.html +++ b/docs/cce/umn/cce_10_0004.html @@ -6,100 +6,102 @@

      Inherent Label of a Node

      After a node is created, some fixed labels exist and cannot be deleted. For details about these labels, see Table 1.

      +

      Do not manually change the inherent labels that are automatically added to a node. If the manually changed value conflicts with the system value, the system value prevails.

      +
      -
      - - - - - - -
      Table 1 Inherent label of a node

      Key

      +
      - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      Table 1 Inherent labels of a node

      Key

      Description

      +

      Description

      New: topology.kubernetes.io/region

      +

      New: topology.kubernetes.io/region

      Old: failure-domain.beta.kubernetes.io/region

      Region where the node is located

      +

      Region where the node is located

      New: topology.kubernetes.io/zone

      +

      New: topology.kubernetes.io/zone

      Old: failure-domain.beta.kubernetes.io/zone

      AZ where the node is located

      +

      AZ where the node is located

      New: node.kubernetes.io/baremetal

      +

      New: node.kubernetes.io/baremetal

      Old: failure-domain.beta.kubernetes.io/is-baremetal

      Whether the node is a bare metal node

      +

      Whether the node is a bare metal node

      false indicates that the node is not a bare metal node.

      node.kubernetes.io/instance-type

      +

      node.kubernetes.io/instance-type

      Node specifications

      +

      Node specifications

      kubernetes.io/arch

      +

      kubernetes.io/arch

      Node processor architecture

      +

      Node processor architecture

      kubernetes.io/hostname

      +

      kubernetes.io/hostname

      Node name

      +

      Node name

      kubernetes.io/os

      +

      kubernetes.io/os

      OS type

      +

      OS type

      node.kubernetes.io/subnetid

      +

      node.kubernetes.io/subnetid

      ID of the subnet where the node is located.

      +

      ID of the subnet where the node is located.

      os.architecture

      +

      os.architecture

      Node processor architecture

      +

      Node processor architecture

      For example, amd64 indicates a AMD64-bit processor.

      os.name

      +

      os.name

      Node OS name

      +

      Node OS name

      os.version

      +

      os.version

      Node OS kernel version

      +

      Node OS kernel version

      node.kubernetes.io/container-engine

      +

      node.kubernetes.io/container-engine

      Container engine used by the node.

      +

      Container engine used by the node.

      accelerator

      +

      accelerator

      GPU node labels.

      +

      GPU node labels.

      cce.cloud.com/cce-nodepool

      +

      cce.cloud.com/cce-nodepool

      The dedicated label of a node in a node pool.

      +

      The dedicated label of a node in a node pool.
      -

      Adding or Deleting a Node Label

      1. Log in to the CCE console.
      2. Click the cluster name, access the cluster details page, and choose Nodes in the navigation pane. On the page displayed, select a node and click Manage Labels and Taints.
      3. In the displayed dialog box, click Add batch operations under Batch Operation, and then choose Add/Update or Delete.

        Enter the key and value of the label to be added or deleted, and click OK.

        +

        Adding or Deleting a Node Label

        1. Log in to the CCE console.
        2. Click the cluster name, access the cluster details page, and choose Nodes in the navigation pane. On the page displayed, select a node and click Manage Labels and Taints.
        3. In the displayed dialog box, click Add batch operations under Batch Operation, and then choose Add/Update or Delete.

          Enter the key and value of the label to be added or deleted, and click OK.

          For example, the key is deploy_qa and the value is true, indicating that the node is used to deploy the QA (test) environment.

        4. After the label is added, check the added label in node data.
      -
      Parent topic: Nodes
      +
      Parent topic: Management Nodes
      diff --git a/docs/cce/umn/cce_10_0006.html b/docs/cce/umn/cce_10_0006.html index 361fba7e5..31e51b1f0 100644 --- a/docs/cce/umn/cce_10_0006.html +++ b/docs/cce/umn/cce_10_0006.html @@ -4,29 +4,29 @@

      CCE provides Kubernetes-native container deployment and management and supports lifecycle management of container workloads, including creation, configuration, monitoring, auto scaling, upgrade, uninstall, service discovery, and load balancing.

      Pod

      A pod is the smallest and simplest unit in the Kubernetes object model that you create or deploy. A pod encapsulates one or more containers, storage volumes, a unique network IP address, and options that govern how the containers should run.

      Pods can be used in either of the following ways:

      -
      • A container is running in a pod. This is the most common usage of pods in Kubernetes. You can view the pod as a single encapsulated container, but Kubernetes directly manages pods instead of containers.
      • Multiple containers that need to be coupled and share resources run in a pod. In this scenario, an application contains a main container and several sidecar containers, as shown in Figure 1. For example, the main container is a web server that provides file services from a fixed directory, and a sidecar container periodically downloads files to the directory.
        Figure 1 Pod
        +
        • A container is running in a pod. This is the most common usage of pods in Kubernetes. You can view the pod as a single encapsulated container, but Kubernetes directly manages pods instead of containers.
        • Multiple containers that need to be coupled and share resources run in a pod. In this scenario, an application contains a main container and several sidecar containers, as shown in Figure 1. For example, the main container is a web server that provides file services from a fixed directory, and a sidecar container periodically downloads files to the directory.
          Figure 1 Pod
        -

        In Kubernetes, pods are rarely created directly. Instead, controllers such as Deployments and jobs, are used to manage pods. Controllers can create and manage multiple pods, and provide replica management, rolling upgrade, and self-healing capabilities. A controller generally uses a pod template to create corresponding pods.

        +

        In Kubernetes, pods are rarely created directly. Instead, controllers such as Deployments and Jobs, are used to manage pods. Controllers can create and manage multiple pods, and provide replica management, rolling upgrade, and self-healing capabilities. A controller typically uses a pod template to create corresponding pods.

      Deployment

      A pod is the smallest and simplest unit that you create or deploy in Kubernetes. It is designed to be an ephemeral, one-off entity. A pod can be evicted when node resources are insufficient and disappears along with a cluster node failure. Kubernetes provides controllers to manage pods. Controllers can create and manage pods, and provide replica management, rolling upgrade, and self-healing capabilities. The most commonly used controller is Deployment.

      -
      Figure 2 Relationship between a Deployment and pods
      +
      Figure 2 Deployment

      A Deployment can contain one or more pods. These pods have the same role. Therefore, the system automatically distributes requests to multiple pods of a Deployment.

      A Deployment integrates a lot of functions, including online deployment, rolling upgrade, replica creation, and restoration of online jobs. To some extent, Deployments can be used to realize unattended rollout, which greatly reduces difficulties and operation risks in the rollout process.

      StatefulSet

      All pods under a Deployment have the same characteristics except for the name and IP address. If required, a Deployment can use the pod template to create a new pod. If not required, the Deployment can delete any one of the pods.

      However, Deployments cannot meet the requirements in some distributed scenarios when each pod requires its own status or in a distributed database where each pod requires independent storage.

      -

      With detailed analysis, it is found that each part of distributed stateful applications plays a different role. For example, the database nodes are deployed in active/standby mode, and pods are dependent on each other. In this case, you need to meet the following requirements for the pods:

      +

      With detailed analysis, it is found that each part of distributed stateful applications plays a different role. For example, the database nodes are deployed in active/standby mode, and pods are dependent on each other. In this case, the pods need to meet the following requirements:

      • A pod can be recognized by other pods. Therefore, a pod must have a fixed identifier.
      • Each pod has an independent storage device. After a pod is deleted and then restored, the data read from the pod must be the same as the previous one. Otherwise, the pod status is inconsistent.

      To address the preceding requirements, Kubernetes provides StatefulSets.

      -
      1. A StatefulSet provides a fixed name for each pod following a fixed number ranging from 0 to N. After a pod is rescheduled, the pod name and the host name remain unchanged.
      2. A StatefulSet provides a fixed access domain name for each pod through the headless Service (described in following sections).
      3. The StatefulSet creates PersistentVolumeClaims (PVCs) with fixed identifiers to ensure that pods can access the same persistent data after being rescheduled.

        +
        1. A StatefulSet provides a fixed name for each pod following a fixed number ranging from 0 to N. After a pod is rescheduled, the pod name and the host name remain unchanged.
        2. A StatefulSet provides a fixed access domain name for each pod through the headless Service (described in the following sections).
        3. The StatefulSet creates PersistentVolumeClaims (PVCs) with fixed identifiers to ensure that pods can access the same persistent data after being rescheduled.

      DaemonSet

      A DaemonSet runs a pod on each node in a cluster and ensures that there is only one pod. This works well for certain system-level applications, such as log collection and resource monitoring, since they must run on each node and need only a few pods. A good example is kube-proxy.

      DaemonSets are closely related to nodes. If a node becomes faulty, the DaemonSet will not create the same pods on other nodes.

      -
      Figure 3 DaemonSet
      +
      Figure 3 DaemonSet

      Job and Cron Job

      Jobs and cron jobs allow you to run short lived, one-off tasks in batch. They ensure the task pods run to completion.

      -
      • A job is a resource object used by Kubernetes to control batch tasks. Jobs are different from long-term servo tasks (such as Deployments and StatefulSets). The former is started and terminated at specific times, while the latter runs unceasingly unless being terminated. The pods managed by a job will be automatically removed after successfully completing tasks based on user configurations.
      • A cron job runs a job periodically on a specified schedule. A cron job object is similar to a line of a crontab file in Linux.
      +
      • A job is a resource object used by Kubernetes to control batch tasks. Jobs are different from long-term servo tasks (such as Deployments and StatefulSets). The former is started and terminated at specific times, while the latter runs unceasingly unless being terminated. The pods managed by a job will be automatically removed after completing tasks based on user configurations.
      • A cron job runs a job periodically on a specified schedule. A cron job object is similar to a line of a crontab file in Linux.

      This run-to-completion feature of jobs is especially suitable for one-off tasks, such as continuous integration (CI).

      Workload Lifecycle

      @@ -38,17 +38,17 @@

      Running

      All pods are running.

      +

      All pods are running or the number of pods is 0.

      Unready

      A container is abnormal, the number of pods is 0, or the workload is in pending state.

      +

      The container malfunctions and the pod under the workload is not working.

      Upgrading/Rolling back

      +

      Processing

      The workload is being upgraded or rolled back.

      +

      The workload is not running but no error is reported.

      Available

      @@ -71,11 +71,6 @@

      The workload is being deleted.

      Pausing

      -

      The workload is being paused.

      -
      diff --git a/docs/cce/umn/cce_10_0007.html b/docs/cce/umn/cce_10_0007.html index fe2cd9e69..7d6e92005 100644 --- a/docs/cce/umn/cce_10_0007.html +++ b/docs/cce/umn/cce_10_0007.html @@ -45,7 +45,7 @@

      Manage Label

      Labels are key-value pairs and can be attached to workloads for affinity and anti-affinity scheduling. Jobs and Cron Jobs do not support this operation.

      +

      Labels are attached to workloads as key-value pairs to manage and select workloads. Jobs and Cron Jobs do not support this operation.

      Delete

      @@ -69,54 +69,53 @@

      Monitoring a Workload

      You can view the CPU and memory usage of Deployments and pods on the CCE console to determine the resource specifications you may need. This section uses a Deployment as an example to describe how to monitor a workload.

      -
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and click Monitor of the target workload. On the page that is displayed, you can view CPU usage and memory usage of the workload.
      3. Click the workload name. On the Pods tab page, click the Monitor of the target pod to view its CPU and memory usage.
      +
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and click Monitor of the target workload. On the page that is displayed, you can view CPU usage and memory usage of the workload.
      3. Click the workload name. On the Pods tab page, click the Monitor of the target pod to view its CPU and memory usage.

      Viewing Logs

      You can view logs of Deployments, StatefulSets, DaemonSets, and jobs. This section uses a Deployment as an example to describe how to view logs.

      -
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and click the View Log of the target workload.

        On the displayed View Log window, you can view logs by time.

        +

        Before viewing logs, ensure that the time of the browser is the same as that on the backend server.

        +
        +
        1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
        2. Click the Deployments tab and click the View Log of the target workload.

          On the displayed View Log window, you can view logs.

          +

          The displayed logs are standard output logs of containers and do not have persistence and advanced O&M capabilities. To use more comprehensive log capabilities, see Logs. If the function of collecting standard output is enabled for the workload (enabled by default), you can go to AOM to view more workload logs. For details, see Using ICAgent to Collect Container Logs.

          +

      Upgrading a Workload

      You quickly upgrade Deployments, StatefulSets, and DaemonSets on the CCE console.

      This section uses a Deployment as an example to describe how to upgrade a workload.

      Before replacing an image or image version, upload the new image to the SWR service.

      -
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and click Upgrade of the target workload.

        • Workloads cannot be upgraded in batches.
        • Before performing an in-place StatefulSet upgrade, you must manually delete old pods. Otherwise, the upgrade status is always displayed as Upgrading.
        +
        1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
        2. Click the Deployments tab and click Upgrade of the target workload.

          • Workloads cannot be upgraded in batches.
          • Before performing an in-place StatefulSet upgrade, you must manually delete old pods. Otherwise, the upgrade status is always displayed as Processing.
          -

        3. Upgrade the workload based on service requirements. The method for setting parameter is the same as that for creating a workload.
        4. After the update is complete, click Upgrade Workload, manually confirm the YAML file, and submit the upgrade.
        +

      3. Upgrade the workload based on service requirements. The method for setting parameter is the same as that for creating a workload.
      4. After the update is complete, click Upgrade Workload, manually confirm the YAML file, and submit the upgrade.

      Editing a YAML file

      You can modify and download the YAML files of Deployments, StatefulSets, DaemonSets, and pods on the CCE console. YAML files of jobs and cron jobs can only be viewed, copied, and downloaded. This section uses a Deployment as an example to describe how to edit the YAML file.

      -
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and choose More > Edit YAML in the Operation column of the target workload. In the dialog box that is displayed, modify the YAML file.
      3. Click Edit and then OK to save the changes.
      4. (Optional) In the Edit YAML window, click Download to download the YAML file.
      +
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and choose More > Edit YAML in the Operation column of the target workload. In the dialog box that is displayed, modify the YAML file.
      3. Click OK.
      4. (Optional) In the Edit YAML window, click Download to download the YAML file.

      Rolling Back a Workload (Available Only for Deployments)

      CCE records the release history of all Deployments. You can roll back a Deployment to a specified version.

      -
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab, choose More > Roll Back in the Operation column of the target workload.
      3. Switch to the Change History tab page, click Roll Back to This Version of the target version, manually confirm the YAML file, and click OK.

        +
        1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
        2. Click the Deployments tab, choose More > Roll Back in the Operation column of the target workload.
        3. Switch to the Change History tab page, click Roll Back to This Version of the target version, manually confirm the YAML file, and click OK.

      Redeploying a Workload

      After you redeploy a workload, all pods in the workload will be restarted. This section uses Deployments as an example to illustrate how to redeploy a workload.

      -
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and choose More > Redeploy in the Operation column of the target workload.
      3. In the dialog box that is displayed, click Yes to redeploy the workload.
      +
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and choose More > Redeploy in the Operation column of the target workload.
      3. In the dialog box that is displayed, click Yes to redeploy the workload.

      Disabling/Enabling Upgrade (Available Only for Deployments)

      Only Deployments support this operation.

      • After the upgrade is disabled, the upgrade command can be delivered but will not be applied to the pods.

        If you are performing a rolling upgrade, the rolling upgrade stops after the disabling upgrade command is delivered. In this case, the new and old pods co-exist.

      • If a Deployment is being upgraded, it can be upgraded or rolled back. Its pods will inherit the latest updates of the Deployment. If they are inconsistent, the pods are upgraded automatically according to the latest information of the Deployment.

      Deployments in the disable upgrade state cannot be rolled back.

      -
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and choose More > Disable/Enable Upgrade in the Operation column of the workload.
      3. In the dialog box that is displayed, click Yes.
      +
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and choose More > Disable/Enable Upgrade in the Operation column of the workload.
      3. In the dialog box that is displayed, click Yes.
      -

      Managing Labels

      Labels are key-value pairs and can be attached to workloads. Workload labels are often used for affinity and anti-affinity scheduling. You can add labels to multiple workloads or a specified workload.

      -

      You can manage the labels of Deployments, StatefulSets, and DaemonSets based on service requirements. This section uses Deployments as an example to describe how to manage labels.

      -

      In the following figure, three labels (release, env, and role) are defined for workload APP 1, APP 2, and APP 3. The values of these labels vary with workload.

      -
      • Label of APP 1: [release:alpha;env:development;role:frontend]
      • Label of APP 2: [release:beta;env:testing;role:frontend]
      • Label of APP 3: [release:alpha;env:production;role:backend]
      -

      If you set key to role and value to frontend when using workload scheduling or another function, APP 1 and APP 2 will be selected.

      -
      Figure 1 Label example
      -
      1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
      2. Click the Deployments tab and choose More > Manage Label in the Operation column of the target workload.
      3. Click Add, enter a key and a value, and click OK.

        A key-value pair must contain 1 to 63 characters starting and ending with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.

        +

        Managing Labels

        Labels are key-value pairs and can be attached to workloads. You can manage and select workloads by labels. You can add labels to multiple workloads or a specified workload.

        +
        1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
        2. Click the Deployments tab and choose More > Manage Label in the Operation column of the target workload.
        3. Click Add, enter a key and a value, and click OK.

          A key-value pair must contain 1 to 63 characters starting and ending with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.

        Deleting a Workload/Job

        You can delete a workload or job that is no longer needed. Deleted workloads or jobs cannot be recovered. Exercise caution when you perform this operation. This section uses a Deployment as an example to describe how to delete a workload.

        -
        1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
        2. In the same row as the workload you will delete, choose Operation > More > Delete.

          Read the system prompts carefully. A workload cannot be recovered after it is deleted. Exercise caution when performing this operation.

          +
          1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
          2. In the same row as the workload you will delete, choose Operation > More > Delete.

            Read the system prompts carefully. A workload cannot be recovered after it is deleted. Exercise caution when performing this operation.

          3. Click Yes.

            • If the node where the pod is located is unavailable or shut down and the workload cannot be deleted, you can forcibly delete the pod from the pod list on the workload details page.
            • Ensure that the storage volumes to be deleted are not used by other workloads. If these volumes are imported or have snapshots, you can only unbind them.

        -

        Viewing Events

        This section uses Deployments as an example to illustrate how to view events of a workload. To view the event of a job or cron jon, click View Event in the Operation column of the target workload.

        -
        1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
        2. On the Deployments tab page, click the target workload. In the Pods tab page, click the View Events to view the event name, event type, number of occurrences, Kubernetes event, first occurrence time, and last occurrence time.

          Event data will be retained for one hour and then automatically deleted.

          +

          Events

          This section uses Deployments as an example to illustrate how to view events of a workload. To view the event of a job or cron jon, click View Event in the Operation column of the target workload.

          +
          1. Log in to the CCE console, go to an existing cluster, and choose Workloads in the navigation pane.
          2. On the Deployments tab page, click the target workload. In the Pods tab page, click the View Events to view the event name, event type, number of occurrences, Kubernetes event, first occurrence time, and last occurrence time.

            Event data will be retained for one hour and then automatically deleted.

          diff --git a/docs/cce/umn/cce_10_0009.html b/docs/cce/umn/cce_10_0009.html index 9772fa488..2fc10ca3f 100644 --- a/docs/cce/umn/cce_10_0009.html +++ b/docs/cce/umn/cce_10_0009.html @@ -1,20 +1,20 @@ -

          Using a Third-Party Image

          +

          Using Third-Party Images

          Scenario

          CCE allows you to create workloads using images pulled from third-party image repositories.

          -

          Generally, a third-party image repository can be accessed only after authentication (using your account and password). CCE uses the secret-based authentication to pull images. Therefore, you need to create a secret for an image repository before pulling images from the repository.

          +

          Generally, a third-party image repository can be accessed only after authentication (using your account and password). CCE uses the secret-based authentication to pull images. Therefore, create a secret for an image repository before pulling images from the repository.

          Prerequisites

          The node where the workload is running is accessible from public networks.

          -

          Using the Console

          1. Create a secret for accessing a third-party image repository.

            Click the cluster name and access the cluster console. In the navigation pane, choose ConfigMaps and Secrets. On the Secrets tab page, click Create Secret in the upper right corner. Set Secret Type to kubernetes.io/dockerconfigjson. For details, see Creating a Secret.

            +

            Using the Console

            1. Create a secret for accessing a third-party image repository.

              Click the cluster name to access the cluster console. In the navigation pane, choose ConfigMaps and Secrets. On the Secrets tab, click Create Secret in the upper right corner. Set Secret Type to kubernetes.io/dockerconfigjson. For details, see Creating a Secret.

              Enter the user name and password used to access the third-party image repository.

              -

            2. When creating a workload, you can enter a private image path in the format of domainname/namespace/imagename:tag in Image Name and select the key created in 1.

              +

            3. When creating a workload, you can enter a private image path in the format of domainname/namespace/imagename:tag for Image Name and select the key created in 1 for Image Access Credential.

            4. Set other parameters and click Create Workload.
            -

            Using kubectl

            1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
            2. Create a secret of the dockercfg type using kubectl.

              kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
              -

              In the preceding commands, myregistrykey indicates the secret name, and other parameters are described as follows:

              +

              Using kubectl

              1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
              2. Use kubectl to create a secret of the kubernetes.io/dockerconfigjson.

                kubectl create secret docker-registry myregistrykey  -n default --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
                +

                In the preceding command, myregistrykey indicates the key name, default indicates the namespace where the key is located, and other parameters are as follows:

                • DOCKER_REGISTRY_SERVER: address of a third-party image repository, for example, www.3rdregistry.com or 10.10.10.10:443
                • DOCKER_USER: account used for logging in to a third-party image repository
                • DOCKER_PASSWORD: password used for logging in to a third-party image repository
                • DOCKER_EMAIL: email of a third-party image repository
                -

              3. Use a third-party image to create a workload.

                A dockecfg secret is used for authentication when you obtain a private image. The following is an example of using the myregistrykey for authentication.
                apiVersion: v1
+
              4. Use a third-party image to create a workload.

                A kubernetes.io/dockerconfigjson secret is used for authentication when you obtain a private image. The following is an example of using the myregistrykey for authentication.
                apiVersion: v1
 kind: Pod
 metadata:
   name: foo
diff --git a/docs/cce/umn/cce_10_0010.html b/docs/cce/umn/cce_10_0010.html
index 4ce43b335..089cab3c1 100644
--- a/docs/cce/umn/cce_10_0010.html
+++ b/docs/cce/umn/cce_10_0010.html
@@ -4,35 +4,35 @@
 
                You can learn about a cluster network from the following two aspects:
                
 
                • What is a cluster network like? A cluster consists of multiple nodes, and pods (or containers) are running on the nodes. Nodes and containers need to communicate with each other. For details about the cluster network types and their functions, see Cluster Network Structure.
                • How is pod access implemented in a cluster? Accessing a pod or container is a process of accessing services of a user. Kubernetes provides Service and Ingress to address pod access issues. This section summarizes common network access scenarios. You can select the proper scenario based on site requirements. For details about the network access scenarios, see Access Scenarios.
                
 
                Cluster Network Structure
                All nodes in the cluster are located in a VPC and use the VPC network. The container network is managed by dedicated network add-ons.
                
-
                
-
                • Node Network
                  A node network assigns IP addresses to hosts (nodes in the figure above) in a cluster. You need to select a VPC subnet as the node network of the CCE cluster. The number of available IP addresses in a subnet determines the maximum number of nodes (including master nodes and worker nodes) that can be created in a cluster. This quantity is also affected by the container network. For details, see the container network model.
                  
+
                  
+
                  • Node Network
                    A node network assigns IP addresses to hosts (nodes in the figure above) in a cluster. Select a VPC subnet as the node network of the CCE cluster. The number of available IP addresses in a subnet determines the maximum number of nodes (including master nodes and worker nodes) that can be created in a cluster. This quantity is also affected by the container network. For details, see the container network model.
                    
 
                  • Container Network
                    A container network assigns IP addresses to containers in a cluster. CCE inherits the IP-Per-Pod-Per-Network network model of Kubernetes. That is, each pod has an independent IP address on a network plane and all containers in a pod share the same network namespace. All pods in a cluster exist in a directly connected flat network. They can access each other through their IP addresses without using NAT. Kubernetes only provides a network mechanism for pods, but does not directly configure pod networks. The configuration of pod networks is implemented by specific container network add-ons. The container network add-ons are responsible for configuring networks for pods and managing container IP addresses.
                    
 
                    Currently, CCE supports the following container network models:
                    
-
                    • Container tunnel network: The container tunnel network is constructed on but independent of the node network through tunnel encapsulation. This network model uses VXLAN to encapsulate Ethernet packets into UDP packets and transmits them in tunnels. Open vSwitch serves as the backend virtual switch.
                    • VPC network: The VPC network uses VPC routing to integrate with the underlying network. This network model is applicable to performance-intensive scenarios. The maximum number of nodes allowed in a cluster depends on the route quota in a VPC network. Each node is assigned a CIDR block of a fixed size. This networking model is free from tunnel encapsulation overhead and outperforms the container tunnel network model. In addition, as VPC routing includes routes to node IP addresses and the container CIDR block, container pods in a cluster can be directly accessed from outside the cluster.
                    • Developed by CCE, Cloud Native Network 2.0 deeply integrates Elastic Network Interfaces (ENIs) and Sub Network Interfaces (sub-ENIs) of VPC. Container IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to direct access requests to containers. Security groups and elastic IPs (EIPs) are bound to deliver high performance.
                    
+
                    • Container tunnel network: The container tunnel network is constructed on but independent of the node network through tunnel encapsulation. This network model uses VXLAN to encapsulate Ethernet packets into UDP packets and transmits them in tunnels. Open vSwitch serves as the backend virtual switch.
                    • VPC network: The VPC network uses VPC routing to integrate with the underlying network. This network model applies to performance-intensive scenarios. The maximum number of nodes allowed in a cluster depends on the route quota in a VPC network. Each node is assigned a CIDR block of a fixed size. This networking model is free from tunnel encapsulation overhead and outperforms the container tunnel network model. In addition, as VPC routing includes routes to node IP addresses and the container CIDR block, container pods in a cluster can be directly accessed from outside the cluster.
                    • Developed by CCE, Cloud Native Network 2.0 deeply integrates Elastic Network Interfaces (ENIs) and Sub Network Interfaces (sub-ENIs) of VPC. Container IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to direct access requests to containers. Security groups and elastic IPs (EIPs) are bound to deliver high performance.
                    
 
                    The performance, networking scale, and application scenarios of a container network vary according to the container network model. For details about the functions and features of different container network models, see Overview.
                    
-
                  • Service Network
                    Service is also a Kubernetes object. Each Service has a fixed IP address. When creating a cluster on CCE, you can specify the Service CIDR block. The Service CIDR block cannot overlap with the node or container CIDR block. The Service CIDR block can be used only within a cluster.
                    
+
                  • Service Network
                    Service is also a Kubernetes object. Each Service has a static IP address. When creating a cluster on CCE, you can specify the Service CIDR block. The Service CIDR block cannot overlap with the node or container CIDR block. The Service CIDR block can be used only within a cluster.
                    
 
                  
 
                
-
                Service
                A Service is used for pod access. With a fixed IP address, a Service forwards access traffic to pods and performs load balancing for these pods.
                
-
                Figure 1 Accessing pods through a Service
                
+
                Service
                A Service is used for pod access. With a static IP address, a Service forwards access traffic to pods and performs load balancing for these pods.
                
+
                Figure 1 Accessing pods through a Service
                
 
                You can configure the following types of Services:
                
 
                • ClusterIP: used to make the Service only reachable from within a cluster.
                • NodePort: used for access from outside a cluster. A NodePort Service is accessed through the port on the node.
                • LoadBalancer: used for access from outside a cluster. It is an extension of NodePort, to which a load balancer routes, and external systems only need to access the load balancer.
                
-
                For details about the Service, see Service Overview.
                
+
                For details about the Service, see Overview.
                
 
                
 
                Ingress
                Services forward requests using layer-4 TCP and UDP protocols. Ingresses forward requests using layer-7 HTTP and HTTPS protocols. Domain names and paths can be used to achieve finer granularities.
                
-
                Figure 2 Ingress-Service
                
-
                For details about the ingress, see Ingress Overview.
                
+
                Figure 2 Ingress-Service
                
+
                For details about the ingress, see Overview.
                
 
                
 
                Access Scenarios
                Workload access scenarios can be categorized as follows:
                
-
                • Intra-cluster access: A ClusterIP Service is used for workloads in the same cluster to access each other.
                • Access from outside a cluster: A Service (NodePort or LoadBalancer type) or an ingress is recommended for a workload outside a cluster to access workloads in the cluster.
                  • Access through the internet requires an EIP to be bound the node or load balancer.
                  • Access through the intranet requires an internal IP address to be bound the node or load balancer. If workloads are located in different VPCs, a peering connection is required to enable communication between different VPCs.
                  
-
                • The workload accesses the external network.
                  • Accessing an intranet: The workload accesses the intranet address, but the implementation method varies depending on container network models. Ensure that the peer security group allows the access requests from the container CIDR block. 
                  • Accessing a public network: You need to assign an EIP to the node where the workload runs (when the VPC network or tunnel network model is used), bind an EIP to the pod IP address (when the Cloud Native Network 2.0 model is used), or configure SNAT rules through the NAT gateway. For details, see Accessing Public Networks from a Container.
                  
+
                  • Intra-cluster access: A ClusterIP Service is used for workloads in the same cluster to access each other.
                  • Access from outside a cluster: A Service (NodePort or LoadBalancer type) or an ingress is recommended for a workload outside a cluster to access workloads in the cluster.
                    • Access through the public network: An EIP should be bound to the node or load balancer.
                    • Access through the private network: The workload can be accessed through the internal IP address of the node or load balancer. If workloads are located in different VPCs, a peering connection is required to enable communication between different VPCs.
                    
+
                  • The workload can access the external network as follows:
                    • Accessing an intranet: The workload accesses the intranet address, but the implementation method varies depending on container network models. Ensure that the peer security group allows the access requests from the container CIDR block. 
                    • Accessing a public network: Assign an EIP to the node where the workload runs (when the VPC network or tunnel network model is used), bind an EIP to the pod IP address (when the Cloud Native Network 2.0 model is used), or configure SNAT rules through the NAT gateway. For details, see Accessing Public Networks from a Container.
                    
 
                  
-
                  Figure 3 Network access diagram
                  
+
                  Figure 3 Network access diagram
                  
 
                
 
                
 
                
 
                
-
                Parent topic: Networking
                
+
                Parent topic: Network
                
 
                
 
                
 
diff --git a/docs/cce/umn/cce_10_0011.html b/docs/cce/umn/cce_10_0011.html
index e0d5cdb47..392352e5a 100644
--- a/docs/cce/umn/cce_10_0011.html
+++ b/docs/cce/umn/cce_10_0011.html
@@ -1,16 +1,16 @@
 
 
-
                Intra-Cluster Access (ClusterIP)
                
+
                ClusterIP
                
 
                Scenario
                ClusterIP Services allow workloads in the same cluster to use their cluster-internal domain names to access each other.
                
 
                The cluster-internal domain name format is <Service name>.<Namespace of the workload>.svc.cluster.local:<Port>, for example, nginx.default.svc.cluster.local:80.
                
 
                Figure 1 shows the mapping relationships between access channels, container ports, and access ports.
                
-
                Figure 1 Intra-cluster access (ClusterIP)
                
+
                Figure 1 Intra-cluster access (ClusterIP)
                
 
                
-
                Creating a ClusterIP Service
                1. Log in to the CCE console and access the cluster console.
                2. Choose Networking in the navigation pane and click Create Service in the upper right corner.
                3. Set intra-cluster access parameters.
                  • Service Name: Service name, which can be the same as the workload name.
                  • Service Type: Select ClusterIP.
                  • Namespace: Namespace to which the workload belongs.
                  • Selector: Add a label and click Add. A Service selects a pod based on the added label. You can also click Reference Workload Label to reference the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                  • Port Settings
                    • Protocol: protocol used by the Service.
                    • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                    • Container Port: port on which the workload listens. For example, Nginx uses port 80 by default.
                    
+
                    Creating a ClusterIP Service
                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                    2. Choose Networking in the navigation pane and click Create Service in the upper right corner.
                    3. Set intra-cluster access parameters.
                      • Service Name: Service name, which can be the same as the workload name.
                      • Service Type: Select ClusterIP.
                      • Namespace: Namespace to which the workload belongs.
                      • Selector: Add a label and click Add. A Service selects a pod based on the added label. You can also click Reference Workload Label to reference the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                      • Port
                        • Protocol: protocol used by the Service.
                        • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                        • Container Port: port on which the workload listens. For example, Nginx uses port 80 by default.
                        
 
                      
 
                    4. Click OK.
                    
 
                    
-
                    Setting the Access Type Using kubectl
                    You can run kubectl commands to set the access type (Service). This section uses a Nginx workload as an example to describe how to implement intra-cluster access using kubectl.
                    
+
                    Setting the Access Type Using kubectl
                    You can run kubectl commands to set the access type (Service). This section uses an Nginx workload as an example to describe how to implement intra-cluster access using kubectl.
                    
 
                    1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                    2. Create and edit the nginx-deployment.yaml and nginx-clusterip-svc.yaml files.
                      The file names are user-defined. nginx-deployment.yaml and nginx-clusterip-svc.yaml are merely example file names.
                      
 
                      vi nginx-deployment.yaml
                      apiVersion: apps/v1
 kind: Deployment
@@ -112,7 +112,7 @@ Commercial support is available at
 
                      
 
                      
 
                      
-
                      Parent topic: Services
                      
+
                      Parent topic: Service
                      
 
                      
 
                      
 
diff --git a/docs/cce/umn/cce_10_0012.html b/docs/cce/umn/cce_10_0012.html
index ace9ae5fe..8eca81634 100644
--- a/docs/cce/umn/cce_10_0012.html
+++ b/docs/cce/umn/cce_10_0012.html
@@ -3,43 +3,43 @@
 
                      Creating a Node Pool
                      
 
                      Scenario
                      This section describes how to create a node pool and perform operations on the node pool. For details about how a node pool works, see Node Pool Overview.
                      
 
                      
-
                      Notes and Constraints
                      • The autoscaler add-on needs to be installed for node auto scaling. For details about the add-on installation and parameter configuration, see autoscaler.
                      
+
                      Constraints
                      • The autoscaler add-on needs to be installed for node auto scaling. For details about the add-on installation and parameter configuration, see autoscaler.
                      
 
                      
-
                      Procedure
                      1. Log in to the CCE console.
                      2. Click the cluster name and access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                      3. In the upper right corner of the page, click Create Node Pool.
                        Basic Settings
                        
+
                        Procedure
                        1. Log in to the CCE console.
                        2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                        3. In the upper right corner of the page, click Create Node Pool.
                          Basic Settings
                          
 
-
                          Table 1 Basic settings
                          Parameter
                          
+
                          
-
-
-
-
-
-
-
@@ -54,24 +54,17 @@
 
-
-
-
-
-
-
@@ -82,15 +75,15 @@
 
-
-
@@ -100,33 +93,37 @@
 
                          Storage Settings
                          Configure storage resources on a node for the containers running on it. Set the disk size according to site requirements.
-
                          Table 1 Basic settings
                          Parameter
                          
 
                          Description
                          
+
                          Description
                          
                           		
 
                          
 
                          Node Pool Name
                          
+
                          Node Pool Name
                          
 
                          Name of a node pool. By default, the name is in the format of Cluster name-nodepool-Random number. If you do not want to use the default name format, you can customize the name.
                          
+
                          Name of a node pool. By default, the name is in the format of Cluster name-nodepool-Random number. If you do not want to use the default name format, you can customize the name.
                          
                           		
 
                          Nodes
                          
+
                          Nodes
                          
 
                          Number of nodes to be created in this node pool.
                          
+
                          Number of nodes to be created in this node pool.
                          
                           		
 
                          Auto Scaling
                          
+
                          Auto Scaling
                          
 
                          By default, auto scaling is disabled. 
                          
-
                          Install the autoscaler add-on to enable auto scaling.
                          
-
                          After you enable auto scaling by switching on , nodes in the node pool will be automatically created or deleted based on cluster loads.
                          
-
                          • Maximum Nodes and Minimum Nodes: You can set the maximum and minimum number of nodes to ensure that the number of nodes to be scaled is within a proper range.
                          • Priority: Set this parameter based on service requirements. A larger value indicates a higher priority. For example, if this parameter is set to 1 and 4 respectively for node pools A and B, B has a higher priority than A. If the priorities of multiple node pools are set to the same value, for example, 2, the node pools are not prioritized and the system performs scaling based on the minimum resource waste principle.
                             NOTE: 
                            CCE selects a node pool for auto scaling based on the following policies:
                            
-
                            1. CCE uses algorithms to determine whether a node pool meets the conditions to allow scheduling of a pod in pending state, including whether the node resources are greater than requested by the pod, and whether the nodeSelect, nodeAffinity, and taints meet the conditions. In addition, the node pools that fail to be scaled (due to insufficient resources or other reasons) and are still in the 15-minute cool-down interval are filtered.
                            2. If multiple node pools meet the scaling requirements, the system checks the priority of each node pool and selects the node pool with the highest priority for scaling. The value ranges from 0 to 100 and the default priority is 0. The value 100 indicates the highest priority, and the value 0 indicates the lowest priority.
                            3. If multiple node pools have the same priority or no priority is configured for them, the system selects the node pool that will consume the least resources based on the configured VM specification.
                            4. If the VM specifications of multiple node pools are the same but the node pools are deployed in different AZs, the system randomly selects a node pool to trigger scaling.
                            
+
                          By default, auto scaling is disabled. 
                          
+
                          To enable auto scaling, install the autoscaler add-on.
                          
+
                          After you enable auto scaling by switching on , nodes in the node pool will be automatically created or deleted based on cluster loads.
                          
+
                          • Maximum Nodes and Minimum Nodes: You can set the maximum and minimum number of nodes to ensure that the number of nodes to be scaled is within a proper range.
                          • Priority: Set this parameter based on service requirements. A larger value indicates a higher priority. For example, if this parameter is set to 1 and 4 respectively for node pools A and B, B has a higher priority than A. If the priorities of multiple node pools are set to the same value, these node pools are not prioritized and they will be scaled out by following the rule of maximizing resource utilization.
                             NOTE: 
                            CCE selects a node pool for auto scaling based on the following policies:
                            
+
                            1. CCE uses algorithms to determine whether a node pool meets the conditions to allow scheduling of a pod in pending state, including whether the node resources are greater than requested by the pod, and whether the nodeSelect, nodeAffinity, and taints meet the conditions. In addition, the node pools that fail to be scaled (due to insufficient resources or other reasons) and are still in the 15-minute cool-down interval are filtered.
                            2. If multiple node pools meet the scaling requirements, the system checks the priority of each node pool and selects the node pool with the highest priority for scaling. The value ranges from 0 to 100 and the default priority is 0. The value 100 indicates the highest priority, and the value 0 indicates the lowest priority.
                            3. If multiple node pools have the same priority or no priority is configured for them, the system selects the node pool that will consume the least resources based on the configured VM specification.
                            4. If the VM specifications of multiple node pools are the same but the node pools are deployed in different AZs, the system randomly selects a node pool to trigger scaling.
                            
 
                            
-
                          • Cooldown Period: Requied. The unit is minute. This field indicates the period during which the nodes added in the current node pool cannot be scaled in.
                            Scale-in cooling intervals can be configured in the node pool settings and the autoscaler add-on settings.
                            
-
                            Scale-in cooling interval configured in a node pool
                            
-
                            This interval indicates the period during which nodes added to the current node pool after a scale-out operation cannot be deleted. This interval takes effect at the node pool level.
                            
-
                            Scale-in cooling interval configured in the autoscaler add-on
                            
-
                            The interval after a scale-out indicates the period during which the entire cluster cannot be scaled in after the autoscaler add-on triggers scale-out (due to the unschedulable pods, metrics, and scaling policies). This interval takes effect at the cluster level.
                            
-
                            The interval after a node is deleted indicates the period during which the cluster cannot be scaled in after the autoscaler add-on triggers scale-in. This interval takes effect at the cluster level.
                            
-
                            The interval after a failed scale-in indicates the period during which the cluster cannot be scaled in after the autoscaler add-on triggers scale-in. This interval takes effect at the cluster level.
                            
+
                          • Cooldown Period: Enter a period, in minutes. This field indicates the period during which the nodes added in the current node pool cannot be scaled in.
                            Scale-in cooling intervals can be configured in the node pool settings and the autoscaler add-on settings.
                            
+
                            Scale-in cooling interval configured in a node pool
                            
+
                            This interval indicates the period during which nodes added to the current node pool after a scale-out operation cannot be deleted. This setting takes effect in the entire node pool.
                            
+
                            Scale-in cooling interval configured in the autoscaler add-on
                            
+
                            The interval after a scale-out indicates the period during which the entire cluster cannot be scaled in after the autoscaler add-on triggers scale-out (due to the unschedulable pods, metrics, and scaling policies). This setting takes effect in the entire cluster.
                            
+
                            The interval after a node is deleted indicates the period during which the cluster cannot be scaled in after the autoscaler add-on triggers scale-in. This setting takes effect in the entire cluster.
                            
+
                            The interval after a failed scale-in indicates the period during which the cluster cannot be scaled in after the autoscaler add-on triggers scale-in. This setting takes effect in the entire cluster.
                            
 
                          
-
                           NOTE: 
                          You are advised not to store important data on nodes in a node pool because after auto scaling, data cannot be restored as nodes may be deleted.
                          
+
                           NOTE: 
                          You are advised not to store important data on nodes in a node pool because after auto scaling, data cannot be restored as nodes may be deleted.
                          
 
                          
 
                          		
 
                          
 
 
                          AZ
                          
+
                          Node Type
                          
 
                          AZ where the node is located. Nodes in a cluster can be created in different AZs for higher reliability. The value cannot be changed after the node is created.
                          
-
                          You are advised to select Random to deploy your node in a random AZ based on the selected node flavor.
                          
-
                          An AZ is a physical region where resources use independent power supply and networks. AZs are physically isolated but interconnected through an internal network. To enhance workload availability, create nodes in different AZs.
                          
-
                          Node Type
                          
-
                          CCE cluster:
                          • ECS (VM): Containers run on ECSs.
                          
+
                          CCE cluster:
                          • ECS (VM): Containers run on ECSs.
                          
 
                          
-
                          CCE Turbo cluster:
                          • ECS (VM): Containers run on ECSs. Only Trunkport ECSs (models that can be bound with multiple elastic network interfaces (ENIs)) are supported.
                          
+
                          CCE Turbo cluster:
                          • ECS (VM): Containers run on ECSs. Only the ECSs that can be bound with multiple NICs are supported.
                          
 
                          
 
                          		
 
                          
 
                          Container Engine
                          
 
                          CCE clusters support Docker and containerd in some scenarios.
                          • VPC network clusters of v1.23 and later versions support containerd. Container tunnel network clusters of v1.23.2-r0 and later versions support containerd.
                          • For a CCE Turbo cluster, both Docker and containerd are supported. For details, see Mapping between Node OSs and Container Engines.
                          
+
                          CCE clusters support Docker and containerd in some scenarios.
                          • VPC network clusters of v1.23 and later versions support containerd. Tunnel network clusters of v1.23.2-r0 and later versions support containerd.
                          • For a CCE Turbo cluster, both Docker and containerd are supported. For details, see Mapping between Node OSs and Container Engines.
                          
 
                          
                           		
 
                          
 
                          OS
                          
 
                          Select an OS type. Different types of nodes support different OSs. For details, see Supported Node Specifications.
                          
+
                          Select an OS type. Different types of nodes support different OSs. For details, see Supported Node Specifications.
                          
 
                          Public image: Select an OS for the node.
                          
-
                          Private image: You can use private images.
                          
+
                          Private image: You can use private images.
                          
                           		
 
                          
 
                          Login Mode
                          
 
                          • Key Pair
                            Select the key pair used to log in to the node. You can select a shared key.
                            
-
                            A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair..
                            
+
                          • Key Pair
                            Select the key pair used to log in to the node. You can select a shared key.
                            
+
                            A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
                            
 
                          
                           		
 
                          
 
 
                          Table 3 Parameters for storage settings
                          Parameter
                          
+
                          
-
-
-
-
-
@@ -146,7 +143,7 @@
 
-
@@ -164,64 +161,66 @@
 
                          Advanced Settings
                          Configure advanced node capabilities such as labels, taints, and startup command.
-
                          Table 3 Configuration parameters
                          Parameter
                          
 
                          Description
                          
+
                          Description
                          
                           		
 
                          
 
                          System Disk
                          
+
                          System Disk
                          
 
                          System disk used by the node OS. The value ranges from 40 GB to 1,024 GB. The default value is 50 GB.
                          
-
                          Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption function. This function is available only in certain regions.
                          • Encryption is not selected by default.
                          • After you select Encryption, you can select an existing key in the displayed dialog box. If no key is available, click View Key List to create a key. After the key is created, click the refresh icon.
                          
+
                          System disk used by the node OS. The value ranges from 40 GiB to 1,024 GiB. The default value is 50 GiB.
                          
+
                          Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. This function is available only in certain regions.
                          • Encryption is not selected by default.
                          • After selecting Encryption, you can select an existing key in the displayed dialog box. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the Encryption text box.
                          
 
                          
                           		
 
                          Data Disk
                          
+
                          Data Disk
                          
 
                          At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.
                          
-
                          • First data disk: used for container runtime and kubelet components. The value ranges from 20 GB to 32,768 GB. The default value is 100 GB.
                          • Other data disks: You can set the data disk size to a value ranging from 10 GB to 32,768 GB. The default value is 100 GB.
                          
-
                          Advanced Settings
                          
-
                          Click Expand to set the following parameters:
                          
-
                          • Allocate Disk Space: Select this option to define the disk space occupied by the container runtime to store the working directories, container image data, and image metadata. For details about how to allocate data disk space, see Data Disk Space Allocation.
                          • Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption function. This function is available only in certain regions.
                            • Encryption is not selected by default.
                            • After you select Encryption, you can select an existing key in the displayed dialog box. If no key is available, click View Key List to create a key. After the key is created, click the refresh icon.
                            
+
                          At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.
                          
+
                          • First data disk: used for container runtime and kubelet components. The value ranges from 20 GiB to 32,768 GiB. The default value is 100 GiB.
                          • Other data disks: You can set the data disk size to a value ranging from 10 GB to 32,768 GiB. The default value is 100 GiB.
                          
+
                           NOTE: 
                          If the node flavor is disk-intensive or ultra-high I/O, one data disk can be a local disk.
                          
+
                          Local disks may break down and do not ensure data reliability. Store your service data in EVS disks, which are more reliable than local disks.
                          
+
                          
+
                          Advanced Settings
                          
+
                          Click Expand to configure the following parameters:
                          
+
                          • Data Disk Space Allocation: After selecting Set Container Engine Space, you can specify the proportion of the space for the container engine, image, and temporary storage on the data disk. The container engine space is used to store the working directory, container image data, and image metadata for the container runtime. The remaining space of the data disk is used for pod configuration files, keys, and EmptyDir. For details about how to allocate data disk space, see Data Disk Space Allocation.
                          • Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. This function is available only in certain regions.
                            • Encryption is not selected by default.
                            • After selecting Encryption, you can select an existing key in the displayed dialog box. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the Encryption text box.
                            
 
                          
-
                          Adding Multiple Data Disks
                          
-
                          A maximum of four data disks can be added. By default, raw disks are created without any processing. You can also click Expand and select any of the following options:
                          
-
                          • Default: By default, a raw disk is created without any processing.
                          • Mount Disk: The data disk is attached to a specified directory.
                          
-
                          Local Disk Description
                          
-
                          If the node flavor is disk-intensive or ultra-high I/O, one data disk can be a local disk.
                          
-
                          Local disks may break down and do not ensure data reliability. It is recommended that you store service data in EVS disks, which are more reliable than local disks.
                          
+
                          Adding Multiple Data Disks
                          
+
                          A maximum of four data disks can be added. By default, raw disks are created without any processing. You can also click Expand and select any of the following options:
                          
+
                          • Default: By default, a raw disk is created without any processing.
                          • Mount Disk: The data disk is attached to a specified directory.
                          • Use as PV: applicable to scenarios in which there is a high performance requirement on PVs. The node.kubernetes.io/local-storage-persistent label is added to the node with PV configured. The value is linear or striped.
                          • Use as ephemeral volume: applicable to scenarios in which there is a high performance requirement on EmptyDir.
                          
+
                           NOTE: 
                          • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                          • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the everest add-on version is 1.2.29 or later.
                          
+
                          
+
                          Local Persistent Volumes (Local PVs) and Local EVs support the following write modes:
                          • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                          • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence, allowing data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out. This option can be selected only when multiple volumes exist.
                          
+
                          
                           		
 
                          
 
                          The node subnet selected during cluster creation is used by default. You can choose another subnet instead.
                          
                           		
 
                          Node IP Address
                          
+
                          Node IP
                          
                           		
 
                          Random allocation is supported.
                          
                           		
 
 
                          Table 5 Advanced configuration parameters
                          Parameter
                          
+
                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0014.html b/docs/cce/umn/cce_10_0014.html
index 3f83ff87c..a4266a065 100644
--- a/docs/cce/umn/cce_10_0014.html
+++ b/docs/cce/umn/cce_10_0014.html
@@ -1,788 +1,25 @@
 
                          LoadBalancer
                          
-
                          Scenario
                          A workload can be accessed from public networks through a load balancer, which is more secure and reliable than EIP.
                          
-
                          The LoadBalancer access address is in the format of <IP address of public network load balancer>:<access port>, for example, 10.117.117.117:80.
                          
-
                          In this access mode, requests are transmitted through an ELB load balancer to a node and then forwarded to the destination pod through the Service.
                          
-
                          Figure 1 LoadBalancer
                          
-
                          When CCE Turbo clusters and dedicated load balancers are used, passthrough networking is supported to reduce service latency and ensure zero performance loss.
                          
-
                          External access requests are directly forwarded from a load balancer to pods. Internal access requests can be forwarded to a pod through a Service.
                          
-
                          Figure 2 Passthrough networking
                          
-
                          
-
                          Notes and Constraints
                          • LoadBalancer Services allow workloads to be accessed from public networks through ELB. This access mode has the following restrictions:
                            • It is recommended that automatically created load balancers not be used by other resources. Otherwise, these load balancers cannot be completely deleted, causing residual resources.
                            • Do not change the listener name for the load balancer in clusters of v1.15 and earlier. Otherwise, the load balancer cannot be accessed.
                            
-
                          • After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. You are advised not to modify the Service affinity setting after the Service is created. If you need to modify it, create a Service again.
                          • If the service affinity is set to the node level (that is, externalTrafficPolicy is set to Local), the cluster may fail to access the Service by using the ELB address. For details, see Why a Cluster Fails to Access Services by Using the ELB Address.
                          • CCE Turbo clusters support only cluster-level service affinity.
                          • Dedicated ELB load balancers can be used only in clusters of v1.17 and later.
                          • Dedicated load balancers must be the network type (TCP/UDP) supporting private networks (with a private IP). If the Service needs to support HTTP, the specifications of dedicated load balancers must use HTTP/HTTPS (application load balancing) in addition to TCP/UDP (network load balancing).
                          • If you create a LoadBalancer Service on the CCE console, a random node port is automatically generated. If you use kubectl to create a LoadBalancer Service, a random node port is generated unless you specify one.
                          • In a CCE cluster, if the cluster-level affinity is configured for a LoadBalancer Service, requests are distributed to the node ports of each node using SNAT when entering the cluster. The number of node ports cannot exceed the number of available node ports on the node. If the Service affinity is at the node level (local), there is no such constraint. In a CCE Turbo cluster, this constraint applies to shared ELB load balancers, but not dedicated ones. You are advised to use dedicated ELB load balancers in CCE Turbo clusters.
                          • When the cluster service forwarding (proxy) mode is IPVS, the node IP cannot be configured as the external IP of the Service. Otherwise, the node is unavailable.
                          • In a cluster using the IPVS proxy mode, if the ingress and Service use the same ELB load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer connected to the ingress. You are advised to use different ELB load balancers for the ingress and Service.
                          
-
                          
-
                          Creating a LoadBalancer Service
                          1. Log in to the CCE console and click the cluster name to access the cluster.
                          2. Choose Networking in the navigation pane and click Create Service in the upper right corner.
                          3. Set parameters.
                            • Service Name: Specify a Service name, which can be the same as the workload name.
                            • Access Type: Select LoadBalancer.
                            • Namespace: Namespace to which the workload belongs.
                            • Service Affinity: For details, see externalTrafficPolicy (Service Affinity).
                              • Cluster level: The IP addresses and access ports of all nodes in a cluster can be used to access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                              • Node level: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                              
-
                            • Selector: Add a label and click Add. A Service selects a pod based on the added label. You can also click Reference Workload Label to reference the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                            • Load Balancer
                              Select the load balancer to interconnect. Only load balancers in the same VPC as the cluster are supported. If no load balancer is available, click Create Load Balancer to create one on the ELB console.
                              
-
                              You can click the edit icon in the row of Set ELB to configure load balancer parameters.
                              
-
                              • Distribution Policy: Three algorithms are available: weighted round robin, weighted least connections algorithm, or source IP hash.
                                 
                                • Weighted round robin: Requests are forwarded to different servers based on their weights, which indicate server processing performance. Backend servers with higher weights receive proportionately more requests, whereas equal-weighted servers receive the same number of requests. This algorithm is often used for short connections, such as HTTP services.
                                • Weighted least connections: In addition to the weight assigned to each server, the number of connections processed by each backend server is also considered. Requests are forwarded to the server with the lowest connections-to-weight ratio. Building on least connections, the weighted least connections algorithm assigns a weight to each server based on their processing capability. This algorithm is often used for persistent connections, such as database connections.
                                • Source IP hash: The source IP address of each request is calculated using the hash algorithm to obtain a unique hash key, and all backend servers are numbered. The generated key allocates the client to a particular server. This enables requests from different clients to be distributed in load balancing mode and ensures that requests from the same client are forwarded to the same server. This algorithm applies to TCP connections without cookies.
                                
-
                                
-
                              • Type: This function is disabled by default. You can select Source IP address. Listeners ensure session stickiness based on IP addresses. Requests from the same IP address will be forwarded to the same backend server.
                              • Health Check: configured for the load balancer. When TCP is selected during the port settings, you can choose either TCP or HTTP. When UDP is selected during the port settings, only UDP is supported.. By default, the service port (Node Port and container port of the Service) is used for health check. You can also specify another port for health check. After the port is specified, a service port named cce-healthz will be added for the Service.
                              
-
                            • Port Settings
                              • Protocol: protocol used by the Service.
                              • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                              • Container Port: port on which the workload listens. For example, Nginx uses port 80 by default.
                              
-
                            • Annotation: The LoadBalancer Service has some advanced CCE functions, which are implemented by annotations. For details, see Service Annotations. When you use kubectl to create a container, annotations will be used. For details, see Using kubectl to Create a Service (Using an Existing Load Balancer) and Using kubectl to Create a Service (Automatically Creating a Load Balancer).
                            
-
                          4. Click OK.
                          
-
                          
-
                          Using kubectl to Create a Service (Using an Existing Load Balancer)
                          You can set the access type when creating a workload using kubectl. This section uses an Nginx workload as an example to describe how to add a LoadBalancer Service using kubectl.
                          
-
                          1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                          2. Create and edit the nginx-deployment.yaml and nginx-elb-svc.yaml files.
                            The file names are user-defined. nginx-deployment.yaml and nginx-elb-svc.yaml are merely example file names.
                            
-
                            vi nginx-deployment.yaml
                            
-
                            apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nginx
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: nginx
-  template:
-    metadata:
-      labels:
-        app: nginx
-    spec:
-      containers:
-      - image: nginx 
-        name: nginx
-      imagePullSecrets:
-      - name: default-secret
                            
-
                            
-
                            vi nginx-elb-svc.yaml
                            
-
                             
                            Before enabling sticky session, ensure that the following conditions are met:
                            
-
                            • The workload protocol is TCP.
                            • Anti-affinity has been configured between pods of the workload. That is, all pods of the workload are deployed on different nodes. For details, see Scheduling Policy (Affinity/Anti-affinity).
                            
-
                            
-
                            apiVersion: v1 
-kind: Service 
-metadata: 
-  annotations:
-    kubernetes.io/elb.id: 5083f225-9bf8-48fa-9c8b-67bd9693c4c0   # ELB ID. Replace it with the actual value.
-    kubernetes.io/elb.class: union                   # Load balancer type
-  name: nginx 
-spec: 
-  ports: 
-  - name: service0 
-    port: 80     # Port for accessing the Service, which is also the listener port on the load balancer.
-    protocol: TCP 
-    targetPort: 80  # Port used by a Service to access the target container. This port is closely related to the applications running in a container. 
-  selector: 
-    app: nginx 
-  type: LoadBalancer
                            
-
-
                          Table 5 Advanced configuration parameters
                          Parameter
                          
 
                          Description
                          
+
                          Description
                          
                           		
 
                          
 
                          Kubernetes Label
                          
+
                          Kubernetes Label
                          
 
                          Click Add to set the key-value pair attached to the Kubernetes objects (such as pods). A maximum of 20 labels can be added.
                          
-
                          Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.
                          
+
                          A key-value pair added to a Kubernetes object (such as a pod). A maximum of 20 labels can be added.
                          
+
                          Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.
                          
                           		
 
                          Resource Tag
                          
+
                          Resource Tag
                          
 
                          You can add resource tags to classify resources.
                          
-
                          You can create predefined tags in Tag Management Service (TMS). Predefined tags are visible to all service resources that support the tagging function. You can use these tags to improve tagging and resource migration efficiency. 
                          
-
                          CCE will automatically create the "CCE-Dynamic-Provisioning-Node=node id" tag.
                          
+
                          You can add resource tags to classify resources.
                          
+
                          You can create predefined tags in Tag Management Service (TMS). Predefined tags are available to all service resources that support tags. You can use these tags to improve tagging and resource migration efficiency. 
                          
+
                          CCE will automatically create the "CCE-Dynamic-Provisioning-Node=node id" tag.
                          
                           		
 
                          Taint
                          
+
                          Taint
                          
 
                          This parameter is left blank by default. You can add taints to set anti-affinity for the node. A maximum of 10 taints are allowed for each node. Each taint contains the following parameters:
                          • Key: A key must contain 1 to 63 characters starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                          • Value: A value must start with a letter or digit and can contain a maximum of 63 characters, including letters, digits, hyphens (-), underscores (_), and periods (.).
                          • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                          
+
                          This parameter is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
                          • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                          • Value: A value must start with a letter or digit and can contain a maximum of 63 characters, including letters, digits, hyphens (-), underscores (_), and periods (.).
                          • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                          
 
                          
-
                          For details, see Managing Node Taints.
                          
-
                           NOTE: 
                          For a cluster of v1.19 or earlier, the workload may have been scheduled to a node before the taint is added. To avoid such a situation, select a cluster of v1.19 or later.
                          
+
                          For details, see Managing Node Taints.
                          
+
                           NOTE: 
                          For a cluster of v1.19 or earlier, the workload may have been scheduled to a node before the taint is added. To avoid such a situation, select a cluster of v1.19 or later.
                          
 
                          
 
                          		
 
                          Max. Pods
                          
+
                          Max. Pods
                          
 
                          Maximum number of pods that can run on the node, including the default system pods.
                          
-
                          This limit prevents the node from being overloaded with pods.
                          
-
                          This number is also decided by other factors. For details, see Maximum Number of Pods That Can Be Created on a Node.
                          
+
                          Maximum number of pods that can run on the node, including the default system pods.
                          
+
                          This limit prevents the node from being overloaded with pods.
                          
+
                          This number is also decided by other factors. For details, see Maximum Number of Pods That Can Be Created on a Node.
                          
                           		
 
                          ECS Group
                          
+
                          ECS Group
                          
 
                          An ECS group logically groups ECSs. The ECSs in the same ECS group comply with the same policy associated with the ECS group.
                          
-
                          Anti-affinity: ECSs in an ECS group are deployed on different physical hosts to improve service reliability.
                          
-
                          Select an existing ECS group, or click Add ECS Group to create one. After the ECS group is created, click the refresh button.
                          
+
                          An ECS group logically groups ECSs. The ECSs in the same ECS group comply with the same policy associated with the ECS group.
                          
+
                          Anti-affinity: ECSs in an ECS group are deployed on different physical hosts to improve service reliability.
                          
+
                          Select an existing ECS group, or click Add ECS Group to create one. After the ECS group is created, click the refresh button.
                          
                           		
 
                          Pre-installation Command
                          
+
                          Pre-installation Command
                          
 
                          Enter commands. A maximum of 1,000 characters are allowed.
                          
-
                          The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.
                          
+
                          Enter commands. A maximum of 1,000 characters are allowed.
                          
+
                          The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.
                          
                           		
 
                          Post-installation Command
                          
+
                          Post-installation Command
                          
 
                          Enter commands. A maximum of 1,000 characters are allowed.
                          
-
                          The script will be executed after Kubernetes software is installed and will not affect the installation.
                          
+
                          Enter commands. A maximum of 1,000 characters are allowed.
                          
+
                          The script will be executed after Kubernetes software is installed and will not affect the installation.
                          
+
                           NOTE: 
                          Do not run the reboot command in the post-installation script to restart the system immediately. To restart the system, run the shutdown -r 1 command to delay the restart for one minute.
                          
+
                          
                           		
 
                          Agency
                          
+
                          Agency
                          
 
                          An agency is created by the account administrator on the IAM console. By creating an agency, you can share your cloud server resources with another account, or entrust a more professional person or team to manage your resources.
                          
-
                          If no agency is available, click Create Agency on the right to create one.
                          
+
                          An agency is created by the account administrator on the IAM console. By creating an agency, you can share your cloud server resources with another account, or entrust a more professional person or team to manage your resources.
                          
+
                          If no agency is available, click Create Agency on the right to create one.
                          
                           		
 
                          
                           
 
 
                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          Table 1 Key parameters
                          Parameter
                          
-
                          Mandatory
                          
-
                          Type
                          
-
                          Description
                          
-
                          kubernetes.io/elb.class
                          
-
                          Yes
                          
-
                          String
                          
-
                          Select a proper load balancer type as required.
                          
-
                          The value can be:
                          
-
                          • union: shared load balancer
                          • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                          
-
                          kubernetes.io/elb.session-affinity-mode
                          
-
                          No
                          
-
                          String
                          
-
                          Listeners ensure session stickiness based on IP addresses. Requests from the same IP address will be forwarded to the same backend server.
                          
-
                          • Disabling sticky session: Do not set this parameter.
                          • Enabling sticky session: Set this parameter to SOURCE_IP, indicating that the sticky session is based on the source IP address.
                          
-
                          kubernetes.io/elb.session-affinity-option
                          
-
                          No
                          
-
                          Table 2 Object
                          
-
                          This parameter specifies the sticky session timeout.
                          
-
                          kubernetes.io/elb.id
                          
-
                          Yes
                          
-
                          String
                          
-
                          This parameter indicates the ID of a load balancer. The value can contain 1 to 100 characters.
                          
-
                          Mandatory when an existing load balancer is to be associated.
                          
-
                          Obtaining the load balancer ID:
                          
-
                          On the management console, click Service List, and choose Networking > Elastic Load Balance. Click the name of the target load balancer. On the Summary tab page, find and copy the ID.
                          
-
                           NOTE: 
                          The system preferentially interconnects with the load balancer based on the kubernetes.io/elb.id field. If this field is not specified, the spec.loadBalancerIP field is used (optional and available only in 1.23 and earlier versions).
                          
-
                          Do not use the spec.loadBalancerIP field to connect to the load balancer. This field will be discarded by Kubernetes. For details, see Deprecation.
                          
-
                          
-
                          kubernetes.io/elb.subnet-id
                          
-
                          -
                          
-
                          String
                          
-
                          This parameter indicates the ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                          
-
                          • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                          • Optional for clusters later than v1.11.7-r0.
                          
-
                          kubernetes.io/elb.lb-algorithm
                          
-
                          No
                          
-
                          String
                          
-
                          This parameter indicates the load balancing algorithm of the backend server group. The default value is ROUND_ROBIN.
                          
-
                          Options:
                          
-
                          • ROUND_ROBIN: weighted round robin algorithm
                          • LEAST_CONNECTIONS: weighted least connections algorithm
                          • SOURCE_IP: source IP hash algorithm
                          
-
                          When the value is SOURCE_IP, the weights of backend servers in the server group are invalid.
                          
-
                          kubernetes.io/elb.health-check-flag
                          
-
                          No
                          
-
                          String
                          
-
                          Whether to enable the ELB health check.
                          
-
                          • Enabling health check: Leave blank this parameter or set it to on.
                          • Disabling health check: Set this parameter to off.
                          
-
                          If this parameter is enabled, the kubernetes.io/elb.health-check-option field must also be specified at the same time.
                          
-
                          kubernetes.io/elb.health-check-option
                          
-
                          No
                          
-
                          Table 3 Object
                          
-
                          ELB health check configuration items.
                          
-
                          
-
                          
-
-
                          
-
-
-
-
-
-
-
-
-
-
-
-
                          Table 2 Data structure of the elb.session-affinity-option field
                          Parameter
                          
-
                          Mandatory
                          
-
                          Type
                          
-
                          Description
                          
-
                          persistence_timeout
                          
-
                          Yes
                          
-
                          String
                          
-
                          Sticky session timeout, in minutes. This parameter is valid only when elb.session-affinity-mode is set to SOURCE_IP.
                          
-
                          Value range: 1 to 60. Default value: 60
                          
-
                          
-
                          
-
-
                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          Table 3 Data structure description of the elb.health-check-option field
                          Parameter
                          
-
                          Mandatory
                          
-
                          Type
                          
-
                          Description
                          
-
                          delay
                          
-
                          No
                          
-
                          String
                          
-
                          Initial waiting time (in seconds) for starting the health check.
                          
-
                          Value range: 1 to 50. Default value: 5
                          
-
                          timeout
                          
-
                          No
                          
-
                          String
                          
-
                          Health check timeout, in seconds.
                          
-
                          Value range: 1 to 50. Default value: 10
                          
-
                          max_retries
                          
-
                          No
                          
-
                          String
                          
-
                          Maximum number of health check retries.
                          
-
                          Value range: 1 to 10. Default value: 3
                          
-
                          protocol
                          
-
                          No
                          
-
                          String
                          
-
                          Health check protocol.
                          
-
                          Default value: protocol of the associated Service
                          
-
                          Value options: TCP, UDP, or HTTP
                          
-
                          path
                          
-
                          No
                          
-
                          String
                          
-
                          Health check URL. This parameter needs to be configured when the protocol is HTTP.
                          
-
                          Default value: /
                          
-
                          The value can contain 1 to 10,000 characters.
                          
-
                          
-
                          
-
                        4. Create a workload.
                          kubectl create -f nginx-deployment.yaml
                          
-
                          If information similar to the following is displayed, the workload has been created.
                          
-
                          deployment/nginx created
                          
-
                          kubectl get pod
                          
-
                          If information similar to the following is displayed, the workload is running.
                          
-
                          NAME                     READY     STATUS             RESTARTS   AGE
-nginx-2601814895-c1xhw   1/1       Running            0          6s
                          
-
                        5. Create a Service.
                          kubectl create -f nginx-elb-svc.yaml
                          
-
                          If information similar to the following is displayed, the Service has been created.
                          
-
                          service/nginx created
                          
-
                          kubectl get svc
                          
-
                          If information similar to the following is displayed, the access type has been set successfully, and the workload is accessible.
                          
-
                          NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
-kubernetes   ClusterIP      10.247.0.1       <none>        443/TCP        3d
-nginx        LoadBalancer   10.247.130.196   10.78.42.242   80:31540/TCP   51s
                          
-
                        6. Enter the URL in the address box of the browser, for example, 10.78.42.242:80. 10.78.42.242 indicates the IP address of the load balancer, and 80 indicates the access port displayed on the CCE console.
                          The Nginx is accessible.
                          
-
                          Figure 3 Accessing Nginx through the LoadBalancer Service
                          
-
                          7. 
-
-
                          Using kubectl to Create a Service (Automatically Creating a Load Balancer)
                          You can add a Service when creating a workload using kubectl. This section uses an Nginx workload as an example to describe how to add a LoadBalancer Service using kubectl.
                          
-
                          1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                          2. Create and edit the nginx-deployment.yaml and nginx-elb-svc.yaml files.
                            The file names are user-defined. nginx-deployment.yaml and nginx-elb-svc.yaml are merely example file names.
                            
-
                            vi nginx-deployment.yaml
                            
-
                            apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nginx
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: nginx
-  template:
-    metadata:
-      labels:
-        app: nginx
-    spec:
-      containers:
-      - image: nginx 
-        name: nginx
-      imagePullSecrets:
-      - name: default-secret
                            
-
                            
-
                            vi nginx-elb-svc.yaml
                            
-
                             
                            Before enabling sticky session, ensure that the following conditions are met:
                            
-
                            • The workload protocol is TCP.
                            • Anti-affinity has been configured between pods of the workload. That is, all pods of the workload are deployed on different nodes. For details, see Scheduling Policy (Affinity/Anti-affinity).
                            
-
                            
-
                            Example of a Service using a shared, public network load balancer:
                            apiVersion: v1 
-kind: Service 
-metadata: 
-  annotations:   
-    kubernetes.io/elb.class: union
-    kubernetes.io/elb.autocreate: 
-        '{
-            "type": "public",
-            "bandwidth_name": "cce-bandwidth-1551163379627",
-            "bandwidth_chargemode": "bandwidth",
-            "bandwidth_size": 5,
-            "bandwidth_sharetype": "PER",
-            "eip_type": "5_bgp"
-        }'
-  labels: 
-    app: nginx 
-  name: nginx 
-spec: 
-  ports: 
-  - name: service0 
-    port: 80
-    protocol: TCP 
-    targetPort: 80
-  selector: 
-    app: nginx 
-  type: LoadBalancer
                            
-
                            
-
                            Example Service using a public network dedicated load balancer (for clusters of v1.17 and later only):
                            apiVersion: v1
-kind: Service
-metadata:
-  name: nginx
-  labels:
-    app: nginx
-  namespace: default
-  annotations:
-    kubernetes.io/elb.class: performance
-    kubernetes.io/elb.autocreate: 
-        '{
-            "type": "public",
-            "bandwidth_name": "cce-bandwidth-1626694478577",
-            "bandwidth_chargemode": "bandwidth",
-            "bandwidth_size": 5,
-            "bandwidth_sharetype": "PER",
-            "eip_type": "5_bgp",
-            "available_zone": [
-                ""
-            ],
-            "l4_flavor_name": "L4_flavor.elb.s1.small"
-        }'
-spec:
-  selector:
-    app: nginx
-  ports:
-  - name: cce-service-0
-    targetPort: 80
-    nodePort: 0
-    port: 80
-    protocol: TCP
-  type: LoadBalancer
                            
-
                            
-
-
                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                            Table 4 Key parameters
                            Parameter
                            
-
                            Mandatory
                            
-
                            Type
                            
-
                            Description
                            
-
                            kubernetes.io/elb.class
                            
-
                            Yes
                            
-
                            String
                            
-
                            Select a proper load balancer type as required.
                            
-
                            The value can be:
                            
-
                            • union: shared load balancer
                            • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                            
-
                            kubernetes.io/elb.subnet-id
                            
-
                            -
                            
-
                            String
                            
-
                            This parameter indicates the ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                            
-
                            • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                            • Optional for clusters later than v1.11.7-r0.
                            
-
                            kubernetes.io/elb.session-affinity-option
                            
-
                            No
                            
-
                            Table 2 Object
                            
-
                            Sticky session timeout.
                            
-
                            kubernetes.io/elb.autocreate
                            
-
                            Yes
                            
-
                            elb.autocreate object
                            
-
                            Whether to automatically create a load balancer associated with the Service.
                            
-
                            Example:
                            
-
                            • Automatically created public network load balancer:
                              {"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}
                              
-
                            • Automatically created private network load balancer:
                              {"type":"inner","name":"A-location-d-test"}
                              
-
                            
-
                            kubernetes.io/elb.lb-algorithm
                            
-
                            No
                            
-
                            String
                            
-
                            This parameter indicates the load balancing algorithm of the backend server group. The default value is ROUND_ROBIN.
                            
-
                            Options:
                            
-
                            • ROUND_ROBIN: weighted round robin algorithm
                            • LEAST_CONNECTIONS: weighted least connections algorithm
                            • SOURCE_IP: source IP hash algorithm
                            
-
                            When the value is SOURCE_IP, the weights of backend servers in the server group are invalid.
                            
-
                            kubernetes.io/elb.health-check-flag
                            
-
                            No
                            
-
                            String
                            
-
                            Whether to enable the ELB health check.
                            
-
                            • Enabling health check: Leave blank this parameter or set it to on.
                            • Disabling health check: Set this parameter to off.
                            
-
                            If this parameter is enabled, the kubernetes.io/elb.health-check-option field must also be specified at the same time.
                            
-
                            kubernetes.io/elb.health-check-option
                            
-
                            No
                            
-
                            Table 3 Object
                            
-
                            ELB health check configuration items.
                            
-
                            kubernetes.io/elb.session-affinity-mode
                            
-
                            No
                            
-
                            String
                            
-
                            Listeners ensure session stickiness based on IP addresses. Requests from the same IP address will be forwarded to the same backend server.
                            
-
                            • Disabling sticky session: Do not set this parameter.
                            • Enabling sticky session: Set this parameter to SOURCE_IP, indicating that the sticky session is based on the source IP address.
                            
-
                            kubernetes.io/elb.session-affinity-option
                            
-
                            No
                            
-
                            Table 2 Object
                            
-
                            Sticky session timeout.
                            
-
                            kubernetes.io/hws-hostNetwork
                            
-
                            No
                            
-
                            String
                            
-
                            This parameter indicates whether the workload Services use the host network. Setting this parameter to true will enable the ELB load balancer to forward requests to the host network.
                            
-
                            The host network is not used by default. The value can be true or false.
                            
-
                            externalTrafficPolicy
                            
-
                            No
                            
-
                            String
                            
-
                            If sticky session is enabled, add this parameter so that requests are transferred to a fixed node. If a LoadBalancer Service with this parameter set to Local is created, a client can access the target backend only if the client is installed on the same node as the backend.
                            
-
                            
-
                            
-
-
                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                            Table 5 Data structure of the elb.autocreate field
                            Parameter
                            
-
                            Mandatory
                            
-
                            Type
                            
-
                            Description
                            
-
                            name
                            
-
                            No
                            
-
                            String
                            
-
                            Name of the load balancer that is automatically created.
                            
-
                            Value range: 1 to 64 characters, including lowercase letters, digits, and underscores (_). The value must start with a lowercase letter and end with a lowercase letter or digit.
                            
-
                            Default: cce-lb+service.UID
                            
-
                            type
                            
-
                            No
                            
-
                            String
                            
-
                            Network type of the load balancer.
                            
-
                            • public: public network load balancer
                            • inner: private network load balancer
                            
-
                            Default: inner
                            
-
                            bandwidth_name
                            
-
                            Yes for public network load balancers
                            
-
                            String
                            
-
                            Bandwidth name. The default value is cce-bandwidth-******.
                            
-
                            Value range: 1 to 64 characters, including lowercase letters, digits, and underscores (_). The value must start with a lowercase letter and end with a lowercase letter or digit.
                            
-
                            bandwidth_chargemode
                            
-
                            No
                            
-
                            String
                            
-
                            Bandwidth mode.
                            
-
-
                            bandwidth_size
                            
-
                            Yes for public network load balancers
                            
-
                            Integer
                            
-
                            Bandwidth size. The default value is 1 to 2000 Mbit/s. Set this parameter based on the bandwidth range allowed in your region.
                            
-
                            bandwidth_sharetype
                            
-
                            Yes for public network load balancers
                            
-
                            String
                            
-
                            Bandwidth sharing mode.
                            
-
                            • PER: dedicated bandwidth
                            
-
                            eip_type
                            
-
                            Yes for public network load balancers
                            
-
                            String
                            
-
                            EIP type.
                            
-
                            • 5_bgp: dynamic BGP
                            • 5_sbgp: static BGP
                            
-
                            available_zone
                            
-
                            Yes
                            
-
                            Array of strings
                            
-
                            AZ where the load balancer is located.
                            
-
                            This parameter is available only for dedicated load balancers.
                            
-
                            l4_flavor_name
                            
-
                            Yes
                            
-
                            String
                            
-
                            Flavor name of the layer-4 load balancer.
                            
-
                            This parameter is available only for dedicated load balancers.
                            
-
                            l7_flavor_name
                            
-
                            No
                            
-
                            String
                            
-
                            Flavor name of the layer-7 load balancer.
                            
-
                            This parameter is available only for dedicated load balancers.
                            
-
                            elb_virsubnet_ids
                            
-
                            No
                            
-
                            Array of strings
                            
-
                            Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Therefore, you are not advised to use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                            
-
                            This parameter is available only for dedicated load balancers.
                            
-
                            Example:
                            
-
                            "elb_virsubnet_ids": [
-   "14567f27-8ae4-42b8-ae47-9f847a4690dd"
- ]
                            
-
                            
-
                            
-
                          3. Create a workload.
                            kubectl create -f nginx-deployment.yaml
                            
-
                            If information similar to the following is displayed, the workload is being created.
                            
-
                            deployment/nginx created
                            
-
                            kubectl get po
                            
-
                            If information similar to the following is displayed, the workload is running.
                            
-
                            NAME                     READY     STATUS             RESTARTS   AGE
-nginx-2601814895-c1xhw   1/1       Running            0          6s
                            
-
                          4. Create a Service.
                            kubectl create -f nginx-elb-svc.yaml
                            
-
                            If information similar to the following is displayed, the Service has been created.
                            
-
                            service/nginx created
                            
-
                            kubectl get svc
                            
-
                            If information similar to the following is displayed, the access type has been set successfully, and the workload is accessible.
                            
-
                            NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
-kubernetes   ClusterIP      10.247.0.1       <none>        443/TCP        3d
-nginx        LoadBalancer   10.247.130.196   10.78.42.242   80:31540/TCP   51s
                            
-
                          5. Enter the URL in the address box of the browser, for example, 10.78.42.242:80. 10.78.42.242 indicates the IP address of the load balancer, and 80 indicates the access port displayed on the CCE console.
                            The Nginx is accessible.
                            
-
                            Figure 4 Accessing Nginx through the LoadBalancer Service
                            
-
                          
-
                          
-
                          ELB Forwarding
                          After a Service of the LoadBalancer type is created, you can view the listener forwarding rules of the load balancer on the ELB console.
                          
-
                          You can find that a listener is created for the load balancer. Its backend server is the node where the pod is located, and the backend server port is the NodePort (node port) of the Service. When traffic passes through ELB, it is forwarded to IP address of the node where the pod is located:Node port. That is, the Service is accessed and then the pod is accessed, which is the same as that described in Scenario.
                          
-
                          In the passthrough networking scenario (CCE Turbo + dedicated load balancer), after a LoadBalancer Service is created, you can view the listener forwarding rules of the load balancer on the ELB console.
                          
-
                          You can see that a listener is created for the load balancer. The backend server address is the IP address of the pod, and the service port is the container port. This is because the pod uses an ENI or sub-ENI. When traffic passes through the load balancer, it directly forwards the traffic to the pod. This is the same as that described in Scenario.
                          
-
                          
-
                          Why a Cluster Fails to Access Services by Using the ELB Address
                          If the service affinity of a LoadBalancer Service is set to the node level, that is, the value of externalTrafficPolicy is Local, the ELB address may fail to be accessed from the cluster (specifically, nodes or containers). Information similar to the following is displayed:
                          upstream connect error or disconnect/reset before headers. reset reason: connection failure
                          
-
                          
-
                          This is because when the LoadBalancer Service is created, kube-proxy adds the ELB access address as the external IP to iptables or IPVS. If a client initiates a request to access the ELB address from inside the cluster, the address is considered as the external IP address of the service and is directly forwarded by kube-proxy without passing through the ELB outside the cluster.
                          
-
                          When the value of externalTrafficPolicy is Local, the situation varies according to the container network model and service forwarding mode. The details are as follows:
                          
-
-
                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                          Server
                          
-
                          Client
                          
-
                          Container Tunnel Network Cluster (IPVS)
                          
-
                          VPC Network Cluster (IPVS)
                          
-
                          Container Tunnel Network Cluster (iptables)
                          
-
                          VPC Network Cluster (iptables)
                          
-
                          NodePort Service
                          
-
                          Same node
                          
-
                          OK. The node where the pod runs is accessible, not any other nodes.
                          
-
                          OK. The node where the pod runs is accessible.
                          
-
                          OK. The node where the pod runs is accessible.
                          
-
                          OK. The node where the pod runs is accessible.
                          
-
                          Cross-node
                          
-
                          OK. The node where the pod runs is accessible, not any other nodes.
                          
-
                          OK. The node where the pod runs is accessible.
                          
-
                          OK. The node where the pod runs is accessible by visiting the node IP + port, not by any other ways.
                          
-
                          OK. The node where the pod runs is accessible by visiting the node IP + port, not by any other ways.
                          
-
                          Containers on the same node
                          
-
                          OK. The node where the pod runs is accessible, not any other nodes.
                          
-
                          OK. The node where the pod runs is not accessible.
                          
-
                          OK. The node where the pod runs is accessible.
                          
-
                          OK. The node where the pod runs is not accessible.
                          
-
                          Containers across nodes
                          
-
                          OK. The node where the pod runs is accessible, not any other nodes.
                          
-
                          OK. The node where the pod runs is accessible.
                          
-
                          OK. The node where the pod runs is accessible.
                          
-
                          OK. The node where the pod runs is accessible.
                          
-
                          LoadBalancer Service using a dedicated load balancer
                          
-
                          Same node
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          Containers on the same node
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          Local Service of the nginx-ingress add-on using a dedicated load balancer
                          
-
                          Same node
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          Containers on the same node
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          Accessible for public networks, not private networks.
                          
-
                          
-
                          
-
                          The following methods can be used to solve this problem:
                          
-
                          • (Recommended) In the cluster, use the ClusterIP Service or service domain name for access.
                          • Set externalTrafficPolicy of the Service to Cluster, which means cluster-level service affinity. Note that this affects source address persistence.
                            apiVersion: v1 
-kind: Service
-metadata: 
-  annotations:   
-    kubernetes.io/elb.class: union
-    kubernetes.io/elb.autocreate: '{"type":"public","bandwidth_name":"cce-bandwidth","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
-  labels: 
-    app: nginx 
-  name: nginx 
-spec: 
-  externalTrafficPolicy: Cluster
-  ports: 
-  - name: service0 
-    port: 80
-    protocol: TCP 
-    targetPort: 80
-  selector: 
-    app: nginx 
-  type: LoadBalancer
                            
-
                          
-
                          
-
+
                          
 
 
diff --git a/docs/cce/umn/cce_10_0015.html b/docs/cce/umn/cce_10_0015.html
index 3b7a89192..2ad13787f 100644
--- a/docs/cce/umn/cce_10_0015.html
+++ b/docs/cce/umn/cce_10_0015.html
@@ -10,25 +10,23 @@ metadata:
 data:
   SPECIAL_LEVEL: Hello
   SPECIAL_TYPE: CCE
-
                           
                          • When a ConfigMap is used in a workload, the workload and ConfigMap must be in the same cluster and namespace.
                          • When a ConfigMap is mounted as a data volume and is updated, Kubernetes updates the data in the data volume at the same time.
                            When a ConfigMap data volume mounted in subPath mode is updated, Kubernetes cannot automatically update the data in the data volume.
                            
-
                          • When a ConfigMap is used as an environment variable, data can not be automatically updated when the ConfigMap is updated. To update the data, you need to restart the pod.
                          
+
                           
                          • When a ConfigMap is used in a workload, the workload and ConfigMap must be in the same cluster and namespace.
                          • When a ConfigMap is mounted as a data volume and the ConfigMap is updated, Kubernetes updates the data in the data volume at the same time.
                            For a ConfigMap data volume mounted in subPath mode, Kubernetes cannot automatically update data in the data volume when the ConfigMap is updated.
                            
+
                          • When a ConfigMap is used as an environment variable, data is not automatically updated when the ConfigMap is updated. To update the data, restart the pod.
                          
 
                          
-
                          Setting Workload Environment Variables
                          Using the console
                          
-
                          1. Log in to the CCE console and access the cluster console.
                          2. In the navigation pane, choose Workloads. Then, click Create Workload.
                            When creating a workload, click Environment Variables in the Container Settings area, and click .
                            
-
                            • Added from ConfigMap: Select a ConfigMap to import all of its keys as environment variables.
                              
-
                            • Added from ConfigMap key: Import a key in a ConfigMap as the value of an environment variable.
                              • Variable Name: name of an environment variable in the workload. The name can be customized and is set to the key name selected in the ConfigMap by default.
                              • Variable Value/Reference: Select a ConfigMap and the key to be imported. The corresponding value is imported as a workload environment variable.
                              
-
                              For example, after you import the value Hello of SPECIAL_LEVEL in ConfigMap cce-configmap as the value of workload environment variable SPECIAL_LEVEL, an environment variable named SPECIAL_LEVEL with its value Hello exists in the container.
                              
-
                              
+
                              Setting Workload Environment Variables
                              Using the console
                              
+
                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                              2. In the navigation pane, choose Workloads. Then, click Create Workload.
                                When creating a workload, click Environment Variables in the Container Settings area, and click .
                                
+
                                • Added from ConfigMap: Select a ConfigMap to import all of its keys as environment variables.
                                • Added from ConfigMap key: Import a key in a ConfigMap as the value of an environment variable.
                                  • Variable Name: name of an environment variable in the workload. The name can be customized and is set to the key name selected in the ConfigMap by default.
                                  • Variable Value/Reference: Select a ConfigMap and the key to be imported. The corresponding value is imported as a workload environment variable.
                                  
+
                                  For example, after you import the value Hello of SPECIAL_LEVEL in ConfigMap cce-configmap as the value of workload environment variable SPECIAL_LEVEL, an environment variable named SPECIAL_LEVEL with its value Hello exists in the container.
                                  
 
                                
-
                              3. Configure other workload parameters and click Create Workload.
                                After the workload runs properly, access the container and run the following command to check whether the ConfigMap has been set as an environment variable of the workload:
                                
+
                              4. Configure other workload parameters and click Create Workload.
                                After the workload runs properly, log in to the container and run the following statement to check whether the ConfigMap has been set as an environment variable of the workload:
                                
 
                                printenv SPECIAL_LEVEL
                                
 
                                The example output is as follows:
                                
 
                                Hello
                                
 
                              
-
                              Using kubectl
                              
-
                              1. According to Connecting to a Cluster Using kubectl, configure the kubectl command to connect an ECS to the cluster.
                              2. Create a file named nginx-configmap.yaml and edit it.
                                vi nginx-configmap.yaml
                                
+
                                Using kubectl
                                
+
                                1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                2. Create a file named nginx-configmap.yaml and edit it.
                                  vi nginx-configmap.yaml
                                  
 
                                  Content of the YAML file:
                                  
-
                                  • Added from ConfigMap: To add all data in a ConfigMap to environment variables, use the envFrom parameter. The keys in the ConfigMap will become names of environment variables in a pod.
                                    apiVersion: apps/v1
+
                                    • Added from a ConfigMap: To add all data in a ConfigMap to environment variables, use the envFrom parameter. The keys in the ConfigMap will become names of environment variables in the workload.
                                      apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx-configmap
@@ -45,12 +43,12 @@ spec:
       containers:
       - name: container-1
         image: nginx:latest
-        envFrom:                      # Use envFrom to specify a ConfigMap to be referenced by environment variables.
+        envFrom:                      # Use envFrom to specify a ConfigMap to be referenced by environment variables.
         - configMapRef:
-            name: cce-configmap       # Name of the referenced ConfigMap.
+            name: cce-configmap       # Name of the referenced ConfigMap.
       imagePullSecrets:
       - name: default-secret
                                      
-
                                    • Added from a ConfigMap key: When creating a workload, you can use a ConfigMap to set environment variables and use the valueFrom parameter to reference the key-value pair in the ConfigMap separately.
                                      apiVersion: apps/v1
+
                                    • Added from a ConfigMap key: When creating a workload, you can use a ConfigMap to set environment variables and use the valueFrom parameter to reference the key-value pair in the ConfigMap separately.
                                      apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx-configmap
@@ -67,13 +65,13 @@ spec:
       containers:
       - name: container-1
         image: nginx:latest
-        env:                             # Set environment variables in the workload.
-        - name: SPECIAL_LEVEL           # Name of the environment variable in the workload.
-          valueFrom:                    # Use valueFrom to specify an environment variable to reference a ConfigMap.
+        env:                             # Set the environment variable in the workload.
+        - name: SPECIAL_LEVEL           # Name of the environment variable in the workload.
+          valueFrom:                    # Specify a ConfigMap to be referenced by the environment variable.
             configMapKeyRef:
               name: cce-configmap       # Name of the referenced ConfigMap.
-              key: SPECIAL_LEVEL        # Key in the referenced ConfigMap.
-        - name: SPECIAL_TYPE            # Add multiple environment variables. Multiple environment variables can be imported at the same time.
+              key: SPECIAL_LEVEL        # Key in the referenced ConfigMap.
+        - name: SPECIAL_TYPE            # Add multiple environment variables to import them at the same time.
           valueFrom:
             configMapKeyRef:
               name: cce-configmap
@@ -82,35 +80,33 @@ spec:
       - name: default-secret
                                      
 
                                    
 
                                  • Create a workload.
                                    kubectl apply -f nginx-configmap.yaml
                                    
-
                                  • View the environment variables in the pod.
                                    1. Run the following command to view the created pod:
                                      kubectl get pod | grep nginx-configmap
                                      
+
                                    2. View the environment variable in the pod.
                                      1. Run the following command to view the created pod:
                                        kubectl get pod | grep nginx-configmap
                                        
 
                                        Expected output:
                                        nginx-configmap-***   1/1     Running   0              2m18s
                                        
 
                                        
 
                                      2. Run the following command to view the environment variables in the pod:
                                        kubectl exec nginx-configmap-*** -- printenv SPECIAL_LEVEL SPECIAL_TYPE
                                        
 
                                        Expected output:
                                        
 
                                        Hello
 CCE
                                        
-
                                        The ConfigMap has been set as an environment variable of the workload.
                                        
+
                                        The ConfigMap has been set as environment variables of the workload.
                                        
 
                                      
 
                                    
 
                              
-
                              Setting Command Line Parameters
                              You can use a ConfigMap as an environment variable to set commands or parameter values for a container by using the environment variable substitution syntax $VAR_NAME.
                              
-
                              Using the console
                              
-
                              1. Log in to the CCE console and access the cluster console.
                              2. In the navigation pane, choose Workloads. Then, click Create Workload.
                                When creating a workload, click Environment Variables in the Container Settings area, and click . In this example, select Added from ConfigMap.
                                
-
                                • Added from ConfigMap: Select a ConfigMap to import all of its keys as environment variables.
                                  
-
                                
-
                              3. Click Lifecycle in the Container Settings area, click the Post-Start tab on the right, and set the following parameters:
                                • Processing Method: CLI
                                • Command: Enter the following three command lines. SPECIAL_LEVEL and SPECIAL_TYPE are the environment variable names in the workload, that is, the key names in the cce-configmap ConfigMap.
                                  /bin/bash
+
                                  Setting Command Line Parameters
                                  You can use a ConfigMap as an environment variable to set commands or parameter values for a container by using the environment variable substitution syntax $(VAR_NAME).
                                  
+
                                  Using the console
                                  
+
                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                  2. In the navigation pane, choose Workloads. Then, click Create Workload.
                                    When creating a workload, click Environment Variables in the Container Settings area, and click . In this example, select Added from ConfigMap.
                                    
+
                                    • Added from ConfigMap: Select a ConfigMap to import all of its keys as environment variables.
                                    
+
                                  3. Click Lifecycle in the Container Settings area, click the Post-Start tab on the right, and set the following parameters:
                                    • Processing Method: CLI
                                    • Command: Enter the following three command lines. SPECIAL_LEVEL and SPECIAL_TYPE are the environment variable names in the workload, that is, the key names in the cce-configmap ConfigMap.
                                      /bin/bash
 -c
 echo $SPECIAL_LEVEL $SPECIAL_TYPE > /usr/share/nginx/html/index.html
                                      
 
                                    
-
                                    
-
                                  4. Configure other workload parameters and click Create Workload.
                                    After the workload runs properly, access the container and run the following command to check whether the ConfigMap has been set as an environment variable of the workload:
                                    
+
                                  5. Set other workload parameters and click Create Workload.
                                    After the workload runs properly, log in to the container and run the following statement to check whether the ConfigMap has been set as an environment variable of the workload:
                                    
 
                                    cat /usr/share/nginx/html/index.html
                                    
 
                                    The example output is as follows:
                                    
 
                                    Hello CCE
                                    
 
                                  
-
                                  Using kubectl
                                  
-
                                  1. According to Connecting to a Cluster Using kubectl, configure the kubectl command to connect an ECS to the cluster.
                                  2. Create a file named nginx-configmap.yaml and edit it.
                                    vi nginx-configmap.yaml
                                    
-
                                    As shown in the following example, the cce-configmap ConfigMap is imported to the workload. SPECIAL_LEVEL and SPECIAL_TYPE are environment variable names, that is, key names in the cce-configmap ConfigMap.
                                    apiVersion: apps/v1
+
                                    Using kubectl
                                    
+
                                    1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                    2. Create a file named nginx-configmap.yaml and edit it.
                                      vi nginx-configmap.yaml
                                      
+
                                      As shown in the following example, the cce-configmap ConfigMap is imported to the workload. SPECIAL_LEVEL and SPECIAL_TYPE are the environment variable names in the workload, that is, the key names in the cce-configmap ConfigMap.
                                      apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx-configmap
@@ -131,14 +127,14 @@ spec:
           postStart:
             exec:
               command: [ "/bin/sh", "-c", "echo $SPECIAL_LEVEL $SPECIAL_TYPE > /usr/share/nginx/html/index.html" ]
-        envFrom:                      # Use envFrom to specify a ConfigMap to be referenced by environment variables.
+        envFrom:                      # Use envFrom to specify a ConfigMap to be referenced by environment variables.
         - configMapRef:
-            name: cce-configmap       # Name of the referenced ConfigMap.
+            name: cce-configmap       # Name of the referenced ConfigMap.
       imagePullSecrets:
         - name: default-secret
                                      
 
                                      
 
                                    3. Create a workload.
                                      kubectl apply -f nginx-configmap.yaml
                                      
-
                                    4. After the workload runs properly, the following content is entered into the /usr/share/nginx/html/index.html file in the container:
                                      1. Run the following command to view the created pod:
                                        kubectl get pod | grep nginx-configmap
                                        
+
                                      2. After the workload runs properly, the following content is entered into the /usr/share/nginx/html/index.html file in the container:
                                        1. Run the following command to view the created pod:
                                          kubectl get pod | grep nginx-configmap
                                          
 
                                          Expected output:
                                          nginx-configmap-***   1/1     Running   0              2m18s
                                          
 
                                          
 
                                        2. Run the following command to view the environment variables in the pod:
                                          kubectl exec nginx-configmap-*** -- cat /usr/share/nginx/html/index.html
                                          
@@ -147,40 +143,40 @@ spec:
 
                                        
 
                                      
 
                                    
-
                                    Attaching a ConfigMap to the Workload Data Volume
                                    The data stored in a ConfigMap can be referenced in a volume of type ConfigMap. You can mount such a volume to a specified container path. The platform supports the separation of workload codes and configuration files. ConfigMap volumes are used to store workload configuration parameters. Before that, you need to create ConfigMaps in advance. For details, see Creating a ConfigMap. 
                                    
-
                                    Using the console
                                    
-
                                    1. Log in to the CCE console and access the cluster console.
                                    2. In the navigation pane, choose Workloads. Then, click Create Workload.
                                      When creating a workload, click Data Storage in the Container Settings area. Click Add Volume and select ConfigMap from the drop-down list.
                                      
-
                                    3. Set the local volume type to ConfigMap and set parameters for adding a local volume, as shown in Table 1.
                                      
-
                                      Table 1 Mounting a ConfigMap volume
                                      Parameter
                                      
+
                                      Attaching a ConfigMap to the Workload Data Volume
                                      The data stored in a ConfigMap can be referenced in a volume of type ConfigMap. You can mount such a volume to a specified container path. The platform supports the separation of workload codes and configuration files. ConfigMap volumes are used to store workload configuration parameters. Before that, create ConfigMaps in advance. For details, see Creating a ConfigMap. 
                                      
+
                                      Using the console
                                      
+
                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                      2. In the navigation pane, choose Workloads. Then, click Create Workload.
                                        When creating a workload, click Data Storage in the Container Settings area. Click Add Volume and select ConfigMap from the drop-down list.
                                        
+
                                      3. Configure the parameters.
                                        
+
                                        
-
-
-
                                        Table 1 Mounting a ConfigMap volume
                                        Parameter
                                        
                                         		
 
                                        Description
                                        
                                         		
 
                                        
 
                                        Option
                                        
+
                                        ConfigMap
                                        
 
                                        Select the desired ConfigMap name.
                                        
+
                                        Select the desired ConfigMap.
                                        
 
                                        A ConfigMap must be created in advance. For details, see Creating a ConfigMap.
                                        
                                         		
 
                                        
 
                                        Add Container Path
                                        
 
                                        Configure the following parameters:
                                        1. Container Path: Enter the path of the container, for example, /tmp.
                                          This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run; this action may cause container errors. You are advised to mount the container to an empty directory. If the directory is not empty, ensure that there are no files affecting container startup in the directory. Otherwise, such files will be replaced, resulting in failures to start the container and create the workload.
                                           NOTICE: 
                                          When the container is mounted to a high-risk directory, you are advised to use an account with minimum permissions to start the container; otherwise, high-risk files on the host machine may be damaged.
                                          
+
                                        Configure the following parameters:
                                        1. Mount Path: Enter a path of the container, for example, /tmp.
                                          This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run; this action may cause container errors. You are advised to mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                           NOTICE: 
                                          When the container is mounted to a high-risk directory, you are advised to use an account with minimum permissions to start the container; otherwise, high-risk files on the host machine may be damaged.
                                          
 
                                          
 
                                          
-
                                        2. subPath: Enter a subpath, for example, tmp.
                                          • A subpath is used to mount a local volume so that the same data volume is used in a single pod.
                                          • The subpath can be the key and value of a ConfigMap or secret. If the subpath is a key-value pair that does not exist, the data import does not take effect.
                                          • The data imported by specifying a subpath will not be updated along with the ConfigMap/secret updates.
                                          
-
                                        3. Set the permission to Read-only. Data volumes in the path are read-only.
                                        
+
                                      4. Subpath: Enter a subpath, for example, tmp.
                                        • A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                        • The subpath can be the key and value of a ConfigMap or secret. If the subpath is a key-value pair that does not exist, the data import does not take effect.
                                        • The data imported by specifying a subpath will not be updated along with the ConfigMap/secret updates.
                                        
+
                                      5. Set the permission to Read-only. Data volumes in the path are read-only.
                                        6. 
 
                                        
-
                                        You can click  to add multiple paths and subpaths.
                                        
+
                                        You can click  to add multiple paths and subpaths.
                                        
                                         		
 
                                        
                                         
 
                                        
 
                                        
 
                                      
-
                                      Using kubectl
                                      
-
                                      1. According to Connecting to a Cluster Using kubectl, configure the kubectl command to connect an ECS to the cluster.
                                      2. Create a file named nginx-configmap.yaml and edit it.
                                        vi nginx-configmap.yaml
                                        
-
                                        As shown in the following example, after the ConfigMap volume is mounted, a configuration file with the key as the file name and value as the file content is generated in the /etc/config directory of the container.
                                        
+
                                        Using kubectl
                                        
+
                                        1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                        2. Create a file named nginx-configmap.yaml and edit it.
                                          vi nginx-configmap.yaml
                                          
+
                                          As shown in the following example, after the ConfigMap volume is mounted, a configuration file with the key as the file name and value as the file content is generated in the /etc/config directory of the container.
                                          
 
                                          apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -200,17 +196,17 @@ spec:
         image: nginx:latest
         volumeMounts:
         - name: config-volume
-          mountPath: /etc/config            # Mount to the /etc/config directory.
+          mountPath: /etc/config            # Mount to the /etc/config directory.
           readOnly: true
     volumes:
     - name: config-volume
       configMap:
         name: cce-configmap                 # Name of the referenced ConfigMap.
                                          
 
                                        3. Create a workload.
                                          kubectl apply -f nginx-configmap.yaml
                                          
-
                                        4. After the workload runs properly, the SPECIAL_LEVEL and SPECIAL_TYPE files are generated in the /etc/config directory. The contents of the files are Hello and CCE, respectively. 
                                          1. Run the following command to view the created pod:
                                            kubectl get pod | grep nginx-configmap
                                            
+
                                          2. After the workload runs properly, the SPECIAL_LEVEL and SPECIAL_TYPE files are generated in the /etc/config directory. The contents of the files are Hello and CCE, respectively.
                                            1. Run the following command to view the created pod:
                                              kubectl get pod | grep nginx-configmap
                                              
 
                                              Expected output:
                                              nginx-configmap-***   1/1     Running   0              2m18s
                                              
 
                                              
-
                                            2. Run the following command to view the SPECIAL_LEVEL or SPECIAL_TYPE file in the pod:
                                              kubectl exec nginx-configmap-*** -- /etc/config/SPECIAL_LEVEL
                                              
+
                                            3. Run the following command to view the SPECIAL_LEVEL or SPECIAL_TYPE file in the pod:
                                              kubectl exec nginx-configmap-*** -- /etc/config/SPECIAL_LEVEL
                                              
 
                                              Expected output:
                                              
 
                                              Hello
                                              
 
                                            
diff --git a/docs/cce/umn/cce_10_0016.html b/docs/cce/umn/cce_10_0016.html
index 64cbe0382..97edf191b 100644
--- a/docs/cce/umn/cce_10_0016.html
+++ b/docs/cce/umn/cce_10_0016.html
@@ -17,21 +17,21 @@ data:
 
                                             
                                            • When a secret is used in a pod, the pod and secret must be in the same cluster and namespace.
                                            • When a secret is updated, Kubernetes updates the data in the data volume at the same time.
                                              However, when a secret data volume mounted in subPath mode is updated, Kubernetes cannot automatically update the data in the data volume.
                                              
 
                                            
 
                                            
-
                                            Setting Environment Variables of a Workload
                                            Using the console
                                            
-
                                            1. Log in to the CCE console and access the cluster console.
                                            2. In the navigation pane, choose Workloads. Then, click Create Workload.
                                              When creating a workload, click Environment Variables in the Container Settings area, and click .
                                              
-
                                              • Added from secret: Select a secret and import all keys in the secret as environment variables.
                                                
-
                                              • Added from secret key: Import the value of a key in a secret as the value of an environment variable.
                                                • Variable Name: name of an environment variable in the workload. The name can be customized and is set to the key name selected in the secret by default.
                                                • Variable Value/Reference: Select a secret and the key to be imported. The corresponding value is imported as a workload environment variable.
                                                
-
                                                For example, after you import the value of username in secret mysecret as the value of workload environment variable username, an environment variable named username exists in the container.
                                                
+
                                                Setting Environment Variables of a Workload
                                                Using the console
                                                
+
                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                2. In the navigation pane, choose Workloads. Then, click Create Workload.
                                                  When creating a workload, click Environment Variables in the Container Settings area, and click .
                                                  
+
                                                  • Added from secret: Select a secret and import all keys in the secret as environment variables.
                                                    
+
                                                  • Added from secret key: Import the value of a key in a secret as the value of an environment variable.
                                                    • Variable Name: name of an environment variable in the workload. The name can be customized and is set to the key name selected in the secret by default.
                                                    • Variable Value/Reference: Select a secret and the key to be imported. The corresponding value is imported as a workload environment variable.
                                                    
+
                                                    For example, after you import the value of username in secret mysecret as the value of workload environment variable username, an environment variable named username exists in the container.
                                                    
 
                                                    
 
                                                  
-
                                                3. Configure other workload parameters and click Create Workload.
                                                  After the workload runs properly, access the container and run the following command to check whether the secret has been set as an environment variable of the workload:
                                                  
+
                                                4. Set other workload parameters and click Create Workload.
                                                  After the workload runs properly, log in to the container and run the following statement to check whether the secret has been set as an environment variable of the workload:
                                                  
 
                                                  printenv username
                                                  
-
                                                  If the output is the same as that in the secret, the secret has been set as an environment variable of the workload.
                                                  
+
                                                  If the output is the same as the content in the secret, the secret has been set as an environment variable of the workload.
                                                  
 
                                                
-
                                                Using kubectl
                                                
-
                                                1. According to Connecting to a Cluster Using kubectl, configure the kubectl command to connect an ECS to the cluster.
                                                2. Create a file named nginx-secret.yaml and edit it.
                                                  vi nginx-secret.yaml
                                                  
+
                                                  Using kubectl
                                                  
+
                                                  1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                  2. Create a file named nginx-secret.yaml and edit it.
                                                    vi nginx-secret.yaml
                                                    
 
                                                    Content of the YAML file:
                                                    
-
                                                    • Added from a secret: To add all data in a secret to environment variables, use the envFrom parameter. The keys in the ConfigMap will become names of environment variables in a workload.
                                                      apiVersion: apps/v1
+
                                                      • Added from a secret: To add all data in a secret to environment variables, use the envFrom parameter. The keys in the secret will become names of environment variables in a workload.
                                                        apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx-secret
@@ -48,12 +48,12 @@ spec:
       containers:
       - name: container-1
         image: nginx:latest
-        envFrom:                 # Use envFrom to specify a secret to be referenced by environment variables.
+        envFrom:                 # Use envFrom to specify a secret to be referenced by environment variables.
         - secretRef:
-            name: mysecret       # Name of the referenced secret.
+            name: mysecret       # Name of the referenced secret.
       imagePullSecrets:
       - name: default-secret
                                                        
-
                                                      • Added from a secret key: When creating a workload, you can set a secret to set environment variables and use the valueFrom parameter to reference the key-value pair in the secret separately.
                                                        apiVersion: apps/v1
+
                                                      • Added from a secret key: When creating a workload, you can use a secret to set environment variables and use the valueFrom parameter to reference the key-value pair in the secret separately.
                                                        apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx-secret
@@ -70,13 +70,13 @@ spec:
       containers:
       - name: container-1
         image: nginx:latest
-        env:                             # Set environment variables in the workload.
-        - name: SECRET_USERNAME           # Name of the environment variable in the workload.
-          valueFrom:                    # Use envFrom to specify a secret to be referenced by environment variables.
+        env:                             # Set the environment variable in the workload.
+        - name: SECRET_USERNAME           # Name of the environment variable in the workload.
+          valueFrom:                    # Use valueFrom to specify a secret to be referenced by environment variables.
             secretKeyRef:
-              name: mysecret       # Name of the referenced secret.
-              key: username        # Name of the referenced key.
-        - name: SECRET_PASSWORD            # Add multiple environment variables. Multiple environment variables can be imported at the same time.
+              name: mysecret       # Name of the referenced secret.
+              key: username        # Key in the referenced secret.
+        - name: SECRET_PASSWORD            # Add multiple environment variables to import them at the same time.
           valueFrom:
             secretKeyRef:
               name: mysecret
@@ -89,15 +89,15 @@ spec:
 
                                                        Expected output:
                                                        nginx-secret-***   1/1     Running   0              2m18s
                                                        
 
                                                        
 
                                                      • Run the following command to view the environment variables in the pod:
                                                        kubectl exec nginx-secret-*** -- printenv SPECIAL_USERNAME SPECIAL_PASSWORD
                                                        
-
                                                        If the output is the same as that in the secret, the secret has been set as an environment variable of the workload.
                                                        
+
                                                        If the output is the same as the content in the secret, the secret has been set as an environment variable of the workload.
                                                        
 
                                                  
 
                                                
 
                                                
-
                                                Configuring the Data Volume of a Workload
                                                You can mount a secret as a volume to the specified container path. Contents in a secret are user-defined. Before that, you need to create a secret. For details, see Creating a Secret.
                                                
-
                                                Using the console
                                                
-
                                                1. Log in to the CCE console and access the cluster console.
                                                2. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab. Click Create Workload in the upper right corner.
                                                  When creating a workload, click Data Storage in the Container Settings area. Click Add Volume and select Secret from the drop-down list.
                                                  
-
                                                3. Set the local volume type to Secret and set parameters for adding a local volume, as shown in Table 1.
                                                  
-
                                                  
-
@@ -81,7 +81,7 @@
 
                                                   NOTE: 
                                                  Naming rule of a worker node: Cluster name-cce-node-Random number
                                                  
 
                                                  
-
-
-
-
-
@@ -174,12 +174,12 @@
 
                                                  Table 1 Secret
                                                  Parameter
                                                  
+
                                                  Configuring the Data Volume of a Workload
                                                  You can mount a secret as a volume to the specified container path. Contents in a secret are user-defined. Before that, create a secret. For details, see Creating a Secret.
                                                  
+
                                                  Using the console
                                                  
+
                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                  2. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab. Click Create Workload in the upper right corner.
                                                    When creating a workload, click Data Storage in the Container Settings area. Click Add Volume and select Secret from the drop-down list.
                                                    
+
                                                  3. Configure the parameters.
                                                    
+
                                                    
@@ -105,28 +105,28 @@ spec:
 
-
                                                    Table 1 Mounting a Secret volume
                                                    Parameter
                                                    
                                                     		
 
                                                    Description
                                                    
 
                                                    
 
                                                    Secret
                                                    
 
                                                    Select the desired secret name.
                                                    
+
                                                    Select the desired secret.
                                                    
 
                                                    A secret must be created in advance. For details, see Creating a Secret.
                                                    
                                                     		
 
                                                    
 
                                                    Add Container Path
                                                    
                                                     		
 
                                                    Configure the following parameters:
                                                    
-
                                                    1. Container Path: Enter the path of the container, for example, /tmp.
                                                      This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run; this action may cause container errors. You are advised to mount the container to an empty directory. If the directory is not empty, ensure that there are no files affecting container startup in the directory. Otherwise, such files will be replaced, resulting in failures to start the container and create the workload.
                                                       NOTICE: 
                                                      When the container is mounted to a high-risk directory, you are advised to use an account with minimum permissions to start the container; otherwise, high-risk files on the host machine may be damaged.
                                                      
+
                                                      1. Mount Path: Enter a path of the container, for example, /tmp.
                                                        This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run; this action may cause container errors. You are advised to mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                         NOTICE: 
                                                        When the container is mounted to a high-risk directory, you are advised to use an account with minimum permissions to start the container; otherwise, high-risk files on the host machine may be damaged.
                                                        
 
                                                        
 
                                                        
-
                                                      2. subPath: Enter a subpath, for example, tmp.
                                                        • A subpath is used to mount a local volume so that the same data volume is used in a single pod.
                                                        • The subpath can be the key and value of a ConfigMap or secret. If the subpath is a key-value pair that does not exist, the data import does not take effect.
                                                        • The data imported by specifying a subpath will not be updated along with the ConfigMap/secret updates.
                                                        
-
                                                      3. Set the permission to Read-only. Data volumes in the path are read-only.
                                                      
-
                                                      You can click  to add multiple paths and subpaths.
                                                      
+
                                                    2. Subpath: Enter a subpath, for example, tmp.
                                                      • A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                      • The subpath can be the key and value of a ConfigMap or secret. If the subpath is a key-value pair that does not exist, the data import does not take effect.
                                                      • The data imported by specifying a subpath will not be updated along with the ConfigMap/secret updates.
                                                      
+
                                                    3. Set the permission to Read-only. Data volumes in the path are read-only.
                                                    
+
                                                    You can click  to add multiple paths and subpaths.
                                                    
                                                     		
 
                                                    
                                                     
 
                                                    
 
                                                    
 
                                                  
-
                                                  Using kubectl
                                                  
-
                                                  1. According to Connecting to a Cluster Using kubectl, configure the kubectl command to connect an ECS to the cluster.
                                                  2. Create a file named nginx-secret.yaml and edit it.
                                                    vi nginx-secret.yaml
                                                    
-
                                                    In the following example, the username and password in the mysecret secret are saved in the /etc/foo directory as files.
                                                    apiVersion: apps/v1
+
                                                    Using kubectl
                                                    
+
                                                    1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                    2. Create a file named nginx-secret.yaml and edit it.
                                                      vi nginx-secret.yaml
                                                      
+
                                                      In the following example, the username and password in the mysecret secret are saved in the /etc/foo directory as files.
                                                      apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: nginx-secret
@@ -145,14 +145,14 @@ spec:
         image: nginx:latest
         volumeMounts:
        - name: foo
-         mountPath: /etc/foo          # Mount to the /etc/foo directory.
+         mountPath: /etc/foo          # Mount to the /etc/foo directory.
          readOnly: true
     volumes:
     - name: foo
       secret:
         secretName: mysecret      # Name of the referenced secret.
                                                      
 
                                                      
-
                                                      You can also use the items field to control the mapping path of the secret key. For example, store the username is stored in the /etc/foo/my-group/my-username directory of the container.
                                                       
                                                      • After the items field is used to specify the mapping path of the secret key, the keys that are not specified will not be created as files. For example, if the password key in the following example is not specified, the file will not be created.
                                                      • If you want to use all keys in a secret, you must list all keys in the items field.
                                                      • All keys listed in the items field must exist in the corresponding secret. Otherwise, the volume is not created.
                                                      
+
                                                      You can also use the items field to control the mapping path of secret keys. For example, store username in the /etc/foo/my-group/my-username directory in the container.
                                                       
                                                      • If you use the items field to specify the mapping path of the secret keys, the keys that are not specified will not be created as files. For example, if the password key in the following example is not specified, the file will not be created.
                                                      • If you want to use all keys in a secret, you must list all keys in the items field.
                                                      • All keys listed in the items field must exist in the corresponding secret. Otherwise, the volume is not created.
                                                      
 
                                                      
 
                                                      apiVersion: apps/v1
 kind: Deployment
@@ -173,22 +173,22 @@ spec:
         image: nginx:latest
         volumeMounts:
        - name: foo
-         mountPath: /etc/foo          # Mount to the /etc/foo directory.
+         mountPath: /etc/foo          # Mount to the /etc/foo directory.
          readOnly: true
     volumes:
     - name: foo
       secret:
-        secretName: mysecret      # Name of the referenced secret.
+        secretName: mysecret      # Name of the referenced secret.
         items:
         - key: username      # Name of the referenced key.
-          path: my-group/my-username    # Mapping path of the secret key.
                                                      
+          path: my-group/my-username    # Mapping path of the secret key
                                                    
 
                                                    
 
                                                  3. Create a workload.
                                                    kubectl apply -f nginx-secret.yaml
                                                    
-
                                                  4. After the workload runs properly, the username and password files are generated in the /etc/foo directory.
                                                    1. Run the following command to view the created pod:
                                                      kubectl get pod | grep nginx-secret
                                                      
+
                                                    2. After the workload runs properly, the username and password files are generated in the /etc/foo directory.
                                                      1. Run the following command to view the created pod:
                                                        kubectl get pod | grep nginx-secret
                                                        
 
                                                        Expected output:
                                                        nginx-secret-***   1/1     Running   0              2m18s
                                                        
 
                                                        
-
                                                      2. Run the following command to view the username or password file in the pod:
                                                        kubectl exec nginx-secret-*** -- /etc/foo/username
                                                        
-
                                                        The expected output is the same as that in the secret.
                                                        
+
                                                      3. Run the following command to view the username or password file in the pod:
                                                        kubectl exec nginx-secret-*** -- /etc/foo/username
                                                        
+
                                                        The expected output is the same as the content in the secret.
                                                        
 
                                                      
 
                                                    
 
                                                  
diff --git a/docs/cce/umn/cce_10_0018.html b/docs/cce/umn/cce_10_0018.html
index f2c431310..fe04dfb60 100644
--- a/docs/cce/umn/cce_10_0018.html
+++ b/docs/cce/umn/cce_10_0018.html
@@ -2,20 +2,20 @@
 
 
                                                  Using ICAgent to Collect Container Logs
                                                  
 
                                                  CCE works with AOM to collect workload logs. When creating a node, CCE installs the ICAgent for you (the DaemonSet named icagent in the kube-system namespace of the cluster). After the ICAgent collects workload logs and reports them to AOM, you can view workload logs on the CCE or AOM console.
                                                  
-
                                                  Notes and Constraints
                                                  The ICAgent only collects *.log, *.trace, and *.out text log files.
                                                  
+
                                                  Constraints
                                                  The ICAgent only collects *.log, *.trace, and *.out text log files.
                                                  
 
                                                  
-
                                                  Using ICAgent to Collect Logs
                                                  1. When creating a workload, set logging for the container.
                                                  2. Click  to add a log policy.
                                                    The following uses Nginx as an example. Log policies vary depending on workloads.
                                                    Figure 1 Adding a log policy
                                                    
+
                                                    Using ICAgent to Collect Logs
                                                    1. When creating a workload, set logging for the container.
                                                    2. Click  to add a log policy.
                                                      The following uses Nginx as an example. Log policies vary depending on workloads.
                                                      Figure 1 Adding a log policy
                                                      
 
                                                      
-
                                                    3. Set Storage Type to Host Path or Container Path.
                                                      
+
                                                    4. Set Volume Type to Host Path or Container Path.
                                                      
 
                                                      
-
-
-
+
+
+
@@ -124,7 +133,7 @@ spec:
                 logs:
                   rotate: Hourly
                   annotations:
-                    
+                    pathPattern: '**'
                     format: ''
       volumes:
         - hostPath:
@@ -146,8 +155,8 @@ spec:
 
+
+
+
+
-
@@ -166,13 +230,13 @@ spec:
 
                                                      NAME           READY     UP-TO-DATE   AVAILABLE   AGE 
 nginx          1/1       1            1           4m5s
                                                      Parameter description
                                                      
-
                                                      • NAME: Name of the application running in the pod.
                                                      • READY: indicates the number of available workloads. The value is displayed as "the number of available pods/the number of expected pods".
                                                      • UP-TO-DATE: indicates the number of replicas that have been updated.
                                                      • AVAILABLE: indicates the number of available pods.
                                                      • AGE: period the Deployment keeps running
                                                      
-
                                                    5. If the Deployment will be accessed through a ClusterIP or NodePort Service, add the corresponding Service. For details, see Networking.
                                                      6. 
+
                                                      • NAME: Name of the application running in the pod.
                                                      • READY: indicates the number of available workloads. The value is displayed as "the number of available pods/the number of expected pods".
                                                      • UP-TO-DATE: indicates the number of replicas that have been updated.
                                                      • AVAILABLE: indicates the number of available pods.
                                                      • AGE: period the Deployment keeps running
                                                      
+
                                                    6. If the Deployment will be accessed through a ClusterIP or NodePort Service, add the corresponding Service. For details, see Network.
                                                      7. 
 
                                                      
-
                                                      Parent topic: Workloads
                                                      
+
                                                      Parent topic: Creating a Workload
                                                      
 
                                                      
 
                                                      
 
diff --git a/docs/cce/umn/cce_10_0048.html b/docs/cce/umn/cce_10_0048.html
index 00707633a..b0e302ba4 100644
--- a/docs/cce/umn/cce_10_0048.html
+++ b/docs/cce/umn/cce_10_0048.html
@@ -4,33 +4,97 @@
 
                                                      Scenario
                                                      StatefulSets are a type of workloads whose data or status is stored while they are running. For example, MySQL is a StatefulSet because it needs to store new data.
                                                      
 
                                                      A container can be migrated between different hosts, but data is not stored on the hosts. To store StatefulSet data persistently, attach HA storage volumes provided by CCE to the container.
                                                      
 
                                                      
-
                                                      Notes and Constraints
                                                      • When you delete or scale a StatefulSet, the system does not delete the storage volumes associated with the StatefulSet to ensure data security.
                                                      • When you delete a StatefulSet, reduce the number of replicas to 0 before deleting the StatefulSet so that pods in the StatefulSet can be stopped in order.
                                                      • When you create a StatefulSet, a headless Service is required for pod access. For details, see Headless Service.
                                                      • When a node is unavailable, pods become Unready. In this case, you need to manually delete the pods of the StatefulSet so that the pods can be migrated to a normal node.
                                                      
+
                                                      Constraints
                                                      • When you delete or scale a StatefulSet, the system does not delete the storage volumes associated with the StatefulSet to ensure data security.
                                                      • When you delete a StatefulSet, reduce the number of replicas to 0 before deleting the StatefulSet so that pods in the StatefulSet can be stopped in order.
                                                      • When you create a StatefulSet, a headless Service is required for pod access. For details, see Headless Service.
                                                      • When a node is unavailable, pods become Unready. In this case, manually delete the pods of the StatefulSet so that the pods can be migrated to a normal node.
                                                      
 
                                                      
-
                                                      Prerequisites
                                                      • Before creating a workload, you must have an available cluster. For details on how to create a cluster, see Creating a CCE Cluster.
                                                      • To enable public access to a workload, ensure that an EIP or load balancer has been bound to at least one node in the cluster.
                                                         
                                                        If a pod has multiple containers, ensure that the ports used by the containers do not conflict with each other. Otherwise, creating the StatefulSet will fail.
                                                        
+
                                                        Prerequisites
                                                        • Before creating a workload, you must have an available cluster. For details on how to create a cluster, see Creating a Cluster.
                                                        • To enable public access to a workload, ensure that an EIP or load balancer has been bound to at least one node in the cluster.
                                                           
                                                          If a pod has multiple containers, ensure that the ports used by the containers do not conflict with each other. Otherwise, creating the StatefulSet will fail.
                                                          
 
                                                          
 
                                                        
 
                                                        
-
                                                        Using the CCE Console
                                                        1. Log in to the CCE console.
                                                        2. Click the cluster name to access the cluster details page, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                        3. Set basic information about the workload. 
                                                          Basic Info
                                                          • Workload Type: Select StatefulSet. For details about workload types, see Overview.
                                                          • Workload Name: Enter the name of the workload. Enter 1 to 52 characters starting with a lowercase letter and ending with a letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                          • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                          • Pods: Enter the number of pods.
                                                          • Container Runtime: A CCE cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences between runC and Kata, see Kata Containers and Common Containers.
                                                          • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                                                          
+
                                                          Using the CCE Console
                                                          1. Log in to the CCE console.
                                                          2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                          3. Set basic information about the workload. 
                                                            Basic Info
                                                            • Workload Type: Select StatefulSet. For details about workload types, see Overview.
                                                            • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                            • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                            • Pods: Enter the number of pods of the workload.
                                                            • Container Runtime: A CCE cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Kata Runtime and Common Runtime.
                                                            • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                                                            
 
                                                            
-
                                                            Container Settings
                                                            • Container Information
                                                              Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                                                              • Basic Info: See Setting Basic Container Information.
                                                              • Lifecycle: See Setting Container Lifecycle Parameters.
                                                              • Health Check: See Setting Health Check for a Container.
                                                              • Environment Variables: See Setting an Environment Variable.
                                                              • Data Storage: See Overview.
                                                                 
                                                                • StatefulSets support dynamically provisioned EVS volumes.
                                                                  Dynamic mounting is achieved by using the volumeClaimTemplates field and depends on the dynamic creation capability of StorageClass. A StatefulSet associates each pod with a unique PVC using the volumeClaimTemplates field, and the PVCs are bound to their corresponding PVs. Therefore, after the pod is rescheduled, the original data can still be mounted thanks to the PVC.
                                                                  
+
                                                                  Container Settings
                                                                  • Container Information
                                                                    Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                                                                    • Basic Info: Configure basic information about the container.
+
                                                      Table 1 Configuring log policies
                                                      Parameter
                                                      
                                                       		
 
                                                      Description
                                                      
                                                       		
 
                                                      
 
                                                      Storage Type
                                                      
+
                                                      Volume Type
                                                      
 
                                                      • Host Path (hostPath): A host path is mounted to the specified container path (mount path). In the node host path, you can view the container logs output into the mount path.
                                                      • Container Path (emptyDir): A temporary path of the node is mounted to the specified path (mount path). Log data that exists in the temporary path but is not reported by the collector to AOM will disappear after the pod is deleted.
                                                      
+
                                                      • Host Path (hostPath): A host path is mounted to the specified container path (mount path). In the node host path, you can view the container logs output into the mount path.
                                                      • Container Path (emptyDir): A temporary path of the node is mounted to the specified path (mount path). Log data that exists in the temporary path but is not reported by the collector to AOM will disappear after the pod is deleted.
                                                      
                                                       		
 
                                                      
 
                                                      Host Path
                                                      
@@ -23,7 +23,7 @@
 
                                                      Enter a host path, for example, /var/paas/sys/log/nginx.
                                                      
                                                       		
 
                                                      Container Path
                                                      
+
                                                      Mount Path
                                                      
                                                       		
 
                                                      Container path (for example, /tmp) to which the storage resources will be mounted.
                                                       NOTICE: 
                                                      • Do not mount storage to a system directory such as / or /var/run; this action may cause a container error to occur. You are advised to mount the container to an empty directory. If the directory is not empty, ensure that there are no files affecting container startup in the directory. Otherwise, such files will be replaced, resulting in failures to start the container and create the workload.
                                                      • When the container is mounted to a high-risk directory, you are advised to use an account with minimum permissions to start the container; otherwise, high-risk files on the host machine may be damaged.
                                                      • AOM collects only the first 20 log files that have been modified recently. It collects files from 2 levels of subdirectories by default.
                                                      • AOM only collects .log, .trace, and .out text log files in the mount paths.
                                                      • For details about how to set permissions for mount points in a container, see Configure a Security Context for a Pod or Container.
                                                      
 
                                                      
@@ -38,10 +38,19 @@
 
                                                      • None: No extended path is configured. 
                                                      • PodUID: ID of a pod.
                                                      • PodName: name of a pod.
                                                      • PodUID/ContainerName: ID of a pod or name of a container.
                                                      • PodName/ContainerName: name of a pod or container.
                                                      
 
                                                      		
 
                                                      Collection Path
                                                      
+
                                                      A collection path narrows down the scope of collection to specified logs. 
                                                      
+
                                                      • If no collection path is specified, log files in .log, .trace, and .out formats will be collected from the specified path.
                                                      • /Path/**/ indicates that all log files in .log, .trace, and .out formats will be recursively collected from the specified path and all subdirectories at 5 levels deep.
                                                      • * in log file names indicates a fuzzy match.
                                                      
+
                                                      Example: The collection path /tmp/**/test*.log indicates that all .log files prefixed with test will be collected from /tmp and subdirectories at 5 levels deep.
                                                      
+
                                                       CAUTION: 
                                                      Ensure that the ICAgent version is 5.12.22 or later.
                                                      
+
                                                      
+
                                                      
 
                                                      Log Dump
                                                      
                                                       		
 
                                                      Log dump refers to rotating log files on a local host.
                                                      
-
                                                      • Enabled: AOM scans log files every minute. When a log file exceeds 50 MB, it is dumped immediately. A new .zip file is generated in the directory where the log file locates. For a log file, AOM stores only the latest 20 .zip files. When the number of .zip files exceeds 20, earlier .zip files will be deleted. After the dump is complete, the log file in AOM will be cleared.
                                                      • Disabled: AOM does not dump log files.
                                                      
+
                                                      • Enabled: AOM scans log files every minute. When a log file exceeds 50 MB, it is dumped. A new .zip file is generated in the directory where the log file locates. For a log file, AOM stores only the latest 20 .zip files. When the number of .zip files exceeds 20, earlier .zip files will be deleted.
                                                      • Disabled: AOM does not dump log files.
                                                      
 
                                                       NOTE: 
                                                      • AOM rotates log files using copytruncate. Before enabling log dumping, ensure that log files are written in the append mode. Otherwise, file holes may occur.
                                                      • Currently, mainstream log components such as Log4j and Logback support log file rotation. If you have already set rotation for log files, skip the configuration. Otherwise, conflicts may occur.
                                                      • You are advised to configure log file rotation for your own services to flexibly control the size and number of rolled files.
                                                      
 
                                                      
 
                                                      Extended host path
                                                      
                                                       		
 
                                                      Extended host paths contain pod IDs or container names to distinguish different containers into which the host path is mounted.
                                                      
-
                                                      A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single Pod.
                                                      
-
                                                      • None: No extended path is configured. 
                                                      • PodUID: ID of a pod.
                                                      • PodName: name of a pod.
                                                      • PodUID/ContainerName: ID of a pod or name of a container.
                                                      • PodName/ContainerName: name of a pod or container.
                                                      
+
                                                      A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single Pod.
                                                      
+
                                                      • None: No extended path is configured. 
                                                      • PodUID: ID of a pod.
                                                      • PodName: name of a pod.
                                                      • PodUID/ContainerName: ID of a pod or name of a container.
                                                      • PodName/ContainerName: name of a pod or container.
                                                      
                                                       		
 
                                                      
 
                                                      policy.logs.rotate
                                                      
@@ -155,11 +164,22 @@ spec:
 
                                                      Log dump
                                                      
                                                       		
 
                                                      Log dump refers to rotating log files on a local host.
                                                      
-
                                                      • Enabled: AOM scans log files every minute. When a log file exceeds 50 MB, it is dumped immediately. A new .zip file is generated in the directory where the log file locates. For a log file, AOM stores only the latest 20 .zip files. When the number of .zip files exceeds 20, earlier .zip files will be deleted. After the dump is complete, the log file in AOM will be cleared.
                                                      • Disabled: AOM does not dump log files.
                                                      
+
                                                      • Enabled: AOM scans log files every minute. When a log file exceeds 50 MB, it is dumped immediately. A new .zip file is generated in the directory where the log file locates. For a log file, AOM stores only the latest 20 .zip files. When the number of .zip files exceeds 20, earlier .zip files will be deleted. After the dump is complete, the log file in AOM will be cleared.
                                                      • Disabled: AOM does not dump log files.
                                                      
 
                                                       NOTE: 
                                                      • AOM rotates log files using copytruncate. Before enabling log dumping, ensure that log files are written in the append mode. Otherwise, file holes may occur.
                                                      • Currently, mainstream log components such as Log4j and Logback support log file rotation. If you have set rotation for log files, skip the configuration. Otherwise, conflicts may occur.
                                                      • You are advised to configure log file rotation for your own services to flexibly control the size and number of rolled files.
                                                      
 
                                                      
                                                       		
 
                                                      policy.logs.annotations.pathPattern
                                                      
+
                                                      Collection path
                                                      
+
                                                      A collection path narrows down the scope of collection to specified logs. 
                                                      
+
                                                      • If no collection path is specified, log files in .log, .trace, and .out formats will be collected from the specified path.
                                                      • /Path/**/ indicates that all log files in .log, .trace, and .out formats will be recursively collected from the specified path and all subdirectories at 5 levels deep.
                                                      • * in log file names indicates a fuzzy match.
                                                      
+
                                                      Example: The collection path /tmp/**/test*.log indicates that all .log files prefixed with test will be collected from /tmp and subdirectories at 5 levels deep.
                                                      
+
                                                       CAUTION: 
                                                      Ensure that the ICAgent version is 5.12.22 or later.
                                                      
+
                                                      
+
                                                      
 
                                                      policy.logs.annotations.format
                                                      
                                                       		
 
                                                      Multi-line log matching
                                                      
diff --git a/docs/cce/umn/cce_10_0019.html b/docs/cce/umn/cce_10_0019.html
index 75f213230..38c7777c3 100644
--- a/docs/cce/umn/cce_10_0019.html
+++ b/docs/cce/umn/cce_10_0019.html
@@ -1,6 +1,6 @@
 
 
-
                                                      Charts
                                                      
+
                                                      Helm Chart
                                                      
 
                                                      
 
 
diff --git a/docs/cce/umn/cce_10_0020.html b/docs/cce/umn/cce_10_0020.html
index 688efde13..1ceefb945 100644
--- a/docs/cce/umn/cce_10_0020.html
+++ b/docs/cce/umn/cce_10_0020.html
@@ -1,6 +1,6 @@
 
 
-
                                                      Networking
                                                      
+
                                                      Network
                                                      
 
                                                      
 
 
diff --git a/docs/cce/umn/cce_10_0024.html b/docs/cce/umn/cce_10_0024.html
index 56be09999..9e7645e2e 100644
--- a/docs/cce/umn/cce_10_0024.html
+++ b/docs/cce/umn/cce_10_0024.html
@@ -1,6 +1,6 @@
 
 
-
                                                      Cloud Trace Service (CTS)
                                                      
+
                                                      CTS Logs
                                                      
 
                                                      
 
                                                      
 
+
+
                                                      
+
                                                      Parent topic: Observability
                                                      
+
                                                      
 
                                                      
 
diff --git a/docs/cce/umn/cce_10_0025.html b/docs/cce/umn/cce_10_0025.html
index adbe16149..3bf193ac4 100644
--- a/docs/cce/umn/cce_10_0025.html
+++ b/docs/cce/umn/cce_10_0025.html
@@ -590,7 +590,7 @@
 
 
                                                      
 
                                                      
-
                                                      Parent topic: Cloud Trace Service (CTS)
                                                      
+
                                                      Parent topic: CTS Logs
                                                      
 
                                                      
 
                                                      
 
diff --git a/docs/cce/umn/cce_10_0026.html b/docs/cce/umn/cce_10_0026.html
index 152c4176d..f5ac310a4 100644
--- a/docs/cce/umn/cce_10_0026.html
+++ b/docs/cce/umn/cce_10_0026.html
@@ -3,19 +3,19 @@
 
                                                      Querying CTS Logs
                                                      
 
                                                      Scenario
                                                      After you enable CTS, the system starts recording operations on CCE resources. Operation records of the last 7 days can be viewed on the CTS management console.
                                                      
 
                                                      
-
                                                      Procedure
                                                      1. Log in to the management console.
                                                      2. Click  in the upper left corner and select a region.
                                                      3. Choose Service List from the main menu. Choose Management & Deployment > Cloud Trace Service.
                                                      4. In the navigation pane of the CTS console, choose Cloud Trace Service > Trace List.
                                                      5. On the Trace List page, query operation records based on the search criteria. Currently, the trace list supports trace query based on the combination of the following search criteria:
                                                        • Trace Source, Resource Type, and Search By
                                                          Select the search criteria from the drop-down lists. Select CCE from the Trace Source drop-down list.
                                                          
+
                                                          Procedure
                                                          1. Log in to the management console.
                                                          2. Click  in the upper left corner and select a region.
                                                          3. Choose Service List from the main menu. Choose Management & Deployment > Cloud Trace Service.
                                                          4. In the navigation pane of the CTS console, choose Cloud Trace Service > Trace List.
                                                          5. On the Trace List page, query operation records based on the search criteria. Currently, the trace list supports trace query based on the combination of the following search criteria:
                                                            • Trace Source, Resource Type, and Search By
                                                              Select the search criteria from the drop-down lists. Select CCE from the Trace Source drop-down list.
                                                              
 
                                                              If you select Trace name from the Search By drop-down list, specify the trace name.
                                                              
 
                                                              If you select Resource ID from the Search By drop-down list, select or enter a specific resource ID.
                                                              
 
                                                              If you select Resource name from the Search By drop-down list, select or enter a specific resource name.
                                                              
 
                                                            • Operator: Select a specific operator (at user level rather than account level).
                                                            • Trace Status: Set this parameter to any of the following values: All trace statuses, normal, warning, and incident.
                                                            • Time range: You can query traces generated during any time range in the last seven days.
                                                            
-
                                                          6. Click  on the left of a trace to expand its details, as shown below.
                                                            Figure 1 Expanding trace details
                                                            
-
                                                          7. Click View Trace in the Operation column. The trace details are displayed.
                                                            Figure 2 Viewing event details
                                                            
+
                                                          8. Click  on the left of a trace to expand its details, as shown below.
                                                            Figure 1 Expanding trace details
                                                            
+
                                                          9. Click View Trace in the Operation column. The trace details are displayed.
                                                            Figure 2 Viewing event details
                                                            
 
                                                          
 
                                                          
 
                                                      
 
                                                      
 
                                                      
-
                                                      Parent topic: Cloud Trace Service (CTS)
                                                      
+
                                                      Parent topic: CTS Logs
                                                      
 
                                                      
 
                                                      
 
diff --git a/docs/cce/umn/cce_10_0028.html b/docs/cce/umn/cce_10_0028.html
index 059e0b6b4..18aa52904 100644
--- a/docs/cce/umn/cce_10_0028.html
+++ b/docs/cce/umn/cce_10_0028.html
@@ -1,33 +1,35 @@
 
 
-
                                                      Creating a CCE Cluster
                                                      
-
                                                      On the CCE console, you can easily create Kubernetes clusters. Kubernetes can manage container clusters at scale. A cluster manages a group of node resources.
                                                      
-
                                                      In CCE, you can create a CCE cluster to manage VMs. By using high-performance network models, hybrid clusters provide a multi-scenario, secure, and stable runtime environment for containers.
                                                      
-
                                                      Notes and Constraints
                                                      • During the node creation, software packages are downloaded from OBS using the domain name. You need to use a private DNS server to resolve the OBS domain name, and configure the DNS server address of the subnet where the node resides with a private DNS server address. When you create a subnet, the private DNS server is used by default. If you change the subnet DNS, ensure that the DNS server in use can resolve the OBS domain name.
                                                      • You can create a maximum of 50 clusters in a single region.
                                                      • After a cluster is created, the following items cannot be changed:
                                                        • Cluster type
                                                        • Number of master nodes in the cluster
                                                        • AZ of a master node
                                                        • Network configuration of the cluster, such as the VPC, subnet, container CIDR block, Service CIDR block, and kube-proxy (forwarding) settings
                                                        • Network model. For example, change Tunnel network to VPC network.
                                                        
+
                                                        Creating a Cluster
                                                        
+
                                                        On the CCE console, you can easily create Kubernetes clusters. After a cluster is created, the master node is hosted by CCE. You only need to create worker nodes. In this way, you can implement cost-effective O&M and efficient service deployment.
                                                        
+
                                                        Constraints
                                                        • During the node creation, software packages are downloaded from OBS using the domain name. Use a private DNS server to resolve the OBS domain name, and configure the DNS server address of the subnet where the node resides with a private DNS server address. When you create a subnet, the private DNS server is used by default. If you change the subnet DNS, ensure that the DNS server in use can resolve the OBS domain name.
                                                        • You can create a maximum of 50 clusters in a single region.
                                                        • After a cluster is created, the following items cannot be changed:
                                                          • Cluster type
                                                          • Number of master nodes in the cluster
                                                          • AZ of a master node
                                                          • Network configuration of the cluster, such as the VPC, subnet, container CIDR block, Service CIDR block, and kube-proxy (request forwarding) settings.
                                                          • Network model. For example, change Tunnel network to VPC network.
                                                          
 
                                                        
 
                                                        
-
                                                        Procedure
                                                        1. Log in to the CCE console. Choose Clusters. On the displayed page, click Create next to CCE cluster.
                                                        2. Set cluster parameters.
                                                          Basic Settings
                                                          • Cluster Name
                                                          • Cluster Version: Select the Kubernetes version used by the cluster.
                                                          • Cluster Scale: maximum number of nodes that can be managed by the cluster. 
                                                          • HA: distribution mode of master nodes. By default, master nodes are randomly distributed in different AZs to improve DR capabilities.
                                                            You can also expand advanced settings and customize the master node distribution mode. The following two modes are supported:
                                                            • Random: Master nodes are created in different AZs for DR.
                                                            • Custom: You can determine the location of each master node.
                                                              • Host: Master nodes are created on different hosts in the same AZ.
                                                              • Custom: You can determine the location of each master node.
                                                              
+
                                                              Procedure
                                                              1. Log in to the CCE console.
                                                              2. Choose Clusters. On the displayed page, select the type of the cluster to be created and click Create.
                                                              3. Specify cluster parameters.
                                                                Basic Settings
                                                                • Cluster Name: indicates the name of the cluster to be created. The cluster name must be unique under the same account.
                                                                • Cluster Version: Select the Kubernetes version used by the cluster.
                                                                • Cluster Scale: maximum number of nodes that can be managed by the cluster. 
                                                                • HA: distribution mode of master nodes. By default, master nodes are randomly distributed in different AZs to improve DR capabilities.
                                                                  You can also expand advanced settings and customize the master node distribution mode. The following two modes are supported:
                                                                  • Random: Master nodes are created in different AZs for DR.
                                                                  • Custom: You can determine the location of each master node.
                                                                    • Host: Master nodes are created on different hosts in the same AZ.
                                                                    • Custom: You can determine the location of each master node.
                                                                    
 
                                                                  
 
                                                                  
 
                                                                
 
                                                                
 
                                                                Network Settings
                                                                
 
                                                                The cluster network settings cover nodes, containers, and Services. For details about the cluster networking and container network models, see Overview.
                                                                
-
                                                                • Network Model: CCE clusters support VPC network and tunnel network models. For details, see VPC Network and Container Tunnel Network.
                                                                • VPC: Select the VPC to which the cluster belongs. If no VPC is available, click Create VPC to create one. The VPC cannot be changed after creation. 
                                                                • Master Node Subnet: Select the subnet where the master node is deployed. If no subnet is available, click Create Subnet to create one. The subnet cannot be changed after creation.
                                                                • Container CIDR Block: Set the CIDR block used by containers. 
                                                                • Service CIDR Block: CIDR block for Services used by containers in the same cluster to access each other. The value determines the maximum number of Services you can create. The value cannot be changed after creation.
                                                                
+
                                                                • Network Model: CCE clusters support VPC network and Tunnel network. CCE Turbo clusters support Cloud Native Network 2.0.. For details, see Overview.
                                                                • VPC: Select the VPC to which the cluster belongs. If no VPC is available, click Create VPC to create one. The value cannot be changed after creation.
                                                                • Master Node Subnet: Select the subnet where the master node is deployed. If no subnet is available, click Create Subnet to create one. The subnet cannot be changed after creation.
                                                                • Container CIDR Block (CCE Cluster): Specify the CIDR block used by containers, which determines the maximum number of containers in the cluster. 
                                                                • Default Pod Subnet (CCE Turbo Cluster): Select the subnet where the container is located. If no subnet is available, click Create Subnet. The pod subnet determines the maximum number of containers in the cluster. You can add pod subnets after creating the cluster.
                                                                • Service CIDR Block: CIDR block for Services used by containers in the same cluster to access each other. The value determines the maximum number of Services you can create. The value cannot be changed after creation.
                                                                
 
                                                                Advanced Settings
                                                                
-
                                                                • Request Forwarding: The IPVS and iptables modes are supported. For details, see Comparing iptables and IPVS.
                                                                • CPU Manager: For details, see Binding CPU Cores.
                                                                • Certificate Authentication:
                                                                  • Default: The X509-based authentication mode is enabled by default. X509 is a commonly used certificate format.
                                                                  • Custom: The cluster can identify users based on the header in the request body for authentication. 
                                                                    You need to upload your CA root certificate, client certificate, and private key of the client certificate.
                                                                    
-
                                                                     
                                                                    • Upload a file smaller than 1 MB. The CA certificate and client certificate can be in .crt or .cer format. The private key of the client certificate can only be uploaded unencrypted.
                                                                    • The validity period of the client certificate must be longer than five years.
                                                                    • The uploaded CA certificate is used for both the authentication proxy and the kube-apiserver aggregation layer configuration. If the certificate is invalid, the cluster cannot be created.
                                                                    • Starting from v1.25, Kubernetes no longer supports certificate authentication generated using the SHA1WithRSA or ECDSAWithSHA1 algorithm. You are advised to use the SHA256 algorithm.
                                                                    
+
                                                                    • Request Forwarding: The IPVS and iptables modes are supported. For details, see Comparing iptables and IPVS.
                                                                    • CPU Manager: When enabled, CPU cores will be exclusively allocated to workload pods. For details, see CPU Policy.
                                                                    • Resource Tag:
                                                                      You can add resource tags to classify resources.
                                                                      
+
                                                                    • Certificate Authentication:
                                                                      • Default: The X509-based authentication mode is enabled by default. X509 is a commonly used certificate format.
                                                                      • Custom: The cluster can identify users based on the header in the request body for authentication. 
                                                                        Upload your CA root certificate, client certificate, and private key of the client certificate.
                                                                        
+
                                                                         
                                                                        • Upload a file smaller than 1 MiB. The CA certificate and client certificate can be in .crt or .cer format. The private key of the client certificate can only be uploaded unencrypted.
                                                                        • The validity period of the client certificate must be longer than five years.
                                                                        • The uploaded CA certificate is used for both the authentication proxy and the kube-apiserver aggregation layer configuration. If the certificate is invalid, the cluster cannot be created.
                                                                        • Starting from v1.25, Kubernetes no longer supports certificate authentication generated using the SHA1WithRSA or ECDSAWithSHA1 algorithm. You are advised to use the SHA256 algorithm.
                                                                        
 
                                                                        
 
                                                                      
-
                                                                    • Description: The value can contain a maximum of 200 English characters.
                                                                    
-
                                                                  • Click Next: Add-on Configuration.
                                                                    Domain Name Resolution: Uses the coredns add-on, installed by default, to resolve domain names and connect to the cloud DNS server.
                                                                    
-
                                                                    Container Storage: Uses the everest add-on, installed by default, to provide container storage based on CSI and connect to cloud storage services such as EVS.
                                                                    
-
                                                                    Service logs
                                                                    • Using ICAgent:
                                                                      A log collector provided by Application Operations Management (AOM), reporting logs to AOM and Log Tank Service (LTS) according to the log collection rules you configured.
                                                                      
+
                                                                    • Description: The description cannot exceed 200 characters.
                                                                    
+
                                                                  • Click Next: Add-on Configuration.
                                                                    Domain Name Resolution:
                                                                    
+
                                                                    • Domain Name Resolution: The coredns add-on is installed by default to resolve domain names and connect to the cloud DNS server.
                                                                    
+
                                                                    Container Storage: The everest add-on is installed by default to provide container storage based on CSI and connect to cloud storage services such as EVS.
                                                                    
+
                                                                    Fault Detection: The npd add-on is installed by default to provide node fault detection and isolation for the cluster, helping you identify node problems in a timely manner.
                                                                    
+
                                                                    Data Plane Logs
                                                                    • Using ICAgent:
                                                                      A log collector provided by Application Operations Management (AOM), reporting logs to AOM and Log Tank Service (LTS) according to the log collection rules you configured.
                                                                      
 
                                                                      You can collect stdout logs as required.
                                                                      
 
                                                                    
 
                                                                    
-
                                                                    Overload Control: If overload control is enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.
                                                                    
-
                                                                  • After setting the parameters, click Next: Confirm. After confirming that the cluster configuration information is correct, select I have read and understand the preceding instructions and click Submit.
                                                                    It takes about 6 to 10 minutes to create a cluster. You can click Back to Cluster List to perform other operations on the cluster or click Go to Cluster Events to view the cluster details.
                                                                    
+
                                                                    Overload Control: If enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available. For details, see Cluster Overload Control.
                                                                    
+
                                                                  • After the parameters are specified, click Next: Confirm. The cluster resource list is displayed. Confirm the information and click Submit.
                                                                    It takes about 6 to 10 minutes to create a cluster. You can click Back to Cluster List to perform other operations on the cluster or click Go to Cluster Events to view the cluster details.
                                                                    
 
                                                              
 
                                                              
 
                                                              Related Operations
                                                              
@@ -35,7 +37,7 @@
 
                                                              
 
                                                              
 
                                                              
-
                                                              Parent topic: Clusters
                                                              
+
                                                              Parent topic: Creating a Cluster
                                                              
 
                                                              
 
                                                              
 
diff --git a/docs/cce/umn/cce_10_0031.html b/docs/cce/umn/cce_10_0031.html
index 4edbb64b7..29fe7e0c2 100644
--- a/docs/cce/umn/cce_10_0031.html
+++ b/docs/cce/umn/cce_10_0031.html
@@ -6,12 +6,14 @@
 
 
 
                                                              
diff --git a/docs/cce/umn/cce_10_00356.html b/docs/cce/umn/cce_10_00356.html
index 4c80b9ebf..b647dab19 100644
--- a/docs/cce/umn/cce_10_00356.html
+++ b/docs/cce/umn/cce_10_00356.html
@@ -1,17 +1,17 @@
 
 
 
                                                              Accessing a Container
                                                              
-
                                                              Scenario
                                                              If you encounter unexpected problems when using a container, you can log in to the container for debugging.
                                                              
+
                                                              Scenario
                                                              If you encounter unexpected problems when using a container, you can log in to the container to debug it.
                                                              
 
                                                              
-
                                                              Logging In to a Container Using kubectl
                                                              1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                              2. Run the following command to view the created pod:
                                                                kubectl get pod
                                                                
+
                                                                Logging In to a Container Using kubectl
                                                                1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                2. Run the following command to view the created pod:
                                                                  kubectl get pod
                                                                  
 
                                                                  The example output is as follows:
                                                                  NAME                               READY   STATUS    RESTARTS       AGE
 nginx-59d89cb66f-mhljr             1/1     Running   0              11m
                                                                  
 
                                                                  
-
                                                                3. Query the name of the container in the pod.
                                                                  kubectl get po nginx-59d89cb66f-mhljr -o jsonpath='{range .spec.containers[*]}{.name}{end}{"\n"}'
                                                                  
+
                                                                4. Query the container name in the pod.
                                                                  kubectl get po nginx-59d89cb66f-mhljr -o jsonpath='{range .spec.containers[*]}{.name}{end}{"\n"}'
                                                                  
 
                                                                  The example output is as follows:
                                                                  container-1
                                                                  
 
                                                                  
-
                                                                5. Run the following command to log in to the container named container-1 in nginx-59d89cb66f-mhljrPod:
                                                                  kubectl exec -it nginx-59d89cb66f-mhljr -c container-1 -- /bin/sh
                                                                  
-
                                                                6. To exit the container, run the exit command.
                                                                
+
                                                              3. Run the following command to log in to the container-1 container in the nginx-59d89cb66f-mhljr pod:
                                                                kubectl exec -it nginx-59d89cb66f-mhljr -c container-1 -- /bin/sh
                                                                
+
                                                              4. To exit the container, run the exit command.
                                                              
 
                                                              
 
                                                              
 
                                                              
diff --git a/docs/cce/umn/cce_10_0036.html b/docs/cce/umn/cce_10_0036.html
index 3b8fed042..ff044c618 100644
--- a/docs/cce/umn/cce_10_0036.html
+++ b/docs/cce/umn/cce_10_0036.html
@@ -3,15 +3,15 @@
 
                                                              Stopping a Node
                                                              
 
                                                              Scenario
                                                              After a node in the cluster is stopped, services on the node are also stopped. Before stopping a node, ensure that discontinuity of the services on the node will not result in adverse impacts.
                                                              
 
                                                              
-
                                                              Notes and Constraints
                                                              • Deleting a node will lead to pod migration, which may affect services. Therefore, delete nodes during off-peak hours.
                                                              • Unexpected risks may occur during node deletion. Back up related data in advance.
                                                              • While the node is being deleted, the backend will set the node to the unschedulable state.
                                                              • Only worker nodes can be stopped.
                                                              
+
                                                              Constraints
                                                              • Deleting a node will lead to pod migration, which may affect services. Therefore, delete nodes during off-peak hours.
                                                              • Unexpected risks may occur during node deletion. Back up related data in advance.
                                                              • While the node is being deleted, the backend will set the node to the unschedulable state.
                                                              • Only worker nodes can be stopped.
                                                              
 
                                                              
-
                                                              Procedure
                                                              1. Log in to the CCE console and click the cluster name to access the cluster.
                                                              2. In the navigation pane, choose Nodes. In the right pane, click the name of the node to be stopped.
                                                              3. In the upper right corner of the ECS details page, click Stop in the instance status area. In the displayed dialog box, click Yes.
                                                                Figure 1 ECS details page
                                                                
+
                                                                Procedure
                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                2. In the navigation pane, choose Nodes. In the right pane, click the name of the node to be stopped.
                                                                3. In the upper right corner of the ECS details page, click Stop. In the displayed dialog box, click Yes.
                                                                  Figure 1 ECS details page
                                                                  
 
                                                                
 
                                                                
 
                                                              
 
                                                              
 
                                                              
-
                                                              Parent topic: Nodes
                                                              
+
                                                              Parent topic: Management Nodes
                                                              
 
                                                              
 
                                                              
 
diff --git a/docs/cce/umn/cce_10_0044.html b/docs/cce/umn/cce_10_0044.html
new file mode 100644
index 000000000..bfd0700b4
--- /dev/null
+++ b/docs/cce/umn/cce_10_0044.html
@@ -0,0 +1,23 @@
+
+
+
                                                              Elastic Volume Service (EVS)
                                                              
+
                                                              
+
+
diff --git a/docs/cce/umn/cce_10_0046.html b/docs/cce/umn/cce_10_0046.html
index 2173e6fdb..c42d01c69 100644
--- a/docs/cce/umn/cce_10_0046.html
+++ b/docs/cce/umn/cce_10_0046.html
@@ -6,31 +6,15 @@
 
 
                                                              
diff --git a/docs/cce/umn/cce_10_0047.html b/docs/cce/umn/cce_10_0047.html
index 26c84a512..bafd67520 100644
--- a/docs/cce/umn/cce_10_0047.html
+++ b/docs/cce/umn/cce_10_0047.html
@@ -3,24 +3,88 @@
 
                                                              Creating a Deployment
                                                              
 
                                                              Scenario
                                                              Deployments are workloads (for example, Nginx) that do not store any data or status. You can create Deployments on the CCE console or by running kubectl commands.
                                                              
 
                                                              
-
                                                              Prerequisites
                                                              • Before creating a containerized workload, you must have an available cluster. For details on how to create a cluster, see Creating a CCE Cluster.
                                                              • To enable public access to a workload, ensure that an EIP or load balancer has been bound to at least one node in the cluster.
                                                                 
                                                                If a pod has multiple containers, ensure that the ports used by the containers do not conflict with each other. Otherwise, creating the Deployment will fail.
                                                                
+
                                                                Prerequisites
                                                                • Before creating a workload, you must have an available cluster. For details on how to create a cluster, see Creating a Cluster.
                                                                • To enable public access to a workload, ensure that an EIP or load balancer has been bound to at least one node in the cluster.
                                                                   
                                                                  If a pod has multiple containers, ensure that the ports used by the containers do not conflict with each other. Otherwise, creating the Deployment will fail.
                                                                  
 
                                                                  
 
                                                                
 
                                                                
-
                                                                Using the CCE Console
                                                                1. Log in to the CCE console.
                                                                2. Click the cluster name to access the cluster details page, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                                3. Set basic information about the workload. 
                                                                  Basic Info
                                                                  • Workload Type: Select Deployment. For details about workload types, see Overview.
                                                                  • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                  • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                                  • Pods: Enter the number of pods.
                                                                  • Container Runtime: A CCE cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences between runC and Kata, see Kata Containers and Common Containers.
                                                                  • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                                                                  
+
                                                                  Using the CCE Console
                                                                  1. Log in to the CCE console.
                                                                  2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                                  3. Set basic information about the workload. 
                                                                    Basic Info
                                                                    • Workload Type: Select Deployment. For details about workload types, see Overview.
                                                                    • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                    • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                                    • Pods: Enter the number of pods of the workload.
                                                                    • Container Runtime: A CCE cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Kata Runtime and Common Runtime.
                                                                    • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                                                                    
 
                                                                    
-
                                                                    Container Settings
                                                                    • Container Information
                                                                      Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                                                                      • Basic Info: See Setting Basic Container Information.
                                                                      • Lifecycle: See Setting Container Lifecycle Parameters.
                                                                      • Health Check: See Setting Health Check for a Container.
                                                                      • Environment Variables: See Setting an Environment Variable.
                                                                      • Data Storage: See Overview.
                                                                         
                                                                        If the workload contains more than one pod, EVS volumes cannot be mounted.
                                                                        
+
                                                                        Container Settings
                                                                        • Container Information
                                                                          Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                                                                          • Basic Info: Configure basic information about the container.
+
                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                            Parameter
                                                                            
+
                                                                            Description
                                                                            
+
                                                                            Container Name
                                                                            
+
                                                                            Name the container.
                                                                            
+
                                                                            Pull Policy
                                                                            
+
                                                                            Image update or pull policy. If you select Always, the image is pulled from the image repository each time. If you do not select Always, the existing image of the node is preferentially used. If the image does not exist, the image is pulled from the image repository.
                                                                            
+
                                                                            Image Name
                                                                            
+
                                                                            Click Select Image and select the image used by the container.
                                                                            
+
                                                                            To use a third-party image, see Using Third-Party Images.
                                                                            
+
                                                                            Image Tag
                                                                            
+
                                                                            Select the image tag to be deployed.
                                                                            
+
                                                                            CPU Quota
                                                                            
+
                                                                            • Request: minimum number of CPU cores required by a container. The default value is 0.25 cores.
                                                                            • Limit: maximum number of CPU cores available for a container. Do not leave Limit unspecified. Otherwise, intensive use of container resources will occur and your workload may exhibit unexpected behavior.
                                                                            
+
                                                                            If Request and Limit are not specified, the quota is not limited. For more information and suggestions about Request and Limit, see Setting Container Specifications.
                                                                            
+
                                                                            Memory Quota
                                                                            
+
                                                                            • Request: minimum amount of memory required by a container. The default value is 512 MiB.
                                                                            • Limit: maximum amount of memory available for a container. When memory usage exceeds the specified memory limit, the container will be terminated.
                                                                            
+
                                                                            If Request and Limit are not specified, the quota is not limited. For more information and suggestions about Request and Limit, see Setting Container Specifications.
                                                                            
+
                                                                            (Optional) GPU Quota
                                                                            
+
                                                                            Configurable only when the cluster contains GPU nodes and the gpu-beta add-on is installed.
                                                                            
+
                                                                            • All: The GPU is not used.
                                                                            • Dedicated: GPU resources are exclusively used by the container.
                                                                            • Shared: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container uses 10% of GPU resources.
                                                                            
+
                                                                            For details about how to use GPU in the cluster, see Default GPU Scheduling in Kubernetes.
                                                                            
+
                                                                            (Optional) Privileged Container
                                                                            
+
                                                                            Programs in a privileged container have certain privileges.
                                                                            
+
                                                                            If Privileged Container is enabled, the container is assigned privileges. For example, privileged containers can manipulate network devices on the host machine and modify kernel parameters.
                                                                            
+
                                                                            (Optional) Init Container
                                                                            
+
                                                                            Indicates whether to use the container as an init container. The init container does not support health check.
                                                                            
+
                                                                            An init container is a special container that runs before other app containers in a pod are started. Each pod can contain multiple containers. In addition, a pod can contain one or more Init containers. Application containers in a pod are started and run only after the running of all Init containers completes. For details, see Init Container.
                                                                            
+
                                                                            
+
                                                                            
+
                                                                          • (Optional) Lifecycle: Configure operations to be performed in a specific phase of the container lifecycle, such as Startup Command, Post-Start, and Pre-Stop. For details, see Setting Container Lifecycle Parameters.
                                                                          • (Optional) Health Check: Set the liveness probe, ready probe, and startup probe as required. For details, see Setting Health Check for a Container.
                                                                          • (Optional) Environment Variables: Set variables for the container running environment using key-value pairs. These variables transfer external information to containers running in pods and can be flexibly modified after application deployment. For details, see Setting an Environment Variable.
                                                                          • (Optional) Data Storage: Mount local storage or cloud storage to the container. The application scenarios and mounting modes vary with the storage type. For details, see Storage.
                                                                             
                                                                            If the workload contains more than one pod, EVS volumes cannot be mounted.
                                                                            
 
                                                                            
-
                                                                          • Security Context: Set container permissions to protect the system and other containers from being affected. Enter the user ID to set container permissions and prevent systems and other containers from being affected.
                                                                          • Logging: See Using ICAgent to Collect Container Logs.
                                                                          
+
                                                                        • (Optional) Security Context: Set container permissions to protect the system and other containers from being affected. Enter the user ID to set container permissions and prevent systems and other containers from being affected.
                                                                        • (Optional) Logging: Report container stdout streams to AOM by default and require no manual settings. You can manually configure the log collection path. For details, see Using ICAgent to Collect Container Logs.
                                                                          To disable the standard output of the current workload, add the annotation kubernetes.AOM.log.stdout: [] in Labels and Annotations. For details about how to use this annotation, see Table 1.
                                                                          
+
                                                                        
 
                                                                        
-
                                                                      • Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                                                                      • GPU graphics card: All is selected by default. The workload instance will be scheduled to the node with the specified GPU graphics card type.
                                                                      
+
                                                                    • Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                                                                    • (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node with the specified GPU graphics card type.
                                                                    
 
                                                                    
-
                                                                    Service Settings
                                                                    
-
                                                                    A Service is used for pod access. With a fixed IP address, a Service forwards access traffic to pods and performs load balancing for these pods.
                                                                    
-
                                                                    You can also create a Service after creating a workload. For details about the Service, see Service Overview.
                                                                    
-
                                                                    Advanced Settings
+
                                                                    (Optional) Service Settings
                                                                    
+
                                                                    A Service provides external access for pods. With a static IP address, a Service forwards access traffic to pods and performs automatic load balancing for these pods.
                                                                    
+
                                                                    You can also create a Service after creating a workload. For details about Services of different types, see Overview.
                                                                    
+
                                                                    (Optional) Advanced Settings
                                                                    • Upgrade: Specify the upgrade mode and upgrade parameters of the workload. Rolling upgrade and Replace upgrade are supported. For details, see Configuring the Workload Upgrade Policy.
                                                                    • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Node affinity, pod affinity, and pod anti-affinity are supported. For details, see Scheduling Policy (Affinity/Anti-affinity).
                                                                    • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Taints and Tolerations.
                                                                    • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Labels and Annotations.
                                                                    • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
                                                                    • Network configuration:
+
                                                                    
 
                                                                    
-
                                                                  4. Click Create Workload in the lower right corner.
                                                                  
+
                                                                4. Click Create Workload in the lower right corner.
                                                                
 
                                                                
 
                                                                Using kubectl
                                                                The following procedure uses Nginx as an example to describe how to create a workload using kubectl.
                                                                
 
                                                                1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                2. Create and edit the nginx-deployment.yaml file. nginx-deployment.yaml is an example file name. You can rename it as required.
                                                                  vi nginx-deployment.yaml
                                                                  
@@ -88,7 +152,7 @@ spec:
 
                                                      Mandatory
                                                      
                                                       		
 
                                                      Spec
                                                      
+
                                                      spec
                                                      
                                                       		
 
                                                      Detailed description of the Deployment.
                                                      
                                                       		
 
 
 
 
                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                      Parameter
                                                      
+
                                                      Description
                                                      
+
                                                      Container Name
                                                      
+
                                                      Name the container.
                                                      
+
                                                      Pull Policy
                                                      
+
                                                      Image update or pull policy. If you select Always, the image is pulled from the image repository each time. If you do not select Always, the existing image of the node is preferentially used. If the image does not exist, the image is pulled from the image repository.
                                                      
+
                                                      Image Name
                                                      
+
                                                      Click Select Image and select the image used by the container.
                                                      
+
                                                      To use a third-party image, see Using Third-Party Images.
                                                      
+
                                                      Image Tag
                                                      
+
                                                      Select the image tag to be deployed.
                                                      
+
                                                      CPU Quota
                                                      
+
                                                      • Request: minimum number of CPU cores required by a container. The default value is 0.25 cores.
                                                      • Limit: maximum number of CPU cores available for a container. Do not leave Limit unspecified. Otherwise, intensive use of container resources will occur and your workload may exhibit unexpected behavior.
                                                      
+
                                                      If Request and Limit are not specified, the quota is not limited. For more information and suggestions about Request and Limit, see Setting Container Specifications.
                                                      
+
                                                      Memory Quota
                                                      
+
                                                      • Request: minimum amount of memory required by a container. The default value is 512 MiB.
                                                      • Limit: maximum amount of memory available for a container. When memory usage exceeds the specified memory limit, the container will be terminated.
                                                      
+
                                                      If Request and Limit are not specified, the quota is not limited. For more information and suggestions about Request and Limit, see Setting Container Specifications.
                                                      
+
                                                      (Optional) GPU Quota
                                                      
+
                                                      Configurable only when the cluster contains GPU nodes and the gpu-beta add-on is installed.
                                                      
+
                                                      • All: The GPU is not used.
                                                      • Dedicated: GPU resources are exclusively used by the container.
                                                      • Shared: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container uses 10% of GPU resources.
                                                      
+
                                                      For details about how to use GPU in the cluster, see Default GPU Scheduling in Kubernetes.
                                                      
+
                                                      (Optional) Privileged Container
                                                      
+
                                                      Programs in a privileged container have certain privileges.
                                                      
+
                                                      If Privileged Container is enabled, the container is assigned privileges. For example, privileged containers can manipulate network devices on the host machine and modify kernel parameters.
                                                      
+
                                                      (Optional) Init Container
                                                      
+
                                                      Indicates whether to use the container as an init container. The init container does not support health check.
                                                      
+
                                                      An init container is a special container that runs before other app containers in a pod are started. Each pod can contain multiple containers. In addition, a pod can contain one or more Init containers. Application containers in a pod are started and run only after the running of all Init containers completes. For details, see Init Container.
                                                      
+
                                                      
+
                                                      
+
                                                    7. (Optional) Lifecycle: Configure operations to be performed in a specific phase of the container lifecycle, such as Startup Command, Post-Start, and Pre-Stop. For details, see Setting Container Lifecycle Parameters.
                                                    8. (Optional) Health Check: Set the liveness probe, ready probe, and startup probe as required. For details, see Setting Health Check for a Container.
                                                    9. (Optional) Environment Variables: Set variables for the container running environment using key-value pairs. These variables transfer external information to containers running in pods and can be flexibly modified after application deployment. For details, see Setting an Environment Variable.
                                                    10. (Optional) Data Storage: Mount local storage or cloud storage to the container. The application scenarios and mounting modes vary with the storage type. For details, see Storage.
                                                       
                                                      • StatefulSets support dynamic attachment of EVS disks. For details, see Dynamically Mounting an EVS Disk to a StatefulSet and Dynamically Mounting a Local PV to a StatefulSet.
                                                        Dynamic mounting is achieved by using the volumeClaimTemplates field and depends on the dynamic creation capability of StorageClass. A StatefulSet associates each pod with a PVC using the volumeClaimTemplates field, and the PVC is bound to the corresponding PV. Therefore, after the pod is rescheduled, the original data can still be mounted based on the PVC name.
                                                        
 
                                                      • After a workload is created, the storage that is dynamically mounted cannot be updated.
                                                      
 
                                                      
-
                                                    11. Security Context: Set container permissions to protect the system and other containers from being affected. Enter the user ID to set container permissions and prevent systems and other containers from being affected.
                                                    12. Logging: See Using ICAgent to Collect Container Logs.
                                                      13. 
+
                                                    13. (Optional) Security Context: Set container permissions to protect the system and other containers from being affected. Enter the user ID to set container permissions and prevent systems and other containers from being affected.
                                                    14. (Optional) Logging: Report container stdout streams to AOM by default and require no manual settings. You can manually configure the log collection path. For details, see Using ICAgent to Collect Container Logs.
                                                      To disable the standard output of the current workload, add the annotation kubernetes.AOM.log.stdout: [] in Labels and Annotations. For details about how to use this annotation, see Table 1.
                                                      
+
                                                      15. 
 
                                                    
-
                                                  3. Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                                                  4. GPU graphics card: All is selected by default. The workload instance will be scheduled to the node with the specified GPU graphics card type.
                                                    5. 
+
                                                  5. Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                                                  6. (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node with the specified GPU graphics card type.
                                                    7. 
 
                                                  
 
                                                  Headless Service Parameters
                                                  
 
                                                  A headless Service is used to solve the problem of mutual access between pods in a StatefulSet. The headless Service provides a fixed access domain name for each pod. For details, see Headless Service.
                                                  
-
                                                  Service Settings
                                                  
-
                                                  A Service is used for pod access. With a fixed IP address, a Service forwards access traffic to pods and performs load balancing for these pods.
                                                  
-
                                                  You can also create a Service after creating a workload. For details about the Service, see Service Overview.
                                                  
-
                                                  Advanced Settings
                                                  • Upgrade: See Configuring the Workload Upgrade Policy.
                                                  • Scheduling: See Scheduling Policy (Affinity/Anti-affinity).
                                                  • Instances Management Policies
                                                    For some distributed systems, the StatefulSet sequence is unnecessary and/or should not occur. These systems require only uniqueness and identifiers.
                                                    
+
                                                    (Optional) Service Settings
                                                    
+
                                                    A Service provides external access for pods. With a static IP address, a Service forwards access traffic to pods and performs automatic load balancing for these pods.
                                                    
+
                                                    You can also create a Service after creating a workload. For details about Services of different types, see Overview.
                                                    
+
                                                    (Optional) Advanced Settings
                                                    • Upgrade: Specify the upgrade mode and upgrade parameters of the workload. Rolling upgrade and Replace upgrade are supported. For details, see Configuring the Workload Upgrade Policy.
                                                    • Pod Management Policies:
                                                      For some distributed systems, the StatefulSet sequence is unnecessary and/or should not occur. These systems require only uniqueness and identifiers.
                                                      
 
                                                      • OrderedReady: The StatefulSet will deploy, delete, or scale pods in order and one by one. (The StatefulSet continues only after the previous pod is ready or deleted.) This is the default policy.
                                                      • Parallel: The StatefulSet will create pods in parallel to match the desired scale without waiting, and will delete all pods at once.
                                                      
-
                                                    • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Tolerations.
                                                    • Labels and Annotations: See Pod Labels and Annotations.
                                                    • DNS: See DNS Configuration.
                                                    
+
                                                  • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Node affinity, pod affinity, and pod anti-affinity are supported. For details, see Scheduling Policy (Affinity/Anti-affinity).
                                                  • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Taints and Tolerations.
                                                  • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Labels and Annotations.
                                                  • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
                                                  • Network configuration:
+
                                                  
 
                                                  
-
                                                4. Click Create Workload in the lower right corner.
                                                  5. 
+
                                                5. Click Create Workload in the lower right corner.
                                                  6. 
 
                                                  
-
                                                  Using kubectl
                                                  In this example, an nginx workload is used and the EVS volume is dynamically mounted to it using the volumeClaimTemplates field.
                                                  
+
                                                  Using kubectl
                                                  In this example, an nginx workload is used and the EVS volume is dynamically mounted to it using the volumeClaimTemplates field.
                                                  
 
                                                  1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                  2. Create and edit the nginx-statefulset.yaml file.
                                                    nginx-statefulset.yaml is an example file name, and you can change it as required.
                                                    
 
                                                    vi nginx-statefulset.yaml
                                                    
 
                                                    The following provides an example of the file contents. For more information on StatefulSet, see the Kubernetes documentation.
                                                    
@@ -69,7 +133,7 @@ spec:
       volumes: []
   serviceName: nginx-svc
   replicas: 2
-volumeClaimTemplates:  # Dynamically mounts the EVS volume to the workload.
+  volumeClaimTemplates:  # Dynamically mounts the EVS volume to the workload.
     - apiVersion: v1
       kind: PersistentVolumeClaim
       metadata:
@@ -78,15 +142,15 @@ volumeClaimTemplates:  # Dynamically mounts the EVS volume to the workload.
         annotations:
           everest.io/disk-volume-type: SAS  # SAS EVS volume type.
         labels:
-          failure-domain.beta.kubernetes.io/region: eu-de  # region where the EVS volume is created.
+          failure-domain.beta.kubernetes.io/region: eu-de  # region where the EVS volume is created.
           failure-domain.beta.kubernetes.io/zone:    # AZ where the EVS volume is created. It must be the same as the AZ of the node.
       spec:
         accessModes:
-          - ReadWriteOnce  # The value must be ReadWriteOnce for the EVS volume.
+          - ReadWriteOnce  # The value must be ReadWriteOnce for the EVS volume.
         resources:
           requests:
             storage: 10Gi
-        storageClassName: csi-disk # Storage class name. The value is csi-disk for the EVS volume.
+        storageClassName: csi-disk # Storage class name. The value is csi-disk for the EVS volume.
   updateStrategy:
     type: RollingUpdate
 
                                                    vi nginx-headless.yaml
                                                    
@@ -115,12 +179,12 @@ spec:
 
                                                    kubectl create -f nginx-headless.yaml
                                                    
 
                                                    If the following information is displayed, the headless service has been successfully created.
                                                    
 
                                                    service/nginx-svc created
                                                    
-
                                                  3. If the workload will be accessed through a ClusterIP or NodePort Service, set the corresponding workload access type. For details, see Networking.
                                                  
+
                                                6. If the workload will be accessed through a ClusterIP or NodePort Service, set the corresponding workload access type. For details, see Network.
                                                  7. 
 
                                                  
 
                                                  
 
                                                  
 
                                                  
-
                                                  Parent topic: Workloads
                                                  
+
                                                  Parent topic: Creating a Workload
                                                  
 
                                                  
 
                                                  
 
diff --git a/docs/cce/umn/cce_10_0054.html b/docs/cce/umn/cce_10_0054.html
index 4bc4d0d1e..b28747994 100644
--- a/docs/cce/umn/cce_10_0054.html
+++ b/docs/cce/umn/cce_10_0054.html
@@ -21,7 +21,7 @@
 
                                                   NOTE: 
                                                  Naming rule of a master node: Cluster name-cce-control-Random number
                                                  
 
                                                  
 
-
                                                  Restore the security group by referring to the security group of the new cluster and allow traffic from the security group to pass through.
                                                  
+
                                                  Restore the security group by referring to "Creating a Cluster" and allow traffic from the security group to pass through.
                                                  
                                                   		
 
                                                  
 
                                                  Letting the node expire or destroying the node
                                                  
@@ -68,7 +68,7 @@
 
                                                  
 
                                                  Replacing the master or etcd certificate
                                                  
 
                                                  The cluster may become unavailable.
                                                  
+
                                                  The cluster may be unavailable.
                                                  
                                                   		
 
                                                  This operation cannot be undone.
                                                  
                                                   		
 
                                                  Restore the security group by referring to Creating a CCE Cluster and allow traffic from the security group to pass through.
                                                  
+
                                                  Restore the security group and allow traffic from the security group to pass through.
                                                  
                                                   		
 
                                                  
 
                                                  Deleting the node
                                                  
@@ -101,7 +101,7 @@
 
                                                  Upgrading the node kernel
                                                  
                                                   		
 
                                                  The node may be unavailable or the network may be abnormal.
                                                  
-
                                                   NOTE: 
                                                  Node running depends on the system kernel version. Do not use the yum update command to update or reinstall the operating system kernel of a node unless necessary. (Reinstalling the operating system kernel using the original image or other images is a risky operation.)
                                                  
+
                                                   NOTE: 
                                                  Node running depends on the system kernel version. Do not use the yum update command to update or reinstall the operating system kernel of a node unless necessary. (Reinstalling the operating system kernel using the original image or other images is a risky operation.)
                                                  
 
                                                  
 
                                                  		
 
                                                  For details, see Resetting a Node.
                                                  
@@ -128,11 +128,11 @@
 
                                                  Restore the configuration items or reset the node. For details, see Resetting a Node.
                                                  
                                                   		
 
                                                  Deleting or modifying the /opt/cloud/cce and /var/paas directories, and delete the data disk.
                                                  
+
                                                  Deleting or modifying the /opt/cloud/cce and /var/paas directories, and deleting the data disk
                                                  
                                                   		
 
                                                  The node will become unready.
                                                  
 
                                                  You can reset the node. For details, see Resetting a Node.
                                                  
+
                                                  Reset the node. For details, see Resetting a Node.
                                                  
                                                   		
 
                                                  
 
                                                  Modifying the node directory permission and the container directory permission
                                                  
@@ -146,7 +146,7 @@
                                                   		
 
                                                  The node may be unavailable.
                                                  
 
                                                  You can reset the node. For details, see Resetting a Node.
                                                  
+
                                                  Reset the node. For details, see Resetting a Node.
                                                  
                                                   		
 
                                                  
 
                                                  Installing other software on nodes
                                                  
@@ -163,7 +163,7 @@
 
                                                  Reset the node. For details, see Resetting a Node.
                                                  
                                                   		
 
                                                  Delete system images such as cfe-pause from the node.
                                                  
+
                                                  Delete system images such as cce-pause from the node.
                                                  
                                                   		
 
                                                  Containers cannot be created and system images cannot be pulled.
                                                  
 
                                                  
 
                                                  
 
                                                
-
                                                Networking and Load Balancing
                                                
+
                                                Networking
                                                
 
                                                
-
@@ -208,34 +208,7 @@
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                Table 2 High-risk operations and solutions
                                                Operation
                                                
                                                 		
 
                                                Impact
                                                
 
                                                How to Avoid/Fix
                                                
+
                                                Solution
                                                
                                                 		
 
                                                
                                                 
 
                                                The DNS in the cluster cannot work properly.
                                                
 
                                                Restore the security group by referring to Creating a CCE Cluster and allow traffic from the security group to pass through.
                                                
-
                                                Creating a custom listener on the ELB console for the load balancer managed by CCE
                                                
-
                                                The modified items are reset by CCE or the ingress is faulty.
                                                
-
                                                Use the YAML file of the Service to automatically create a listener.
                                                
-
                                                Binding a user-defined backend on the ELB console to the load balancer managed by CCE.
                                                
-
                                                Do not manually bind any backend.
                                                
-
                                                Changing the ELB certificate on the ELB console for the load balancer managed by CCE.
                                                
-
                                                Use the YAML file of the ingress to automatically manage certificates.
                                                
-
                                                Changing the listener name on the ELB console for the ELB listener managed by CCE.
                                                
-
                                                Do not change the name of the ELB listener managed by CCE.
                                                
-
                                                Changing the description of load balancers, listeners, and forwarding policies managed by CCE on the ELB console.
                                                
-
                                                Do not modify the description of load balancers, listeners, or forwarding policies managed by CCE.
                                                
+
                                                Restore the security group by referring to Creating a Cluster and allow traffic from the security group to pass through.
                                                
                                                 		
 
                                                
 
                                                Delete CRD resources of network-attachment-definitions of default-network.
                                                
@@ -249,27 +222,104 @@
 
                                                
 
                                                
 
                                                
-
                                                Logs
                                                
-
                                                Table 3 High-risk operations and solutions
                                                Operation
                                                
+
                                                Load Balancing
                                                
+
                                                
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                Table 3 Service ELB
                                                Operation
                                                
 
                                                Impact
                                                
+
                                                Impact
                                                
 
                                                Solution
                                                
+
                                                Solution
                                                
                                                 		
 
                                                
 
                                                Deleting the /tmp/ccs-log-collector/pos directory on the host machine
                                                
+
                                                Changing the private IPv4 address of a load balancer on the ELB console
                                                
 
                                                Logs are collected repeatedly.
                                                
+
                                                • The network traffic forwarded using the private IPv4 addresses will be interrupted.
                                                • The IP address in the status field of the Service/ingress YAML file is changed.
                                                
 
                                                None
                                                
+
                                                You are not advised to modify the permissions. Restore the permissions if they are modified.
                                                
                                                 		
 
                                                Deleting the /tmp/ccs-log-collector/buffer directory of the host machine
                                                
+
                                                Unbinding the IPv4 EIP from a load balancer on the ELB console
                                                
 
                                                Logs are lost.
                                                
+
                                                After the EIP is unbound from the load balancer, the load balancer will not be able to forward Internet traffic.
                                                
 
                                                None
                                                
+
                                                Restore the EIP binding.
                                                
+
                                                Creating a custom listener on the ELB console for the load balancer managed by CCE
                                                
+
                                                If a load balancer is automatically created when a Service or an ingress is created, the custom listener of the load balancer cannot be deleted when the Service or ingress is deleted. In this case, the load balancer cannot be automatically deleted.
                                                
+
                                                Use the listener automatically created through a Service or an ingress. If a custom listener is used, manually delete the target load balancer.
                                                
+
                                                Deleting a listener automatically created by CCE on the ELB console
                                                
+
                                                • Service/Ingress access fails.
                                                • After the master nodes are restarted, for example, due to a cluster upgrade, all your modifications will be reset by CCE.
                                                
+
                                                Re-create or update the Service or ingress.
                                                
+
                                                Modifying the basic configurations such as the name, access control, timeout, or description of a listener created by CCE on the ELB console
                                                
+
                                                After the master nodes are restarted, for example, due to a cluster upgrade, all your modifications will be reset by CCE if the listener is deleted.
                                                
+
                                                You are not advised to modify the permissions. Restore the permissions if they are modified.
                                                
+
                                                Modifying the backend server group of a listener created by CCE on the ELB console, including adding or deleting backend servers to or from the server group
                                                
+
                                                • Service/Ingress access fails.
                                                • After the master nodes are restarted, for example, due to a cluster upgrade, all your modifications will be reset by CCE.
                                                  • The deleted backend server will be restored.
                                                  • The added backend server will be removed.
                                                  
+
                                                
+
                                                Re-create or update the Service or ingress.
                                                
+
                                                Replacing the backend server group of a listener created by CCE on the ELB console
                                                
+
                                                • Service/Ingress access fails.
                                                • After the master nodes are restarted, for example, due to a cluster upgrade, all servers in the backend server group will be reset by CCE.
                                                
+
                                                Re-create or update the Service or ingress.
                                                
+
                                                Modifying the forwarding policy of a listener created by CCE on the ELB console, including adding or deleting a forwarding rule
                                                
+
                                                • Service/Ingress access fails.
                                                • After the master nodes are restarted, for example, due to a cluster upgrade, all your modifications will be reset by CCE if the forwarding rule is added by the ingress.
                                                
+
                                                You are not advised to modify the permissions. Restore the permissions if they are modified.
                                                
+
                                                Changing the ELB certificate on the ELB console for the load balancer managed by CCE
                                                
+
                                                After the master nodes are restarted, for example, due to a cluster upgrade, all servers in the backend server group will be reset by CCE.
                                                
+
                                                Use the YAML file of the ingress to automatically manage certificates.
                                                
+
                                                
+
                                                
+
                                                
+
                                                Logs
                                                
+
                                                
+
+
+
+
+
+
+
+
+
+
+
@@ -277,41 +327,41 @@
 
                                                EVS Disks
                                                
-
                                                Table 4 High-risk operations and solutions
                                                Operation
                                                
+
                                                Impact
                                                
+
                                                Solution
                                                
+
                                                Deleting the /tmp/ccs-log-collector/pos directory on the host machine
                                                
+
                                                Logs are collected repeatedly.
                                                
+
                                                None
                                                
+
                                                Deleting the /tmp/ccs-log-collector/buffer directory on the host machine
                                                
+
                                                Logs are lost.
                                                
+
                                                None
                                                
                                                 		
 
                                                
                                                 
 
 
                                                Table 4 High-risk operations and solutions
                                                Operation
                                                
+
                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0059.html b/docs/cce/umn/cce_10_0059.html
index 0152de2d1..f9a7b1336 100644
--- a/docs/cce/umn/cce_10_0059.html
+++ b/docs/cce/umn/cce_10_0059.html
@@ -3,84 +3,81 @@
 
                                                Network Policies
                                                Network policies are designed by Kubernetes to restrict pod access. It is equivalent to a firewall at the application layer to enhance network security. The capabilities supported by network policies depend on the capabilities of the network add-ons of the cluster.
                                                
 
                                                By default, if a namespace does not have any policy, pods in the namespace accept traffic from any source and send traffic to any destination.
                                                
-
                                                Network policy rules are classified into the following types:
                                                
+
                                                Network policies are classified into the following types:
                                                
 
                                                • namespaceSelector: selects particular namespaces for which all pods should be allowed as ingress sources or egress destinations.
                                                • podSelector: selects particular pods in the same namespace as the network policy which should be allowed as ingress sources or egress destinations.
                                                • ipBlock: selects particular IP blocks to allow as ingress sources or egress destinations. (Only egress rules support IP blocks.)
                                                
-
                                                Notes and Constraints
                                                • Only clusters that use the tunnel network model support network policies. Network policies are classified into the following types:
                                                  • Ingress: All versions support this type.
                                                  • Egress: Only clusters of v1.23 or later support egress rules.
                                                    Egress rules are supported only in the following OSs:
                                                    
-
-
                                                Table 5 High-risk operations and solutions
                                                Operation
                                                
 
                                                Impact
                                                
+
                                                Impact
                                                
 
                                                Solution
                                                
+
                                                Solution
                                                
 
                                                Remarks
                                                
+
                                                Remarks
                                                
                                                 		
 
                                                
 
                                                Manually unmounting an EVS disk on the console
                                                
+
                                                Manually unmounting an EVS disk on the console
                                                
 
                                                An I/O error is reported when the pod data is being written into the disk.
                                                
+
                                                An I/O error occurs when data is written into a pod.
                                                
 
                                                Delete the mount path from the node and schedule the pod again.
                                                
+
                                                Delete the mount path from the node and schedule the pod again.
                                                
 
                                                The file in the pod records the location where files are to be collected.
                                                
+
                                                The file in the pod records the location where files are to be collected.
                                                
                                                 		
 
                                                Unmounting the disk mount path on the node
                                                
+
                                                Unmounting the disk mount path on the node
                                                
 
                                                Pod data is written into a local disk.
                                                
+
                                                Pod data is written into a local disk.
                                                
 
                                                Remount the corresponding path to the pod.
                                                
+
                                                Remount the corresponding path to the pod.
                                                
 
                                                The buffer contains log cache files to be consumed.
                                                
+
                                                The buffer contains log cache files to be consumed.
                                                
                                                 		
 
                                                Operating EVS disks on the node
                                                
+
                                                Operating EVS disks on the node
                                                
 
                                                Pod data is written into a local disk.
                                                
+
                                                Pod data is written into a local disk.
                                                
 
                                                None
                                                
+
                                                None
                                                
 
                                                None
                                                
+
                                                None
                                                
                                                 		
 
                                                
                                                 
 
                                                OS
                                                
+
                                                Constraints
                                                • Only clusters that use the tunnel network model support network policies. Network policies are classified into the following types:
                                                  • Ingress: All versions support this type.
                                                  • Egress: Only the following OSs and cluster versions support egress rules.
+
                                                    
-
+
-
-
+
-
-
-
-
-
                                                    OS
                                                    
 
                                                    Verified Kernel Version
                                                    
+
                                                    Cluster Version
                                                    
+
                                                    Verified Kernel Version
                                                    
                                                     		
 
                                                    
 
                                                    CentOS
                                                    
+
                                                    EulerOS 2.5
                                                    
 
                                                    3.10.0-1062.18.1.el7.x86_64
                                                    
-
                                                    3.10.0-1127.19.1.el7.x86_64
                                                    
-
                                                    3.10.0-1160.25.1.el7.x86_64
                                                    
-
                                                    3.10.0-1160.76.1.el7.x86_64
                                                    
+
                                                    v1.23 or later
                                                    
+
                                                    3.10.0-862.14.1.5.h591.eulerosv2r7.x86_64
                                                    
+
                                                    3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                    
                                                     		
 
                                                    EulerOS 2.5
                                                    
+
                                                    EulerOS 2.9
                                                    
 
                                                    3.10.0-862.14.1.5.h591.eulerosv2r7.x86_64
                                                    
-
                                                    3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                    
+
                                                    v1.23 or later
                                                    
 
                                                    EulerOS 2.9
                                                    
-
                                                    4.18.0-147.5.1.6.h541.eulerosv2r9.x86_64
                                                    
-
                                                    4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                    
+
                                                    4.18.0-147.5.1.6.h541.eulerosv2r9.x86_64
                                                    
+
                                                    4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                    
                                                     		
 
                                                    
                                                     
 
                                                    
 
                                                    
 
                                                  
-
                                                • Network isolation is not supported for IPv6 addresses.
                                                • If a cluster is upgraded to v1.23 in in-place mode, you cannot use egress rules because the node OS is not upgraded. In this case, reset the node.
                                                
+
                                              • Network isolation is not supported for IPv6 addresses.
                                              • If upgrade to a cluster version that supports egress rules is performed in in-place mode, you cannot use egress rules because the node OS is not upgraded. In this case, reset the node.
                                                • 
 
                                                
-
                                                Using Ingress Rules
                                                • Using podSelector to specify the access scope
                                                  apiVersion: networking.k8s.io/v1
+
                                                  Using Ingress Rules
                                                  • Using podSelector to specify the access scope
                                                    apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: test-network-policy
   namespace: default
 spec:
-  podSelector:                  # The rule takes effect for pods with the role=db label.
+  podSelector:                  # The rule takes effect for pods with the role=db label.
     matchLabels:
       role: db
-  ingress:                      #This is an ingress rule.
+  ingress:                      # This is an ingress rule.
   - from:
-    - podSelector:              #Only traffic from the pods with the "role=frontend" label is allowed.
+    - podSelector:              # Only traffic from the pods with the "role=frontend" label is allowed.
         matchLabels:
           role: frontend
-    ports:                      #Only TCP can be used to access port 6379.
+    ports:                      # Only TCP can be used to access port 6379.
     - protocol: TCP
       port: 6379
                                                    
-
                                                    See the following figure.
                                                    
-
                                                    Figure 1 podSelector
                                                    
+
                                                    The following figure shows how podSelector works.
                                                    
+
                                                    Figure 1 podSelector
                                                    
 
                                                  
-
                                                  • Using namespaceSelector to specify the access scope
                                                    apiVersion: networking.k8s.io/v1
+
                                                    • Using namespaceSelector to specify the access scope
                                                      apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: test-network-policy
 spec:
-  podSelector:                  # The rule takes effect for pods with the role=db label.
+  podSelector:                  # The rule takes effect for pods with the role=db label.
     matchLabels:
       role: db
-  ingress:                      #This is an ingress rule.
+  ingress:                      # This is an ingress rule.
   - from:
     - namespaceSelector:        # Only traffic from the pods in the namespace with the "project=myproject" label is allowed.
         matchLabels:
           project: myproject
-    ports:                      #Only TCP can be used to access port 6379.
+    ports:                      # Only TCP can be used to access port 6379.
     - protocol: TCP
       port: 6379
                                                      
-
                                                      See the following figure.
                                                      
-
                                                      Figure 2 namespaceSelector
                                                      
+
                                                      The following figure shows how namespaceSelector works.
                                                      
+
                                                      Figure 2 namespaceSelector
                                                      
 
                                                    
 
                                                  
 
                                                  Using Egress Rules
                                                  Egress supports not only podSelector and namespaceSelector, but also ipBlock.
                                                  
-
                                                   
                                                  Only clusters of version 1.23 or later support egress rules. Currently, only EulerOS 2.5, EulerOS 2.9, and CentOS 7.7 nodes are supported.
                                                  
+
                                                   
                                                  Only clusters of version 1.23 or later support egress rules. Currently, nodes running EulerOS 2.5, EulerOS 2.9 are supported.
                                                  
 
                                                  
 
                                                  apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -90,7 +87,7 @@ metadata:
 spec:
   policyTypes:                  # Must be specified for an egress rule.
     - Egress
-  podSelector:                  # The rule takes effect for pods with the role=db label.
+  podSelector:                  # The rule takes effect for pods with the role=db label.
     matchLabels:
       role: db
   egress:                       # Egress rule
@@ -98,9 +95,9 @@ spec:
     - ipBlock:
         cidr: 172.16.0.16/16    # Allow access to this CIDR block.
         except:
-        - 172.16.0.40/32        # This CIDR block cannot be accessed. This value must fall within the range specified by cidr.
                                                  
-
                                                  The following figure shows how to use ingress and egress together.
                                                  
-
                                                  Figure 3 ipBlock
                                                  
+        - 172.16.0.40/32        # This CIDR block cannot be accessed. This value must fall within the range specified by cidr.
                                                  
+
                                                  The following figure shows how ipBlock works.
                                                  
+
                                                  Figure 3 ipBlock
                                                  
 
                                                  You can define ingress and egress in the same rule.
                                                  
 
                                                  apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -111,77 +108,79 @@ spec:
   policyTypes:
   - Ingress
   - Egress
-  podSelector:                  # The rule takes effect for pods with the role=db label.
+  podSelector:                  # The rule takes effect for pods with the role=db label.
     matchLabels:
       role: db
-  ingress:                      # Ingress rule
+  ingress:                      # This is an ingress rule.
   - from:
-    - podSelector:              #Only traffic from the pods with the "role=frontend" label is allowed.
+    - podSelector:              # Only traffic from the pods with the "role=frontend" label is allowed.
         matchLabels:
           role: frontend
-    ports:                      #Only TCP can be used to access port 6379.
+    ports:                      # Only TCP can be used to access port 6379.
     - protocol: TCP
       port: 6379
   egress:                       # Egress rule
   - to:
-    - podSelector:              # Only pods with the role=web label can be accessed.
+    - podSelector:              # Only pods with the role=web label can be accessed.
         matchLabels:
           role: web
                                                  
 
                                                  The following figure shows how to use ingress and egress together.
                                                  
-
                                                  Figure 4 Using both ingress and egress
                                                  
+
                                                  Figure 4 Using both ingress and egress
                                                  
 
                                                
-
                                                Creating a Network Policy on the Console
                                                1. Log in to the CCE console and access the cluster console.
                                                2. Choose Networking in the navigation pane, click the Network Policies tab, and click Create Network Policy in the upper right corner.
                                                  • Policy Name: Specify a network policy name.
                                                  • Namespace: Select a namespace in which the network policy is applied.
                                                  • Selector: Enter a label, select the pod to be associated, and click Add. You can also click Reference Workload Label to reference the label of an existing workload.
                                                  • Inbound Rule: Click  to add an inbound rule. For details about parameter settings, see Table 1.
                                                    
-
                                                    
-
                                                    Table 1 Adding an inbound rule
                                                    Parameter
                                                    
+
                                                    Creating a Network Policy on the Console
                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                    2. Choose Networking in the navigation pane, click the Network Policies tab, and click Create Network Policy in the upper right corner.
                                                      • Policy Name: Specify a network policy name.
                                                      • Namespace: Select a namespace in which the network policy is applied.
                                                      • Selector: Enter a label, select the pod to be associated, and click Add. You can also click Reference Workload Label to reference the label of an existing workload.
                                                      • Inbound Rule: Click  to add an inbound rule. For details about parameter settings, see Table 1.
                                                        
+
                                                        
+
                                                        
+
                                                        
-
-
-
-
-
-
-
                                                        Table 1 Adding an inbound rule
                                                        Parameter
                                                        
 
                                                        Description
                                                        
+
                                                        Description
                                                        
                                                         		
 
                                                        
 
                                                        Protocol & Port
                                                        
+
                                                        Protocol & Port
                                                        
 
                                                        Select the protocol type and port. Currently, TCP and UDP are supported.
                                                        
+
                                                        Select the protocol type and port. Currently, TCP and UDP are supported.
                                                        
                                                         		
 
                                                        Source Namespace
                                                        
+
                                                        Source Namespace
                                                        
 
                                                        Select a namespace whose objects can be accessed. If this parameter is not specified, the object belongs to the same namespace as the current policy.
                                                        
+
                                                        Select a namespace whose objects can be accessed. If this parameter is not specified, the object belongs to the same namespace as the current policy.
                                                        
                                                         		
 
                                                        Source Pod Label
                                                        
+
                                                        Source Pod Label
                                                        
 
                                                        Allow accessing the pods with this label. If this parameter is not specified, all pods in the namespace can be accessed.
                                                        
+
                                                        Allow accessing the pods with this label. If this parameter is not specified, all pods in the namespace can be accessed.
                                                        
                                                         		
 
                                                        
                                                         
 
                                                        
 
                                                        
 
                                                        
-
                                                      • Outbound Rule: Click  to add an outbound rule. For details about parameter settings, see Table 1.
                                                        
-
                                                        Table 2 Adding an outbound rule
                                                        Parameter
                                                        
+
                                                      • Outbound Rule: Click  to add an outbound rule. For details about parameter settings, see Table 1.
                                                        
+
                                                        
+
                                                        
-
-
-
-
-
-
-
-
-
@@ -194,7 +193,7 @@ spec:
 
                                                        
 
                                                        
-
                                                        Parent topic: Networking
                                                        
+
                                                        Parent topic: Container Tunnel Network Settings
                                                        
 
                                                        
 
                                                        
 
diff --git a/docs/cce/umn/cce_10_0063.html b/docs/cce/umn/cce_10_0063.html
index cc6e8c601..da57878cc 100644
--- a/docs/cce/umn/cce_10_0063.html
+++ b/docs/cce/umn/cce_10_0063.html
@@ -4,18 +4,18 @@
 
                                                        Scenario
                                                        After a node scaling policy is created, you can delete, edit, disable, enable, or clone the policy.
                                                        
 
                                                        
 
                                                        Viewing a Node Scaling Policy
                                                        You can view the associated node pool, rules, and scaling history of a node scaling policy and rectify faults according to the error information displayed.
                                                        
-
                                                        1. Log in to the CCE console and access the cluster console.
                                                        2. Choose Node Scaling in the navigation pane and click  in front of the policy to be viewed.
                                                        3. In the expanded area, the Associated Node Pools, Rules, and Scaling History tab pages are displayed. If the policy is abnormal, locate and rectify the fault based on the error information.
                                                           
                                                          You can also disable or enable auto scaling on the Node Pools page.
                                                          
-
                                                          1. Log in to the CCE console and access the cluster console.
                                                          2. In the navigation pane, choose Nodes and switch to the Node Pools tab page.
                                                          3. Click Edit of the node pool to be operated. In the Edit Node Pool dialog box that is displayed, set the limits of the number of nodes.
                                                          
+
                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                          2. Choose Node Scaling in the navigation pane and click  in front of the policy to be viewed.
                                                          3. In the expanded area, the Associated Node Pools, Rules, and Scaling History tab pages are displayed. If the policy is abnormal, locate and rectify the fault based on the error information.
                                                             
                                                            You can also disable or enable auto scaling on the Node Pools page.
                                                            
+
                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                            2. In the navigation pane, choose Nodes and switch to the Node Pools tab.
                                                            3. Locate the row containing the target node pool and click Update Node Pool. In the window that slides out from the right, enable Auto Scaling, and configure Max. Nodes, Min. Nodes, and Cooldown Period.
                                                            
 
                                                            
 
                                                          
 
                                                          
-
                                                          Deleting a Node Scaling Policy
                                                          1. Log in to the CCE console and access the cluster console.
                                                          2. Choose Node Scaling in the navigation pane and choose More > Delete next to the policy to be deleted.
                                                          3. In the Delete Node Scaling Policy dialog box displayed, confirm whether to delete the policy.
                                                          4. Click Yes to delete the policy.
                                                          
+
                                                          Deleting a Node Scaling Policy
                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                          2. Choose Node Scaling in the navigation pane and choose More > Delete next to the policy to be deleted.
                                                          3. In the Delete Node Scaling Policy dialog box displayed, confirm whether to delete the policy.
                                                          4. Click Yes to delete the policy.
                                                          
 
                                                          
-
                                                          Editing a Node Scaling Policy
                                                          1. Log in to the CCE console and access the cluster console.
                                                          2. Choose Node Scaling in the navigation pane and click Edit in the Operation column of the policy to be edited.
                                                          3. On the Edit Node Scaling Policy page displayed, modify policy parameter values listed in Table 1.
                                                          4. After the configuration is complete, click OK.
                                                          
+
                                                          Editing a Node Scaling Policy
                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                          2. Choose Node Scaling in the navigation pane and click Edit in the Operation column of the policy to be edited.
                                                          3. On the Edit Node Scaling Policy page displayed, modify policy parameter values listed in Table 1.
                                                          4. After the configuration is complete, click OK.
                                                          
 
                                                          
-
                                                          Cloning a Node Scaling Policy
                                                          1. Log in to the CCE console and access the cluster console.
                                                          2. Choose Node Scaling in the navigation pane and choose More > Clone next to the policy to be cloned.
                                                          3. On the Clone Node Scaling Policy page displayed, certain parameters have been cloned. Add or modify other policy parameters based on service requirements.
                                                          4. Click OK.
                                                          
+
                                                          Cloning a Node Scaling Policy
                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                          2. Choose Node Scaling in the navigation pane and choose More > Clone next to the policy to be cloned.
                                                          3. On the Clone Node Scaling Policy page displayed, certain parameters have been cloned. Add or modify other policy parameters based on service requirements.
                                                          4. Click OK.
                                                          
 
                                                          
-
                                                          Enabling or Disabling a Node Scaling Policy
                                                          1. Log in to the CCE console and access the cluster console.
                                                          2. Choose Node Scaling in the navigation pane and click Disable in the Operation column of the policy to be disabled. If the policy is in the disabled state, click Enable in the Operation column of the policy.
                                                          3. In the dialog box displayed, confirm whether to disable or enable the node policy.
                                                          
+
                                                          Enabling or Disabling a Node Scaling Policy
                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                          2. Choose Node Scaling in the navigation pane and click Disable in the Operation column of the policy to be disabled. If the policy is in the disabled state, click Enable in the Operation column of the policy.
                                                          3. In the dialog box displayed, confirm whether to disable or enable the node policy.
                                                          
 
                                                          
 
                                                          
 
                                                          
diff --git a/docs/cce/umn/cce_10_0064.html b/docs/cce/umn/cce_10_0064.html
index 4b6a94282..53adff19e 100644
--- a/docs/cce/umn/cce_10_0064.html
+++ b/docs/cce/umn/cce_10_0064.html
@@ -6,11 +6,9 @@
 
 
                                                          
 
diff --git a/docs/cce/umn/cce_10_0066.html b/docs/cce/umn/cce_10_0066.html
index 6c31dbac9..fd2bfbbb1 100644
--- a/docs/cce/umn/cce_10_0066.html
+++ b/docs/cce/umn/cce_10_0066.html
@@ -1,27 +1,258 @@
 
 
-
                                                          everest (System Resource Add-On, Mandatory)
                                                          
-
                                                          Introduction
                                                          Everest is a cloud native container storage system. Based on the Container Storage Interface (CSI), clusters of Kubernetes v1.15.6 or later obtain access to cloud storage services.
                                                          
+
                                                          everest (System Resource Add-on, Mandatory)
                                                          
+
                                                          Introduction
                                                          everest is a cloud native container storage system, which enables clusters of Kubernetes v1.15.6 or later to access cloud storage services through the Container Storage Interface.
                                                          
 
                                                          everest is a system resource add-on. It is installed by default when a cluster of Kubernetes v1.15 or later is created.
                                                          
 
                                                          
-
                                                          Notes and Constraints
                                                          • If your cluster is upgraded from v1.13 to v1.15, storage-driver is replaced by everest (v1.1.6 or later) for container storage. The takeover does not affect the original storage functions.
                                                          • In version 1.2.0 of the everest add-on, key authentication is optimized when OBS is used. After the everest add-on is upgraded from a version earlier than 1.2.0, you need to restart all workloads that use OBS in the cluster. Otherwise, workloads may not be able to use OBS.
                                                          • By default, this add-on is installed in clusters of v1.15 and later. For clusters of v1.13 and earlier, the storage-driver add-on is installed by default.
                                                          
+
                                                          Constraints
                                                          • If your cluster is upgraded from v1.13 to v1.15, storage-driver is replaced by everest (v1.1.6 or later) for container storage. The takeover does not affect the original storage functions.
                                                          • In version 1.2.0 of the everest add-on, key authentication is optimized when OBS is used. After the everest add-on is upgraded from a version earlier than 1.2.0, restart all workloads that use OBS in the cluster. Otherwise, workloads may not be able to use OBS.
                                                          • By default, this add-on is installed in clusters of v1.15 and later. For clusters of v1.13 and earlier, the storage-driver add-on is installed by default.
                                                          
 
                                                          
 
                                                          Installing the Add-on
                                                          This add-on has been installed by default. If it is uninstalled due to some reasons, you can reinstall it by performing the following steps:
                                                          
-
                                                          1. Log in to the CCE console and access the cluster console. Choose Add-ons in the navigation pane, locate everest on the right, and click Install.
                                                          2. Select Standalone, HA, or Custom for Add-on Specifications.
                                                            The everest add-on contains the following containers. You can adjust the specifications as required.
                                                            • everest-csi-controller: A Deployment workload. This container is responsible for creating, deleting, snapshotting, expanding, attaching, and detaching volumes. If the cluster version is 1.19 or later and the add-on version is 1.2.x, the pod of the everest-csi-driver component also has an everest-localvolume-manager container by default. This container manages the creation of LVM storage pools and local PVs on the node.
                                                               
                                                              If you select Custom, the recommended everest-csi-controller memory configuration is as follows:
                                                              • If the number of pods and PVCs is less than 2000, set the memory upper limit to 600 MiB.
                                                              • If the number of pods and PVCs is less than 5000, set the memory upper limit to 1 GiB.
                                                              
-
                                                              
-
                                                              
-
                                                            • everest-csi-driver: A DaemonSet workload. This container is responsible for mounting and unmounting PVs and resizing file systems. If the add-on version is 1.2.x and the region where the cluster is located supports node-attacher, the pod of the everest-csi-driver component also contains an everest-node-attacher container. This container is responsible for distributed EVS attaching. This configuration item is available in some regions.
                                                               
                                                              If you select Custom, it is recommended that the everest-csi-driver memory limit be greater than or equal to 300 MiB. If the value is too small, the add-on container cannot be started and the add-on is unavailable.
                                                              
-
                                                              
+
                                                              1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate everest on the right, and click Install.
                                                              2. On the Install Add-on page, configure the specifications.
                                                                
+
                                                        Table 2 Adding an outbound rule
                                                        Parameter
                                                        
 
                                                        Description
                                                        
+
                                                        Description
                                                        
                                                         		
 
                                                        
 
                                                        Protocol & Port
                                                        
+
                                                        Protocol & Port
                                                        
 
                                                        Select the protocol type and port. Currently, TCP and UDP are supported. If this parameter is not specified, the protocol type is not limited.
                                                        
+
                                                        Select the protocol type and port. Currently, TCP and UDP are supported. If this parameter is not specified, the protocol type is not limited.
                                                        
                                                         		
 
                                                        Destination CIDR Block
                                                        
+
                                                        Destination CIDR Block
                                                        
 
                                                        Allows requests to be routed to a specified CIDR block (and not to the exception CIDR blocks). Separate the destination and exception CIDR blocks by vertical bars (|), and separate multiple exception CIDR blocks by commas (,). For example, 172.17.0.0/16|172.17.1.0/24,172.17.2.0/24 indicates that 172.17.0.0/16 is accessible, but not for 172.17.1.0/24 or 172.17.2.0/24.
                                                        
+
                                                        Allows requests to be routed to a specified CIDR block (and not to the exception CIDR blocks). Separate the destination and exception CIDR blocks by vertical bars (|), and separate multiple exception CIDR blocks by commas (,). For example, 172.17.0.0/16|172.17.1.0/24,172.17.2.0/24 indicates that 172.17.0.0/16 is accessible, but not for 172.17.1.0/24 or 172.17.2.0/24.
                                                        
                                                         		
 
                                                        Destination Namespace
                                                        
+
                                                        Destination Namespace
                                                        
 
                                                        Select a namespace whose objects can be accessed. If this parameter is not specified, the object belongs to the same namespace as the current policy.
                                                        
+
                                                        Select a namespace whose objects can be accessed. If this parameter is not specified, the object belongs to the same namespace as the current policy.
                                                        
                                                         		
 
                                                        Destination Pod Label
                                                        
+
                                                        Destination Pod Label
                                                        
 
                                                        Allow accessing the pods with this label. If this parameter is not specified, all pods in the namespace can be accessed.
                                                        
+
                                                        Allow accessing the pods with this label. If this parameter is not specified, all pods in the namespace can be accessed.
                                                        
                                                         		
 
                                                        
                                                         
 
                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                        Table 1 Add-on configuration
                                                        Parameter
                                                        
+
                                                        Description
                                                        
+
                                                        Add-on Specifications
                                                        
+
                                                        Select Single, Custom, or HA for Add-on Specifications.
                                                        
+
                                                        Pods
                                                        
+
                                                        Number of pods that will be created to match the selected add-on specifications.
                                                        
+
                                                        If you select Custom, you can adjust the number of pods as required.
                                                        
+
                                                        Multi-AZ
                                                        
+
                                                        • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ.
                                                        • Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.
                                                        
+
                                                        Containers
                                                        
+
                                                        The everest add-on contains the everest-csi-controller and everest-csi-driver components. For details, see Components.
                                                        
+
                                                        If you select Custom, you can adjust the component specifications as required. The CPU and memory request values can be increased based on the number of nodes and PVCs. For details, see Table 2.
                                                        
+
                                                        In non-typical scenarios, the formulas for estimating the limit values are as follows:
                                                        
+
                                                        • everest-csi-controller
                                                          • CPU limit: 250m for 200 or fewer nodes, 350m for 1000 nodes, and 500m for 2000 nodes
                                                          • Memory limit = (200 MiB + Number of nodes x 1 MiB + Number of PVCs x 0.2 MiB) x 1.2
                                                          
+
                                                        • everest-csi-driver
                                                          • CPU limit: 300 m for 200 or fewer nodes, 500 m for 1000 nodes, and 800 m for 2000 nodes
                                                          • Memory limit: 300 MiB for 200 or fewer nodes, 600 MiB for 1000 nodes, and 900 MiB for 2000 nodes
                                                          
 
                                                        
+
                                                        
 
                                                        
-
                                                      • Whether to deploy the add-on instance across multiple AZs.
                                                        • Preferred: Deployment pods of the add-on are preferentially scheduled to nodes in different AZs. If the nodes in the cluster do not meet the requirements of multiple AZs, the pods are scheduled to a single AZ.
                                                        • Required: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. If the nodes in the cluster do not meet the requirements of multiple AZs, not all pods can run.
                                                        
-
                                                      • Set related parameters.
                                                        In everest 1.2.26 or later, the performance of attaching a large number of EVS volumes is optimized. The following three parameters are provided:
                                                        • csi_attacher_worker_threads: number of workers that can concurrently mount EVS volumes. The default value is 60.
                                                        • csi_attacher_detach_worker_threads: number of workers that can concurrently unmount EVS volumes. The default value is 60.
                                                        • volume_attaching_flow_ctrl: maximum number of EVS volumes that can be mounted by the everest add-on within one minute. The default value is 0, indicating that the EVS volume mounting performance is determined by the underlying storage resources.
                                                        
+
+
                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                        Table 2 Recommended configuration limits in typical scenarios
                                                        Configuration Scenario
                                                        
+
                                                        everest-csi-controller
                                                        
+
                                                        everest-csi-driver
                                                        
+
                                                        Nodes
                                                        
+
                                                        PVs/PVCs
                                                        
+
                                                        Add-on Instances
                                                        
+
                                                        CPU (The limit value is the same as the requested value.)
                                                        
+
                                                        Memory (The limit value is the same as the requested value.)
                                                        
+
                                                        CPU (The limit value is the same as the requested value.)
                                                        
+
                                                        Memory (The limit value is the same as the requested value.)
                                                        
+
                                                        50
                                                        
+
                                                        1000
                                                        
+
                                                        2
                                                        
+
                                                        250 m
                                                        
+
                                                        600 MiB
                                                        
+
                                                        300 m
                                                        
+
                                                        300 MiB
                                                        
+
                                                        200
                                                        
+
                                                        1000
                                                        
+
                                                        2
                                                        
+
                                                        250 m
                                                        
+
                                                        1 GiB
                                                        
+
                                                        300 m
                                                        
+
                                                        300 MiB
                                                        
+
                                                        1000
                                                        
+
                                                        1000
                                                        
+
                                                        2
                                                        
+
                                                        350 m
                                                        
+
                                                        2 GiB
                                                        
+
                                                        500 m
                                                        
+
                                                        600 MiB
                                                        
+
                                                        1000
                                                        
+
                                                        5000
                                                        
+
                                                        2
                                                        
+
                                                        450 m
                                                        
+
                                                        3 GiB
                                                        
+
                                                        500 m
                                                        
+
                                                        600 MiB
                                                        
+
                                                        2000
                                                        
+
                                                        5000
                                                        
+
                                                        2
                                                        
+
                                                        550 m
                                                        
+
                                                        4 GiB
                                                        
+
                                                        800 m
                                                        
+
                                                        900 MiB
                                                        
+
                                                        2000
                                                        
+
                                                        10,000
                                                        
+
                                                        2
                                                        
+
                                                        650 m
                                                        
+
                                                        5 GiB
                                                        
+
                                                        800 m
                                                        
+
                                                        900 MiB
                                                        
+
                                                        
 
                                                        
-
                                                        The preceding three parameters are associated with each other and are constrained by the underlying storage resources in the region where the cluster is located. If you want to mount a large number of volumes (more than 500 EVS volumes per minute), you can contact the customer service personnel and configure the parameters under their guidance to prevent the everest add-on from running abnormally due to improper parameter settings.
                                                        
-
                                                        Other parameters
                                                        • cluster_id: cluster ID
                                                        • default_vpc_id: ID of the VPC to which the data warehouse cluster belongs
                                                        • disable_auto_mount_secret: indicates whether the default AK/SK can be used when an object bucket or parallel file system is mounted. The default value is false.
                                                        • enable_node_attacher: indicates whether to enable the attacher on the agent to process the VolumeAttachment.
                                                        • flow_control: This parameter is left blank by default.
                                                        • over_subscription: overcommitment ratio of the local storage pool (local_storage). The default value is 80. If the size of the local storage pool is 100 GB, you can overcommit 180 GB.
                                                        • project_id: ID of the project to which the cluster belongs.
                                                        
+
                                                      • Configure the add-on parameters.
                                                        
+
                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                        Table 3 Add-on parameters
                                                        Parameter
                                                        
+
                                                        Description
                                                        
+
                                                        csi_attacher_worker_threads
                                                        
+
                                                        Number of worker nodes that can concurrently attach EVS volumes. The default value is 60.
                                                        
+
                                                        csi_attacher_detach_worker_threads
                                                        
+
                                                        Number of worker nodes that can concurrently detach EVS volumes. The default value is 60.
                                                        
+
                                                        volume_attaching_flow_ctrl
                                                        
+
                                                        Maximum number of EVS volumes that can be attached by the everest add-on within 1 minute. The default value is 0, indicating that the performance of attaching EVS volumes is determined by the underlying storage resources.
                                                        
+
                                                        cluster_id
                                                        
+
                                                        Cluster ID
                                                        
+
                                                        default_vpc_id
                                                        
+
                                                        ID of the VPC to which the cluster belongs
                                                        
+
                                                        disable_auto_mount_secret
                                                        
+
                                                        Whether the default AK/SK can be used when an object bucket or parallel file system is mounted. The default value is false.
                                                        
+
                                                        enable_node_attacher
                                                        
+
                                                        Whether to enable the attacher on the agent to process the VolumeAttachment.
                                                        
+
                                                        flow_control
                                                        
+
                                                        This field is left blank by default. You do not need to configure this parameter.
                                                        
+
                                                        over_subscription
                                                        
+
                                                        Overcommitment ratio of the local storage pool (local_storage). The default value is 80. If the size of the local storage pool is 100 GB, it can be overcommitted to 180 GB.
                                                        
+
                                                        project_id
                                                        
+
                                                        ID of the project to which a cluster belongs
                                                        
+
                                                        
 
                                                        
+
                                                         
                                                        In everest 1.2.26 or later, the performance of attaching a large number of EVS volumes has been optimized. The following parameters can be configured:
                                                        • csi_attacher_worker_threads
                                                        • csi_attacher_detach_worker_threads
                                                        • volume_attaching_flow_ctrl
                                                        
+
                                                        
+
                                                        The preceding parameters are associated with each other and are constrained by the underlying storage resources in the region where the cluster is located. To attach a large number of volumes (more than 500 EVS volumes per minute), contact customer service and configure the parameters under their guidance to prevent the everest add-on from running abnormally due to improper parameter settings.
                                                        
+
                                                        
 
                                                      • Click Install.
                                                        • 
 
+
                                                        Components
                                                        
+
                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                        Table 4 everest components
                                                        Container Component
                                                        
+
                                                        Description
                                                        
+
                                                        Resource Type
                                                        
+
                                                        everest-csi-controller
                                                        
+
                                                        Used to create, delete, snapshot, expand, attach, and detach storage volumes. If the cluster version is 1.19 or later and the add-on version is 1.2.x, the pod of the everest-csi-controller component also has an everest-localvolume-manager container by default. This container manages the creation of LVM storage pools and local PVs on the node.
                                                        
+
                                                        Deployment
                                                        
+
                                                        everest-csi-driver
                                                        
+
                                                        Used to mount and unmount PVs and resize file systems. If the add-on version is 1.2.x and the region where the cluster is located supports node-attacher, the pod of the everest-csi-driver component also contains an everest-node-attacher container. This container is responsible for distributed EVS attaching. This configuration item is available in some regions.
                                                        
+
                                                        DaemonSet
                                                        
+
                                                        
+
                                                        
+
                                                        
 
 
                                                        
 
                                                        
diff --git a/docs/cce/umn/cce_10_0068.html b/docs/cce/umn/cce_10_0068.html
index e893604b0..9754a3d25 100644
--- a/docs/cce/umn/cce_10_0068.html
+++ b/docs/cce/umn/cce_10_0068.html
@@ -1,18 +1,18 @@
 
 
-
                                                        Release Notes
                                                        
+
                                                        Kubernetes Release Notes
                                                        
 
                                                        
 
                                                        
 
 
diff --git a/docs/cce/umn/cce_10_0081.html b/docs/cce/umn/cce_10_0081.html
index 2fec523eb..cbd059900 100644
--- a/docs/cce/umn/cce_10_0081.html
+++ b/docs/cce/umn/cce_10_0081.html
@@ -8,13 +8,13 @@
 
                                                        This section describes how node pools work in CCE and how to create and manage node pools.
                                                        
 
                                                        
 
                                                        Node Pool Architecture
                                                        Generally, all nodes in a node pool have the following same attributes:
                                                        
-
                                                        • Node OS
                                                        • Node specifications
                                                        • Node login mode.
                                                        • Node runtime.
                                                        • Startup parameters of Kubernetes components on a node
                                                        • User-defined startup script of a node
                                                        • K8s Labels and Taints
                                                        
+
                                                        • Node OS
                                                        • Node specifications
                                                        • Node login mode
                                                        • Node container runtime
                                                        • Startup parameters of Kubernetes components on a node
                                                        • User-defined startup script of a node
                                                        • Kubernetes Labels and Taints
                                                        
 
                                                        CCE provides the following extended attributes for node pools:
                                                        
 
                                                        • Node pool OS
                                                        • Maximum number of pods on each node in a node pool
                                                        
 
                                                        
-
                                                        Description of DefaultPool
                                                        DefaultPool is not a real node pool. It only classifies nodes that are not in the user-created node pools. These nodes are directly created on the console or by calling APIs. DefaultPool does not support any user-created node pool functions, including scaling and parameter configuration. DefaultPool cannot be edited, deleted, expanded, or auto scaled, and nodes in it cannot be migrated.
                                                        
+
                                                        Description of DefaultPool
                                                        DefaultPool is not a real node pool. It only classifies nodes that are not in the user-created node pools. These nodes are directly created on the console or by calling APIs. DefaultPool does not support any user-created node pool functions, including scaling and parameter configuration. DefaultPool cannot be edited, deleted, expanded, or auto scaled, and nodes in it cannot be migrated.
                                                        
 
                                                        
-
                                                        Applicable Scenarios
                                                        When a large-scale cluster is required, you are advised to use node pools to manage nodes.
                                                        
+
                                                        Application Scenarios
                                                        When a large-scale cluster is required, you are advised to use node pools to manage nodes.
                                                        
 
                                                        The following table describes multiple scenarios of large-scale cluster management and the functions of node pools in each scenario.
                                                        
 
 
                                                        
-
@@ -60,7 +60,7 @@
 
-
@@ -76,7 +76,7 @@
 
-
-
@@ -104,7 +104,7 @@
 
-
                                                        Table 1 Using node pools for different management scenarios
                                                        Scenario
                                                        
@@ -47,7 +47,7 @@
                                                         		
 
                                                        Description
                                                        
 
                                                        Notes
                                                        
+
                                                        Precaution
                                                        
                                                         		
 
                                                        
                                                         
 
                                                        Deleting a node pool
                                                        
 
                                                        Deleting a node pool will delete nodes in the pool. Pods on these nodes will be automatically migrated to available nodes in other node pools.
                                                        
+
                                                        When a node pool is deleted, the nodes in the node pool are deleted first. Workloads on the original nodes are automatically migrated to available nodes in other node pools.
                                                        
                                                         		
 
                                                        If pods in the node pool have a specific node selector and none of the other nodes in the cluster satisfies the node selector, the pods will become unschedulable.
                                                        
                                                         		
 
                                                        After auto scaling is disabled, the number of nodes in a node pool will not automatically change with the cluster loads.
                                                        
 
                                                        /
                                                        
+
                                                        None
                                                        
                                                         		
 
                                                        
 
                                                        Adjusting the size of a node pool
                                                        
@@ -88,7 +88,7 @@
 
                                                        
 
                                                        Changing node pool configurations
                                                        
 
                                                        You can modify the node pool name, node quantity, Kubernetes labels (and their quantity), and taints.
                                                        
+
                                                        You can modify the node pool name, node quantity, Kubernetes labels (and their quantity), and taints and adjust the disk, OS, and container engine configurations of the node pool.
                                                        
                                                         		
 
                                                        The deleted or added Kubernetes labels and taints (as well as their quantity) will apply to all nodes in the node pool, which may cause pod re-scheduling. Therefore, exercise caution when performing this operation.
                                                        
                                                         		
 
                                                        You can copy the configuration of an existing node pool to create a new node pool.
                                                        
 
                                                        /
                                                        
+
                                                        None
                                                        
                                                         		
 
                                                        
 
                                                        Setting Kubernetes parameters
                                                        
@@ -119,7 +119,7 @@
 
 
 
                                                        Deploying a Workload in a Specified Node Pool
                                                        When creating a workload, you can constrain pods to run in a specified node pool.
                                                        
-
                                                        For example, on the CCE console, you can set the affinity between the workload and the node on the Scheduling Policies tab page on the workload details page to forcibly deploy the workload to a specific node pool. In this way, the workload runs only on nodes in the node pool. If you need to better control where the workload is to be scheduled, you can use affinity or anti-affinity policies between workloads and nodes described in Scheduling Policy (Affinity/Anti-affinity).
                                                        
+
                                                        For example, on the CCE console, you can set the affinity between the workload and the node on the Scheduling Policies tab page on the workload details page to forcibly deploy the workload to a specific node pool. In this way, the workload runs only on nodes in the node pool. To better control where the workload is to be scheduled, you can use affinity or anti-affinity policies between workloads and nodes described in Scheduling Policy (Affinity/Anti-affinity).
                                                        
 
                                                        For example, you can use container's resource request as a nodeSelector so that workloads will run only on the nodes that meet the resource request.
                                                        
 
                                                        If the workload definition file defines a container that requires four CPUs, the scheduler will not choose the nodes with two CPUs to run workloads.
                                                        
 
                                                        
diff --git a/docs/cce/umn/cce_10_0083.html b/docs/cce/umn/cce_10_0083.html
index 68cd86163..b4f2b6190 100644
--- a/docs/cce/umn/cce_10_0083.html
+++ b/docs/cce/umn/cce_10_0083.html
@@ -4,8 +4,8 @@
 
                                                        Scenario
                                                        After an HPA policy is created, you can update, clone, edit, and delete the policy, as well as edit the YAML file.
                                                        
 
                                                        
 
                                                        Checking an HPA Policy
                                                        You can view the rules, status, and events of an HPA policy and handle exceptions based on the error information displayed.
                                                        
-
                                                        1. Log in to the CCE console and access the cluster console.
                                                        2. In the navigation pane, choose Workload Scaling. On the HPA Policies tab page, click  next to the target HPA policy.
                                                        3. In the expanded area, you can view the Rules, Status, and Events tab pages. If the policy is abnormal, locate and rectify the fault based on the error information.
                                                           
                                                          You can also view the created HPA policy on the workload details page.
                                                          
-
                                                          1. Log in to the CCE console and access the cluster console.
                                                          2. In the navigation pane, choose Workloads. Click the workload name to view its details.
                                                          3. On the workload details page, swich to the Auto Scaling tab page to view the HPA policies. You can also view the scaling policies you configured in Workload Scaling.
                                                          
+
                                                          1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                          2. In the navigation pane, choose Policies. On the HPA Policies tab page, click  next to the target HPA policy.
                                                          3. In the expanded area, view the Rule and Status tabs. Click View Events in the Operation column. If the policy malfunctions, locate and rectify the fault based on the error message displayed on the page.
                                                             
                                                            You can also view the created HPA policy on the workload details page.
                                                            
+
                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                            2. In the navigation pane, choose Workloads. Click the workload name to view its details.
                                                            3. On the workload details page, click the Auto Scaling tab to view the HPA policies. You can also view the scaling policies you configured in the Workload Scaling page.
                                                            
 
                                                            
 
 
                                                            
@@ -115,7 +115,7 @@
 
@@ -132,7 +132,7 @@
 
-
@@ -171,19 +171,19 @@ spec:
       containers:
       - image: nginx 
         command:
-        - sleep 3600 #Startup command
+        - sleep 3600 # Startup command
         imagePullPolicy: Always
         lifecycle:
           postStart:            exec:              command:              - /bin/bash
-              - install.sh #Post-start command
+              - install.sh # Post-start command          preStop:            exec:              command:              - /bin/bash
-              - uninstall.sh     #Pre-stop command
+              - uninstall.sh     # Pre-stop command
         name: nginx
       imagePullSecrets:
       - name: default-secret
diff --git a/docs/cce/umn/cce_10_0107.html b/docs/cce/umn/cce_10_0107.html
index b99f471bd..322b0a2b8 100644
--- a/docs/cce/umn/cce_10_0107.html
+++ b/docs/cce/umn/cce_10_0107.html
@@ -1,29 +1,29 @@
 
                                                            Connecting to a Cluster Using kubectl
                                                            
-
                                                            Scenario
                                                            This section uses a CCE cluster as an example to describe how to connect to a CCE cluster using kubectl.
                                                            
+
                                                            Scenario
                                                            This section uses a CCE cluster as an example to describe how to connect to a CCE cluster using kubectl.
                                                            
 
                                                            
-
                                                            Permission Description
                                                            When you access a cluster using kubectl, CCE uses the kubeconfig.json file generated on the cluster for authentication. This file contains user information, based on which CCE determines which Kubernetes resources can be accessed by kubectl. The permissions recorded in a kubeconfig.json file vary from user to user.
                                                            
+
                                                            Permissions
                                                            When you access a cluster using kubectl, CCE uses kubeconfig.json generated on the cluster for authentication. This file contains user information, based on which CCE determines which Kubernetes resources can be accessed by kubectl. The permissions recorded in a kubeconfig.json file vary from user to user.
                                                            
 
                                                            For details about user permissions, see Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based).
                                                            
 
                                                            
-
                                                            Using kubectl
                                                            To connect to a Kubernetes cluster from a PC, you can use kubectl, a Kubernetes command line tool. You can log in to the CCE console, click the name of the cluster to be connected, and view the access address and kubectl connection procedure on the cluster details page.
                                                            
-
                                                            CCE allows you to access a cluster through a VPC network or a public network.
                                                            • Intra-VPC access: The client that accesses the cluster must be in the same VPC as the cluster.
                                                            • Public access:The client that accesses the cluster must be able to access public networks and the cluster has been bound with a public network IP.
                                                               
                                                              To bind a public IP (EIP) to the cluster, go to the cluster details page and click Bind next to EIP in the Connection Information pane. In a cluster with an EIP bound, kube-apiserver will be exposed to public networks and may be attacked. You are advised to configure Advanced Anti-DDoS (AAD) for the EIP of the node where kube-apiserver resides.
                                                              
+
                                                              Using kubectl
                                                              To connect to a Kubernetes cluster from a PC, you can use kubectl, a Kubernetes command line tool. You can log in to the CCE console, click the name of the cluster to be connected, and view the access address and kubectl connection procedure on the cluster details page.
                                                              
+
                                                              CCE allows you to access a cluster through a private network or a public network.
                                                              • Intranet access: The client that accesses the cluster must be in the same VPC as the cluster.
                                                              • Public access: The client that accesses the cluster must be able to access public networks and the cluster has been bound with a public network IP.
                                                                 
                                                                To bind a public IP (EIP) to the cluster, go to the cluster details page and click Bind next to EIP in the Connection Information pane. In a cluster with an EIP bound, kube-apiserver will be exposed to public networks and may be attacked. You are advised to configure Advanced Anti-DDoS (AAD) for the EIP of the node where kube-apiserver resides.
                                                                
 
                                                                
 
                                                              
 
                                                              
 
                                                              Download kubectl and the configuration file. Copy the file to your client, and configure kubectl. After the configuration is complete, you can access your Kubernetes clusters. Procedure:
                                                              
-
                                                              1. Download kubectl.
                                                                Prepare a computer that can access the public network and install kubectl in CLI mode. You can run the kubectl version command to check whether kubectl has been installed. If kubectl has been installed, skip this step.
                                                                
+
                                                                1. Download kubectl.
                                                                  Prepare a computer that can access the public network and install kubectl in CLI mode. You can run the kubectl version command to check whether kubectl has been installed. If kubectl has been installed, skip this step.
                                                                  
 
                                                                  This section uses the Linux environment as an example to describe how to install and configure kubectl. For details, see Installing kubectl.
                                                                  
 
                                                                  1. Log in to your client and download kubectl.
                                                                    cd /home
 curl -LO https://dl.k8s.io/release/{v1.25.0}/bin/linux/amd64/kubectl
                                                                    
-
                                                                    {v1.25.0} specifies the version number. Replace it as required.
                                                                    
+
                                                                    {v1.25.0} specifies the version number. Replace it as required.
                                                                    
 
                                                                  2. Install kubectl.
                                                                    chmod +x kubectl
 mv -f kubectl /usr/local/bin
                                                                    
 
                                                                  
-
                                                                2. Obtain the kubectl configuration file (kubeconfig).
                                                                  On the Connection Information pane on the cluster details page, click Learn more next to kubectl. On the window displayed, download the configuration file.
                                                                  
-
                                                                   
                                                                  • The kubectl configuration file kubeconfig.json is used for cluster authentication. If the file is leaked, your clusters may be attacked.
                                                                  • By default, two-way authentication is disabled for domain names in the current cluster. You can run the kubectl config use-context externalTLSVerify command to enable two-way authentication. For details, see Two-Way Authentication for Domain Names. For a cluster that has been bound to an EIP, if the authentication fails (x509: certificate is valid) when two-way authentication is used, you need to bind the EIP again and download kubeconfig.json again.
                                                                  • The Kubernetes permissions assigned by the configuration file downloaded by IAM users are the same as those assigned to the IAM users on the CCE console.
                                                                  • If the KUBECONFIG environment variable is configured in the Linux OS, kubectl preferentially loads the KUBECONFIG environment variable instead of $home/.kube/config.
                                                                  
+
                                                                3. Obtain the kubectl configuration file (kubeconfig).
                                                                  In the Connection Information pane on the cluster details page, click Configure next to kubectl. On the window displayed, download the configuration file.
                                                                  
+
                                                                   
                                                                  • The kubectl configuration file kubeconfig.json is used for cluster authentication. If the file is leaked, your clusters may be attacked.
                                                                  • By default, two-way authentication is disabled for domain names in the current cluster. You can run the kubectl config use-context externalTLSVerify command to enable two-way authentication. For details, see Two-Way Authentication for Domain Names. For a cluster that has been bound to an EIP, if the authentication fails (x509: certificate is valid) when two-way authentication is used, bind the EIP again and download kubeconfig.json again.
                                                                  • The Kubernetes permissions assigned by the configuration file downloaded by IAM users are the same as those assigned to the IAM users on the CCE console.
                                                                  • If the KUBECONFIG environment variable is configured in the Linux OS, kubectl preferentially loads the KUBECONFIG environment variable instead of $home/.kube/config.
                                                                  
 
                                                                  
-
                                                                4. Configure kubectl.
                                                                  Configure kubectl (A Linux OS is used).
                                                                  1. Log in to your client and copy the kubeconfig.json configuration file downloaded in 2 to the /home directory on your client.
                                                                  2. Configure the kubectl authentication file.
                                                                    cd /home
+
                                                                  3. Configure kubectl.
                                                                    Configure kubectl (A Linux OS is used).
                                                                    1. Log in to your client and copy the kubeconfig.json configuration file downloaded in 2 to the /home directory on your client.
                                                                    2. Configure the kubectl authentication file.
                                                                      cd /home
 mkdir -p $HOME/.kube
 mv -f kubeconfig.json $HOME/.kube/config
                                                                      
 
                                                                    3. Switch the kubectl access mode based on service scenarios.
                                                                      • Run this command to enable intra-VPC access:
                                                                        kubectl config use-context internal
                                                                        
@@ -35,14 +35,14 @@ mv -f kubeconfig.json $HOME/.kube/config
 
                                                                    
 
                                                                  
 
                                                                  
-
                                                                  Two-Way Authentication for Domain Names
                                                                  Currently, CCE supports two-way authentication for domain names.
                                                                  
-
                                                                  • Two-way authentication is disabled for domain names by default. You can run the kubectl config use-context externalTLSVerify command to switch to the externalTLSVerify context to enable it.
                                                                  • When an EIP is bound to or unbound from a cluster, or a custom domain name is configured or updated, the cluster server certificate will be added the latest cluster access address (including the EIP bound to the cluster and all custom domain names configured for the cluster).
                                                                  • Asynchronous cluster synchronization takes about 5 to 10 minutes. You can view the synchronization result in Synchronize Certificate in Operation Records.
                                                                  • For a cluster that has been bound to an EIP, if the authentication fails (x509: certificate is valid) when two-way authentication is used, you need to bind the EIP again and download kubeconfig.json again.
                                                                  • If the domain name two-way authentication is not supported, kubeconfig.json contains the "insecure-skip-tls-verify": true field, as shown in Figure 1. To use two-way authentication, you can download the kubeconfig.json file again and enable two-way authentication for the domain names.
                                                                    Figure 1 Two-way authentication disabled for domain names
                                                                    
+
                                                                    Two-Way Authentication for Domain Names
                                                                    CCE supports two-way authentication for domain names.
                                                                    
+
                                                                    • Two-way authentication is disabled for domain names by default. You can run the kubectl config use-context externalTLSVerify command to switch to the externalTLSVerify context to enable it.
                                                                    • When an EIP is bound to or unbound from a cluster, or a custom domain name is configured or updated, the cluster server certificate will be added the latest cluster access address (including the EIP bound to the cluster and all custom domain names configured for the cluster).
                                                                    • Asynchronous cluster synchronization takes about 5 to 10 minutes. You can view the synchronization result in Synchronize Certificate in Operation Records.
                                                                    • For a cluster that has been bound to an EIP, if the authentication fails (x509: certificate is valid) when two-way authentication is used, bind the EIP again and download kubeconfig.json again.
                                                                    • If the domain name two-way authentication is not supported, kubeconfig.json contains the "insecure-skip-tls-verify": true field, as shown in Figure 1. To use two-way authentication, you can download the kubeconfig.json file again and enable two-way authentication for the domain names.
                                                                      Figure 1 Two-way authentication disabled for domain names
                                                                      
 
                                                                    
 
                                                                    
-
                                                                    Common Issues
                                                                    • Error from server Forbidden
                                                                      When you use kubectl to create or query Kubernetes resources, the following output is returned:
                                                                      
+
                                                                      Common Issues
                                                                      • Error from server Forbidden
                                                                        When you use kubectl to create or query Kubernetes resources, the following output is returned:
                                                                        
 
                                                                        # kubectl get deploy Error from server (Forbidden): deployments.apps is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "deployments" in API group "apps" in the namespace "default"
                                                                        
 
                                                                        The cause is that the user does not have the permissions to operate the Kubernetes resources. For details about how to assign permissions, see Namespace Permissions (Kubernetes RBAC-based).
                                                                        
-
                                                                      • The connection to the server localhost:8080 was refused
                                                                        When you use kubectl to create or query Kubernetes resources, the following output is returned:
                                                                        
+
                                                                      • The connection to the server localhost:8080 was refused
                                                                        When you use kubectl to create or query Kubernetes resources, the following output is returned:
                                                                        
 
                                                                        The connection to the server localhost:8080 was refused - did you specify the right host or port?
                                                                        
 
                                                                        The cause is that cluster authentication is not configured for the kubectl client. For details, see 3.
                                                                        
 
                                                                      
@@ -50,7 +50,7 @@ mv -f kubeconfig.json $HOME/.kube/config
 
                                                                      
 
 
diff --git a/docs/cce/umn/cce_10_0110.html b/docs/cce/umn/cce_10_0110.html
index d4afbeb39..7384c0ff6 100644
--- a/docs/cce/umn/cce_10_0110.html
+++ b/docs/cce/umn/cce_10_0110.html
@@ -1,14 +1,18 @@
 
 
-
                                                                      Monitoring and Alarm
                                                                      
+
                                                                      Monitoring
                                                                      
 
                                                                      
 
                                                                      
 
 
diff --git a/docs/cce/umn/cce_10_0111.html b/docs/cce/umn/cce_10_0111.html
new file mode 100644
index 000000000..22522bc27
--- /dev/null
+++ b/docs/cce/umn/cce_10_0111.html
@@ -0,0 +1,22 @@
+
+
+
                                                                      Scalable File Service (SFS)
                                                                      
+
                                                                      
+
                                                                      
+
+
diff --git a/docs/cce/umn/cce_10_0112.html b/docs/cce/umn/cce_10_0112.html
index ebd4ffe87..711085897 100644
--- a/docs/cce/umn/cce_10_0112.html
+++ b/docs/cce/umn/cce_10_0112.html
@@ -3,20 +3,20 @@
 
                                                                      Setting Health Check for a Container
                                                                      
 
                                                                      Scenario
                                                                      Health check regularly checks the health status of containers during container running. If the health check function is not configured, a pod cannot detect application exceptions or automatically restart the application to restore it. This will result in a situation where the pod status is normal but the application in the pod is abnormal.
                                                                      
 
                                                                      Kubernetes provides the following health check probes:
                                                                      
-
                                                                      • Liveness probe (livenessProbe): checks whether a container is still alive. It is similar to the ps command that checks whether a process exists. If the liveness check of a container fails, the cluster restarts the container. If the liveness check is successful, no operation is executed.
                                                                      • Readiness probe (readinessProbe): checks whether a container is ready to process user requests. Upon that the container is detected unready, service traffic will not be directed to the container. It may take a long time for some applications to start up before they can provide services. This is because that they need to load disk data or rely on startup of an external module. In this case, the application process is running, but the application cannot provide services. To address this issue, this health check probe is used. If the container readiness check fails, the cluster masks all requests sent to the container. If the container readiness check is successful, the container can be accessed. 
                                                                      • Startup probe (startupProbe): checks when a container application has started. If such a probe is configured, it disables liveness and readiness checks until it succeeds, ensuring that those probes do not interfere with the application startup. This can be used to adopt liveness checks on slow starting containers, avoiding them getting terminated by the kubelet before they are started.
                                                                      
+
                                                                      • Liveness probe (livenessProbe): checks whether a container is still alive. It is similar to the ps command that checks whether a process exists. If the liveness check of a container fails, the cluster restarts the container. If the liveness check is successful, no operation is executed.
                                                                      • Readiness probe (readinessProbe): checks whether a container is ready to process user requests. Upon that the container is detected unready, service traffic will not be directed to the container. It may take a long time for some applications to start up before they can provide services. This is because that they need to load disk data or rely on startup of an external module. In this case, the application process is running, but the application cannot provide services. To address this issue, this health check probe is used. If the container readiness check fails, the cluster masks all requests sent to the container. If the container readiness check is successful, the container can be accessed. 
                                                                      • Startup probe (startupProbe): checks when a containerized application has started. If such a probe is configured, it disables liveness and readiness checks until it succeeds, ensuring that those probes do not interfere with the application startup. This can be used to adopt liveness checks on slow starting containers, avoiding them getting terminated by the kubelet before they are started.
                                                                      
 
                                                                      
-
                                                                      Check Method
                                                                      • HTTP request
                                                                        This health check mode is applicable to containers that provide HTTP/HTTPS services. The cluster periodically initiates an HTTP/HTTPS GET request to such containers. If the return code of the HTTP/HTTPS response is within 200–399, the probe is successful. Otherwise, the probe fails. In this health check mode, you must specify a container listening port and an HTTP/HTTPS request path.
                                                                        
-
                                                                        For example, for a container that provides HTTP services, the HTTP check path is /health-check, the port is 80, and the host address is optional (which defaults to the container IP address). Here, 172.16.0.186 is used as an example, and we can get such a request: GET http://172.16.0.186:80/health-check. The cluster periodically initiates this request to the container. You can also add one or more headers to an HTTP request. For example, set the request header name to Custom-Header and the corresponding value to example.
                                                                        
+
                                                                        Check Method
                                                                        • HTTP request
                                                                          This health check mode applies to containers that provide HTTP/HTTPS services. The cluster periodically initiates an HTTP/HTTPS GET request to such containers. If the return code of the HTTP/HTTPS response is within 200–399, the probe is successful. Otherwise, the probe fails. In this health check mode, you must specify a container listening port and an HTTP/HTTPS request path.
                                                                          
+
                                                                          For example, for a container that provides HTTP services, the HTTP check path is /health-check, the port is 80, and the host address is optional (which defaults to the container IP address). Here, 172.16.0.186 is used as an example, and we can get such a request: GET http://172.16.0.186:80/health-check. The cluster periodically initiates this request to the container. You can also add one or more headers to an HTTP request. For example, set the request header name to Custom-Header and the corresponding value to example.
                                                                          
 
                                                                        • TCP port
                                                                          For a container that provides TCP communication services, the cluster periodically establishes a TCP connection to the container. If the connection is successful, the probe is successful. Otherwise, the probe fails. In this health check mode, you must specify a container listening port.
                                                                          
-
                                                                          For example, if you have a Nginx container with service port 80, after you specify TCP port 80 for container listening, the cluster will periodically initiate a TCP connection to port 80 of the container. If the connection is successful, the probe is successful. Otherwise, the probe fails.
                                                                          
+
                                                                          For example, if you have an Nginx container with service port 80, after you specify TCP port 80 for container listening, the cluster will periodically initiate a TCP connection to port 80 of the container. If the connection is successful, the probe is successful. Otherwise, the probe fails.
                                                                          
 
                                                                        • CLI
                                                                          CLI is an efficient tool for health check. When using the CLI, you must specify an executable command in a container. The cluster periodically runs the command in the container. If the command output is 0, the health check is successful. Otherwise, the health check fails.
                                                                          
 
                                                                          The CLI mode can be used to replace the HTTP request-based and TCP port-based health check.
                                                                          
-
                                                                          • For a TCP port, you can use a program script to connect to a container port. If the connection is successful, the script returns 0. Otherwise, the script returns –1.
                                                                          • For an HTTP request, you can use the script command to run the wget command to detect the container.
                                                                            wget http://127.0.0.1:80/health-check
                                                                            
+
                                                                            • For a TCP port, you can use a program script to connect to a container port. If the connection is successful, the script returns 0. Otherwise, the script returns –1.
                                                                            • For an HTTP request, you can use the script command to run the wget command to detect the container.
                                                                              wget http://127.0.0.1:80/health-check
                                                                              
 
                                                                              Check the return code of the response. If the return code is within 200–399, the script returns 0. Otherwise, the script returns –1. 
                                                                              
-
                                                                               
                                                                              • Put the program to be executed in the container image so that the program can be executed. 
                                                                              • If the command to be executed is a shell script, do not directly specify the script as the command, but add a script parser. For example, if the script is /data/scripts/health_check.sh, you must specify sh/data/scripts/health_check.sh for command execution. The reason is that the cluster is not in the terminal environment when executing programs in a container. 
                                                                              
+
                                                                               
                                                                              • Put the program to be executed in the container image so that the program can be executed. 
                                                                              • If the command to be executed is a shell script, do not directly specify the script as the command, but add a script parser. For example, if the script is /data/scripts/health_check.sh, you must specify sh/data/scripts/health_check.sh for command execution. The reason is that the cluster is not in the terminal environment when executing programs in a container. 
                                                                              
 
                                                                              
 
                                                                            
-
                                                                          • gRPC Check
                                                                            gRPC checks can configure startup, liveness, and readiness probes for your gRPC application without exposing any HTTP endpoint, nor do you need an executable. Kubernetes can connect to your workload via gRPC and query its status.
                                                                             
                                                                            • The gRPC check is supported only in CCE clusters of v1.25 or later.
                                                                            • To use gRPC for check, your application must support the gRPC health checking protocol.
                                                                            • Similar to HTTP and TCP probes, if the port is incorrect or the application does not support the health checking protocol, the check fails.
                                                                            
+
                                                                          • gRPC Check
                                                                            gRPC checks can configure startup, liveness, and readiness probes for your gRPC application without exposing any HTTP endpoint, nor do you need an executable. Kubernetes can connect to your workload via gRPC and obtain its status.
                                                                             
                                                                            • The gRPC check is supported only in CCE clusters of v1.25 or later.
                                                                            • To use gRPC for check, your application must support the gRPC health checking protocol.
                                                                            • Similar to HTTP and TCP probes, if the port is incorrect or the application does not support the health checking protocol, the check fails.
                                                                            
 
                                                                            
 
                                                                            
 
                                                                          
@@ -48,7 +48,7 @@
 
 
                                                            
-
@@ -57,7 +57,7 @@
 
diff --git a/docs/cce/umn/cce_10_0113.html b/docs/cce/umn/cce_10_0113.html
index 95bcbc995..71b91b67a 100644
--- a/docs/cce/umn/cce_10_0113.html
+++ b/docs/cce/umn/cce_10_0113.html
@@ -7,9 +7,9 @@
 
                                                            Configurations must be imported to a container as arguments. Otherwise, configurations will be lost after the container restarts.
                                                            Environment variables can be set in the following modes:
                                                            
-
                                                            • Custom
                                                            • Added from ConfigMap: Import all keys in a ConfigMap as environment variables.
                                                            • Added from ConfigMap key: Import a key in a ConfigMap as the value of an environment variable. For example, if you import configmap_value of configmap_key in a ConfigMap as the value of environment variable key1, an environment variable named key1 with its value is configmap_value exists in the container.
                                                            • Added from secret: Import all keys in a secret as environment variables.
                                                            • Added from secret key: Import the value of a key in a secret as the value of an environment variable. For example, if you import secret_value of secret_key in secret secret-example as the value of environment variable key2, an environment variable named key2 with its value secret_value exists in the container.
                                                            • Variable value/reference: Use the field defined by a pod as the value of the environment variable, for example, the pod name.
                                                            • Resource Reference: Use the field defined by a container as the value of the environment variable, for example, the CPU limit of the container.
                                                            
+
                                                            • Custom: Enter the environment variable name and parameter value.
                                                            • Added from ConfigMap key: Import all keys in a ConfigMap as environment variables.
                                                            • Added from ConfigMap: Import a key in a ConfigMap as the value of an environment variable. As shown in Figure 1, if you import configmap_value of configmap_key in a ConfigMap as the value of environment variable key1, an environment variable named key1 whose value is configmap_value exists in the container.
                                                            • Added from secret: Import all keys in a secret as environment variables.
                                                            • Added from secret key: Import the value of a key in a secret as the value of an environment variable. As shown in Figure 1, if you import secret_value of secret_key in secret secret-example as the value of environment variable key2, an environment variable named key2 whose value is secret_value exists in the container.
                                                            • Variable value/reference: Use the field defined by a pod as the value of the environment variable. As shown in Figure 1, if the pod name is imported as the value of environment variable key3, an environment variable named key3 exists in the container and its value is the pod name.
                                                            • Resource Reference: The value of Request or Limit defined by the container is used as the value of the environment variable. As shown in Figure 1, if you import the CPU limit of container-1 as the value of environment variable key4, an environment variable named key4 exists in the container and its value is the CPU limit of container-1.
                                                            
-
                                                            Adding Environment Variables
                                                            1. Log in to the CCE console. When creating a workload, select Environment Variables under Container Settings.
                                                            2. Set environment variables.
                                                              
+
                                                              Adding Environment Variables
                                                              1. Log in to the CCE console.
                                                              2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                              3. When creating a workload, modify the container information in the Container Settings area and click the Environment Variables tab.
                                                              4. Configure environment variables.
                                                                Figure 1 Configuring environment variables
                                                                
 
                                                              
 
                                                              
 
                                                              YAML Example
                                                              apiVersion: apps/v1
diff --git a/docs/cce/umn/cce_10_0120.html b/docs/cce/umn/cce_10_0120.html
deleted file mode 100644
index 6af29399a..000000000
--- a/docs/cce/umn/cce_10_0120.html
+++ /dev/null
@@ -1,62 +0,0 @@
-
-
-
                                                              Performing Replace/Rolling Upgrade
                                                              
-
                                                              Scenario
                                                              You can upgrade your clusters to a newer Kubernetes version on the CCE console.
                                                              
-
                                                              Before the upgrade, learn about the target version to which each CCE cluster can be upgraded in what ways, and the upgrade impacts. For details, see Upgrade Overview and Before You Start.
                                                              
-
                                                              
-
                                                              Precautions
                                                              • If the coredns add-on needs to be upgraded during the cluster upgrade, ensure that the number of nodes is greater than or equal to the number of coredns instances and all coredns instances are running. Otherwise, the upgrade will fail. Before upgrading a cluster of v1.13, you need to upgrade the coredns add-on to the latest version available for the cluster.
                                                              • When a cluster of v1.11 or earlier is upgraded to v1.13, the impacts on the cluster are as follows:
                                                                • All cluster nodes will be restarted as their OSs are upgraded, which affects application running.
                                                                • The cluster signature certificate mechanism is changed. As a result, the original cluster certificate becomes invalid. You need to obtain the certificate or kubeconfig file again after the cluster is upgraded.
                                                                
-
                                                              • During the upgrade from one release of v1.13 to a later release of v1.13, applications in the cluster are interrupted for a short period of time only during the upgrade of network components.
                                                              • During the upgrade from Kubernetes 1.9 to 1.11, the kube-dns of the cluster will be uninstalled and replaced with CoreDNS, which may cause loss of the cascading DNS configuration in the kube-dns or temporary interruption of the DNS service. Back up the DNS address configured in the kube-dns so you can configure the domain name in the CoreDNS again when domain name resolution is abnormal.
                                                              
-
                                                              
-
                                                              Procedure
                                                              1. Log in to the CCE console and click the cluster name to access the cluster.
                                                              2. In the navigation pane, choose Cluster Upgrade. You can view the new version available for upgrade on the right. Click Upgrade.
                                                                 
                                                                • If your cluster version is up-to-date, the Upgrade button is grayed out.
                                                                • If your cluster status is abnormal or there are abnormal add-ons, the Upgrade button is dimmed. Perform a check by referring to Before You Start.
                                                                
-
                                                                
-
                                                              3. In the displayed Pre-upgrade Check dialog box, click Check Now.
                                                              4. The pre-upgrade check starts. While the pre-upgrade check is in progress, the cluster status will change to Pre-checking and new nodes/applications will not be able to be deployed on the cluster. However, existing nodes and applications will not be affected. It takes 3 to 5 minutes to complete the pre-upgrade check.
                                                              5. When the status of the pre-upgrade check is Completed, click Upgrade.
                                                              6. On the cluster upgrade page, review or configure basic information by referring to Table 1.
                                                                
-
                                                            Table 1 Event types and names
                                                            Event Type
                                                            
@@ -91,11 +91,11 @@
 
                                                            
 
 
                                                            Updating an HPA Policy
                                                            An HPA policy is used as an example.
                                                            
-
                                                            1. Log in to the CCE console and access the cluster console.
                                                            2. In the navigation pane, choose Workload Scaling. Click Update in the Operation column of the target policy.
                                                            3. On the Update HPA Policy page displayed, set the policy parameters listed in Table 1.
                                                            4. Click Update.
                                                            
+
                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                            2. On the cluster console, choose Workload Scaling in the navigation pane. Locate the row that contains the target policy and choose More > Edit in the Operation column.
                                                            3. On the Edit HPA Policy page, configure the parameters as listed in Table 1.
                                                            4. Click OK.
                                                            
 
                                                            
-
                                                            Editing the YAML File (HPA Policy)
                                                            1. Log in to the CCE console and access the cluster console.
                                                            2. In the navigation pane, choose Workload Scaling. Click More > Edit YAML in the Operation column of the target HPA policy.
                                                            3. In the Edit YAML dialog box displayed, edit or download the YAML file.
                                                            4. Click the close button in the upper right corner.
                                                            
+
                                                            Editing the YAML File (HPA Policy)
                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                            2. In the navigation pane, choose Policies. Choose Edit YAML in the Operation column of the target HPA policy.
                                                            3. In the Edit YAML dialog box displayed, edit or download the YAML file.
                                                            
 
                                                            
-
                                                            Deleting an HPA Policy
                                                            1. Log in to the CCE console and access the cluster console.
                                                            2. In the navigation pane, choose Workload Scaling. Click Delete in the Operation column of the target policy.
                                                            3. In the dialog box displayed, click Yes.
                                                            
+
                                                            Deleting an HPA Policy
                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                            2. In the navigation pane, choose Policies. Choose Delete > Delete in the Operation column of the target policy.
                                                            3. In the dialog box displayed, click Yes.
                                                            
 
                                                            
 
                                                            
 
                                                            
diff --git a/docs/cce/umn/cce_10_0084.html b/docs/cce/umn/cce_10_0084.html
new file mode 100644
index 000000000..e2afb6f0d
--- /dev/null
+++ b/docs/cce/umn/cce_10_0084.html
@@ -0,0 +1,16 @@
+
+
+
                                                            Enabling ICMP Security Group Rules
                                                            
+
                                                            Scenario
                                                            If a workload uses UDP for both load balancing and health check, enable ICMP security group rules for the backend servers.
                                                            
+
                                                            
+
                                                            Procedure
                                                            1. Log in to the ECS console, find the ECS corresponding to any node where the workload runs, and click the ECS name. On the displayed ECS details page, record the security group name.
                                                            2. Log in to the VPC console. In the navigation pane on the left, choose Access Control > Security Groups. In the security group list on the right, click the security group name obtained in step 1.
                                                            3. On the page displayed, click the Inbound Rules tab and click Add Rule to add an inbound rule for ECS. Then, click OK.
                                                               
                                                              • You only need to add security group rules to any node where the workload runs.
                                                              • The security group must have rules to allow access from the CIDR block 100.125.0.0/16.
                                                              
+
                                                              
+
                                                            
+
                                                            
+
                                                            
+
                                                            
+
                                                            
+
                                                            Parent topic: LoadBalancer
                                                            
+
                                                            
+
                                                            
+
diff --git a/docs/cce/umn/cce_10_0091.html b/docs/cce/umn/cce_10_0091.html
index 2e7c452c8..c3b9acf7c 100644
--- a/docs/cce/umn/cce_10_0091.html
+++ b/docs/cce/umn/cce_10_0091.html
@@ -6,20 +6,14 @@
 
 
                                                            
 
diff --git a/docs/cce/umn/cce_10_0094.html b/docs/cce/umn/cce_10_0094.html
index 4b033a720..7ba8627ca 100644
--- a/docs/cce/umn/cce_10_0094.html
+++ b/docs/cce/umn/cce_10_0094.html
@@ -1,16 +1,64 @@
 
 
-
                                                            Ingress Overview
                                                            
-
                                                            Why We Need Ingresses
                                                            A Service is generally used to forward access requests based on TCP and UDP and provide layer-4 load balancing for clusters. However, in actual scenarios, if there is a large number of HTTP/HTTPS access requests on the application layer, the Service cannot meet the forwarding requirements. Therefore, the Kubernetes cluster provides an HTTP-based access mode, that is, ingress.
                                                            
+
                                                            Overview
                                                            
+
                                                            Why We Need Ingresses
                                                            A Service is generally used to forward access requests based on TCP and UDP and provide layer-4 load balancing for clusters. However, in actual scenarios, if there is a large number of HTTP/HTTPS access requests on the application layer, the Service cannot meet the forwarding requirements. Therefore, the Kubernetes cluster provides an HTTP-based access mode, ingress.
                                                            
 
                                                            An ingress is an independent resource in the Kubernetes cluster and defines rules for forwarding external access traffic. As shown in Figure 1, you can customize forwarding rules based on domain names and URLs to implement fine-grained distribution of access traffic.
                                                            
-
                                                            Figure 1 Ingress diagram
                                                            
+
                                                            Figure 1 Ingress diagram
                                                            
 
                                                            The following describes the ingress-related definitions:
                                                            
 
                                                            • Ingress object: a set of access rules that forward requests to specified Services based on domain names or URLs. It can be added, deleted, modified, and queried by calling APIs.
                                                            • Ingress Controller: an executor for request forwarding. It monitors the changes of resource objects such as ingresses, Services, endpoints, secrets (mainly TLS certificates and keys), nodes, and ConfigMaps in real time, parses rules defined by ingresses, and forwards requests to the corresponding backend Services.
                                                            
 
                                                            
 
                                                            Working Principle of ELB Ingress Controller
                                                            ELB Ingress Controller developed by CCE implements layer-7 network access for the internet and intranet (in the same VPC) based on ELB and distributes access traffic to the corresponding Services using different URLs.
                                                            
 
                                                            ELB Ingress Controller is deployed on the master node and bound to the load balancer in the VPC where the cluster resides. Different domain names, ports, and forwarding policies can be configured for the same load balancer (with the same IP address). Figure 2 shows the working principle of ELB Ingress Controller.
                                                            
 
                                                            1. A user creates an ingress object and configures a traffic access rule in the ingress, including the load balancer, URL, SSL, and backend service port.
                                                            2. When Ingress Controller detects that the ingress object changes, it reconfigures the listener and backend server route on the ELB side according to the traffic access rule.
                                                            3. When a user accesses a workload, the traffic is forwarded to the corresponding backend service port based on the forwarding policy configured on ELB, and then forwarded to each associated workload through the Service.
                                                            
-
                                                            Figure 2 Working principle of ELB Ingress Controller
                                                            
+
                                                            Figure 2 Working principle of ELB Ingress Controller
                                                            
+
                                                            
+
                                                            Services Supported by Ingresses
                                                            Table 1 lists the services supported by ELB Ingresses.
+
                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                            Table 1 Services supported by ELB Ingresses
                                                            Cluster Type
                                                            
+
                                                            ELB Type
                                                            
+
                                                            ClusterIP
                                                            
+
                                                            NodePort
                                                            
+
                                                            CCE cluster
                                                            
+
                                                            Shared load balancer
                                                            
+
                                                            Not supported
                                                            
+
                                                            Supported
                                                            
+
                                                            Dedicated load balancer
                                                            
+
                                                            Not supported (Failed to access the dedicated load balancers because no ENI is bound to the associated pod of the ClusterIP Service.)
                                                            
+
                                                            Supported
                                                            
+
                                                            CCE Turbo cluster
                                                            
+
                                                            Shared load balancer
                                                            
+
                                                            Not supported
                                                            
+
                                                            Supported
                                                            
+
                                                            Dedicated load balancer
                                                            
+
                                                            Supported
                                                            
+
                                                            Not supported (Failed to access the dedicated load balancers because an ENI has been bound to the associated pod of the NodePort Service.)
                                                            
+
                                                            
+
                                                            
+
                                                            
 
                                                            
 
                                                            
 
                                                            
diff --git a/docs/cce/umn/cce_10_0105.html b/docs/cce/umn/cce_10_0105.html
index 9941eeba0..e385aa684 100644
--- a/docs/cce/umn/cce_10_0105.html
+++ b/docs/cce/umn/cce_10_0105.html
@@ -78,7 +78,7 @@
 
                                                            Command
                                                            
                                                             		
 
                                                            Enter an executable command, for example, /run/server.
                                                            
-
                                                            If there are multiple commands, separate them with spaces. If the command contains a space, you need to add a quotation mark ("").
                                                            
+
                                                            If there are multiple executable commands, write them in different lines.
                                                            
 
                                                             NOTE: 
                                                            In the case of multiple commands, you are advised to run /bin/sh or other shell commands. Other commands are used as parameters.
                                                            
 
                                                            
 
                                                            HTTP request
                                                            
                                                             		
 
                                                            Send an HTTP request for post-start processing. The related parameters are described as follows:
                                                            
-
                                                            • Path: (optional) request URL.
                                                            • Port: (mandatory) request port.
                                                            • Host: (optional) IP address of the request. The default value is the IP address of the node where the container resides.
                                                            
+
                                                            • Path: (optional) request URL.
                                                            • Port: (mandatory) request port.
                                                            • Host: (optional) requested host IP address. The default value is the IP address of the pod.
                                                            
                                                             		
 
                                                            
                                                             
 
                                                            CLI
                                                            
 
                                                            Set commands to be executed in the container for pre-stop processing. The command format is Command Args[1] Args[2].... Command is a system command or a user-defined executable program. If no path is specified, an executable program in the default path will be selected. If multiple commands need to be executed, write the commands into a script for execution.
                                                            
+
                                                            Set commands to be executed in the container for pre-stop processing. The command format is Command Args[1] Args[2].... Command is a system command or a user-defined executable program. If no path is specified, an executable program in the default path will be selected. If multiple commands need to be executed, write the commands into a script for execution.
                                                            
 
                                                            Example command:
                                                            
 
                                                            exec: 
   command: 
@@ -144,7 +144,7 @@
 
                                                            HTTP request
                                                            
                                                             		
 
                                                            Send an HTTP request for pre-stop processing. The related parameters are described as follows:
                                                            
-
                                                            • Path: (optional) request URL.
                                                            • Port: (mandatory) request port.
                                                            • Host: (optional) IP address of the request. The default value is the IP address of the node where the container resides.
                                                            
+
                                                            • Path: (optional) request URL.
                                                            • Port: (mandatory) request port.
                                                            • Host: (optional) requested host IP address. The default value is the IP address of the pod.
                                                            
                                                             		
 
                                                            
                                                                                                           
 
 
                                   
 
 
 
                         
 
 
                                                            Success Threshold (successThreshold)
                                                            
 
                                                            Minimum consecutive successes for the probe to be considered successful after having failed. For example, if this parameter is set to 1, the workload status is normal only when the health check is successful for one consecutive time after the health check fails.
                                                            
+
                                                            Minimum consecutive successes for the probe to be considered successful after having failed. For example, if this parameter is set to 1, the workload status is normal only when the health check is successful for one consecutive time after the health check fails.
                                                            
 
                                                            The default value is 1, which is also the minimum value.
                                                            
 
                                                            The value of this parameter is fixed to 1 in Liveness Probe and Startup Probe.
                                                            
                                                             		
 
                                                            Number of retry times when the detection fails.
                                                            
 
                                                            Giving up in case of liveness probe means to restart the container. In case of readiness probe the pod will be marked Unready.
                                                            
-
                                                            The default value is 3. The minimum value is 1.
                                                            
+
                                                            The default value is 3. The minimum value is 1.
                                                            
                                                             		
 
                                                            
                                                             
 
 
 
                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                            Table 1 Basic information
                                                            Parameter
                                                            
-
                                                            Description
                                                            
-
                                                            Cluster Name
                                                            
-
                                                            Review the name of the cluster to be upgraded.
                                                            
-
                                                            Current Version
                                                            
-
                                                            Review the version of the cluster to be upgraded.
                                                            
-
                                                            Target Version
                                                            
-
                                                            Review the target version after the upgrade.
                                                            
-
                                                            Node Upgrade Policy
                                                            
-
                                                            Replace (replace upgrade): Worker nodes will be reset. Their OSs will be reinstalled, and data on the system and data disks will be cleared. Exercise caution when performing this operation.
                                                            
-
                                                             NOTE: 
                                                            • The lifecycle management function of the nodes and workloads in the cluster is unavailable.
                                                            • APIs cannot be called temporarily.
                                                            • Running workloads will be interrupted because nodes are reset during the upgrade.
                                                            • Data in the system and data disks on the worker nodes will be cleared. Back up important data before resetting the nodes.
                                                            • Data disks without LVM mounted to worker nodes need to be mounted again after the upgrade, and data on the disks will not be lost during the upgrade.
                                                            • The EVS disk quota must be greater than 0.
                                                            • The container IP addresses change, but the communication between containers is not affected.
                                                            • Custom labels on the worker nodes will be cleared.
                                                            • It takes about 12 minutes to complete the cluster upgrade.
                                                            
-
                                                            
-
                                                            Login Mode
                                                            
-
                                                            Key Pair
                                                            
-
                                                            Select the key pair used to log in to the node. You can select a shared key.
                                                            
-
                                                            A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
                                                            
-
                                                            
-
                                                            
-
                                                          4. Click Next. In the dialog box displayed, click OK.
                                                          5. Upgrade add-ons. If an add-on needs to be upgraded, a red dot is displayed. Click the Upgrade button in the lower left corner of the add-on card view. After the upgrade is complete, click Upgrade in the lower right corner of the page.
                                                             
                                                            • Master nodes will be upgraded first, and then the worker nodes will be upgraded concurrently. If there are a large number of worker nodes, they will be upgraded in different batches.
                                                            • Select a proper time window for the upgrade to reduce impacts on services.
                                                            • Clicking OK will start the upgrade immediately, and the upgrade cannot be canceled. Do not shut down or restart nodes during the upgrade.
                                                            
-
                                                            
-
                                                          6. In the displayed Upgrade dialog box, read the information and click OK. Note that the cluster cannot be rolled back after the upgrade.
                                                          7. Back to the cluster list, you can see that the cluster status is Upgrading. Wait until the upgrade is completed.
                                                            After the upgrade is successful, you can view the cluster status and version on the cluster list or cluster details page.
                                                            
-
                                                          
-
                                                          
-
                                                          
-
                                                          
-
                                                          
-
                                                          Parent topic: Upgrading a Cluster
                                                          
-
                                                          
-
                                                          
-
diff --git a/docs/cce/umn/cce_10_0125.html b/docs/cce/umn/cce_10_0125.html
new file mode 100644
index 000000000..d049e8a58
--- /dev/null
+++ b/docs/cce/umn/cce_10_0125.html
@@ -0,0 +1,22 @@
+
+
+
                                                          SFS Turbo File Systems
                                                          
+
                                                          
+
                                                          
+
+
diff --git a/docs/cce/umn/cce_10_0127.html b/docs/cce/umn/cce_10_0127.html
index aeeace222..4162241a3 100644
--- a/docs/cce/umn/cce_10_0127.html
+++ b/docs/cce/umn/cce_10_0127.html
@@ -1,16 +1,16 @@
 
 
-
                                                          storage-driver (System Resource Add-On, Discarded)
                                                          
+
                                                          storage-driver(Flexvolume, Deprecated)
                                                          
 
                                                          Introduction
                                                          storage-driver functions as a standard Kubernetes FlexVolume plug-in to allow containers to use EVS, SFS, OBS, and SFS Turbo storage resources. By installing and upgrading storage-driver, you can quickly install and update cloud storage capabilities.
                                                          
 
                                                          storage-driver is a system resource add-on. It is installed by default when a cluster of Kubernetes v1.13 or earlier is created.
                                                          
 
                                                          
-
                                                          Notes and Constraints
                                                          • For clusters created in CCE, Kubernetes v1.15.11 is a transitional version in which the FlexVolume plug-in (storage-driver) is compatible with the CSI plug-in (everest). Clusters of v1.17 and later versions do not support FlexVolume anymore. You need to use the everest add-on.
                                                          • The FlexVolume plug-in will be maintained by Kubernetes developers, but new functionality will only be added to CSI. You are advised not to create storage that connects to the FlexVolume plug-in (storage-driver) in CCE anymore. Otherwise, the storage resources may not function normally.
                                                          • This add-on can be installed only in clusters of v1.13 or earlier. By default, the everest add-on is installed when clusters of v1.15 or later are created.
                                                             
                                                            In a cluster of v1.13 or earlier, when an upgrade or bug fix is available for storage functionalities, you only need to install or upgrade the storage-driver add-on. Upgrading the cluster or creating a cluster is not required.
                                                            
+
                                                            Constraints
                                                            • For clusters created in CCE, Kubernetes v1.15.11 is a transitional version in which the FlexVolume add-on (storage-driver) is compatible with the CSI add-on (everest). Clusters of v1.17 and later versions do not support FlexVolume anymore. Use the everest add-on.
                                                            • The FlexVolume add-on will be maintained by Kubernetes developers, but new functionality will only be added to everest (System Resource Add-on, Mandatory). Do not create CCE storage that connects to the FlexVolume add-on (storage-driver) anymore. Otherwise, storage may malfunction.
                                                            • This add-on can be installed only in clusters of v1.13 or earlier. By default, the everest add-on is installed when clusters of v1.15 or later are created.
                                                               
                                                              In a cluster of v1.13 or earlier, when an upgrade or bug fix is available for storage functionalities, you only need to install or upgrade the storage-driver add-on. Upgrading the cluster or creating a cluster is not required.
                                                              
 
                                                              
 
                                                            
 
                                                            
 
                                                            Installing the Add-on
                                                            This add-on has been installed by default. If it is uninstalled due to some reasons, you can reinstall it by performing the following steps:
                                                            
 
                                                            If storage-driver is not installed in a cluster, perform the following steps to install it:
                                                            
-
                                                            1. Log in to the CCE console, click the cluster name, and access the cluster console. Choose Add-ons in the navigation pane, locate storage-driver on the right, and click Install.
                                                            2. Click Install to install the add-on. Note that the storage-driver has no configurable parameters and can be directly installed.
                                                            
+
                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate storage-driver on the right, and click Install.
                                                            2. Click Install to install the add-on. Note that the storage-driver has no configurable parameters and can be directly installed.
                                                            
 
                                                            
 
                                                            
 
                                                            
diff --git a/docs/cce/umn/cce_10_0129.html b/docs/cce/umn/cce_10_0129.html
index f28353758..963f24239 100644
--- a/docs/cce/umn/cce_10_0129.html
+++ b/docs/cce/umn/cce_10_0129.html
@@ -1,20 +1,20 @@
 
 
-
                                                            coredns (System Resource Add-On, Mandatory)
                                                            
-
                                                            Introduction
                                                            The coredns add-on is a DNS server that provides domain name resolution services for Kubernetes clusters. coredns chains plug-ins to provide additional features.
                                                            
-
                                                            coredns is an open-source software and has been a part of CNCF. It provides a means for cloud services to discover each other in cloud-native deployments. Each of the plug-ins chained by coredns provides a particular DNS function. You can integrate coredns with only the plug-ins you need to make it fast, efficient, and flexible. When used in a Kubernetes cluster, coredns can automatically discover services in the cluster and provide domain name resolution for these services. By working with DNS server, coredns can resolve external domain names for workloads in a cluster.
                                                            
-
                                                            coredns is a system resource add-on. It is installed by default when a cluster of Kubernetes v1.11 or later is created.
                                                            
-
                                                            Kubernetes v1.11 and later back CoreDNS as the official default DNS for all clusters going forward.
                                                            
+
                                                            coredns (System Resource Add-on, Mandatory)
                                                            
+
                                                            Introduction
                                                            CoreDNS is a DNS server that provides domain name resolution services for Kubernetes clusters. CoreDNS chains plug-ins to provide additional features.
                                                            
+
                                                            CoreDNS is an open-source software and has been a part of CNCF. It provides a means for cloud services to discover each other in cloud-native deployments. Each of the plug-ins chained by CoreDNS provides a particular DNS function. You can integrate CoreDNS with only the plug-ins you need to make it fast, efficient, and flexible. When used in a Kubernetes cluster, CoreDNS can automatically discover services in the cluster and provide domain name resolution for these services. By working with DNS server, CoreDNS can resolve external domain names for workloads in a cluster.
                                                            
+
                                                            This add-on is installed by default during cluster creation.
                                                            
+
                                                            Kubernetes backs CoreDNS as the official default DNS for all clusters going forward.
                                                            
 
                                                            CoreDNS official website: https://coredns.io/
                                                            
 
                                                            Open source community: https://github.com/coredns/coredns
                                                            
 
                                                             
                                                            For details, see DNS.
                                                            
 
                                                            
 
                                                            
-
                                                            Notes and Constraints
                                                            When coredns is running properly or being upgraded, ensure that the number of available nodes is greater than or equal to the number of coredns instances and all coredns instances are running. Otherwise, the upgrade will fail.
                                                            
+
                                                            Constraints
                                                            When CoreDNS is running properly or being upgraded, ensure that the number of available nodes is greater than or equal to the number of the add-on pods and all the add-on pods are running. Otherwise, the upgrade will fail.
                                                            
 
                                                            
 
                                                            Installing the Add-on
                                                            This add-on has been installed by default. If it is uninstalled due to some reasons, you can reinstall it by performing the following steps:
                                                            
-
                                                            1. Log in to the CCE console, click the cluster name, and access the cluster console. Choose Add-ons in the navigation pane, locate coredns on the right, and click Install.
                                                            2. On the Install Add-on page, select the add-on specifications and set related parameters.
                                                              
-
                                                              Table 1 coredns add-on parameters
                                                              Parameter
                                                              
+
                                                              1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate coredns on the right, and click Install.
                                                              2. On the Install Add-on page, configure the specifications.
                                                                
+
                                                                
@@ -23,34 +23,52 @@
 
-
-
-
-
-
+
                                                                Table 1 Add-on configuration
                                                                Parameter
                                                                
                                                                 		
 
                                                                Description
                                                                
 
                                                                Add-on Specifications
                                                                
                                                                 		
 
                                                                Concurrent domain name resolution ability. Select add-on specifications that best fit your needs.
                                                                
-
                                                                If you select Custom qps, the domain name resolution QPS provided by CoreDNS is positively correlated with the CPU consumption. Adjust the number of pods and container CPU/memory quotas as required.
                                                                
+
                                                                If you select Custom qps, the domain name resolution QPS provided by CoreDNS is positively correlated with the CPU consumption. Adjust the number of pods and container CPU/memory quotas as required.
                                                                
                                                                 		
 
                                                                
 
                                                                Pods
                                                                
 
                                                                Number of pods that will be created to match the selected add-on specifications.
                                                                
+
                                                                Number of pods that will be created to match the selected add-on specifications.
                                                                
+
                                                                If you select Custom qps, you can adjust the number of pods as required.
                                                                
                                                                 		
 
                                                                Multi AZ
                                                                
+
                                                                Multi-AZ
                                                                
 
                                                                • Preferred: Deployment pods of the add-on are preferentially scheduled to nodes in different AZs. If the nodes in the cluster do not meet the requirements of multiple AZs, the pods are scheduled to a single AZ.
                                                                • Required: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. If the nodes in the cluster do not meet the requirements of multiple AZs, not all pods can run.
                                                                
+
                                                                • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ.
                                                                • Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.
                                                                
                                                                 		
 
                                                                
 
                                                                Containers
                                                                
 
                                                                CPU and memory quotas of the container allowed for the selected add-on specifications.
                                                                
+
                                                                CPU and memory quotas of the container allowed for the selected add-on specifications.
                                                                
+
                                                                If you select Custom qps, you can adjust the container specifications as required.
                                                                
                                                                 		
 
                                                                Parameters
                                                                
+
                                                                
+
                                                                
+
                                                              3. Configure the add-on parameters.
                                                                
+
                                                                
+
+
+
+
-
+
+
+
                                                                Table 2 Add-on parameters
                                                                Parameter
                                                                
+
                                                                Description
                                                                
+
                                                                Stub domain settings
                                                                
 
                                                                • parameterSyncStrategy: indicates whether to configure consistency check when an add-on is upgraded.
                                                                  • ensureConsistent: indicates that the configuration consistency check is enabled. If the configuration recorded in the cluster is inconsistent with the actual configuration, the add-on cannot be upgraded.
                                                                  • force: indicates that the configuration consistency check is ignored during an upgrade. Ensure that the current effective configuration is the same as the original configuration. After the add-on is upgraded, restore the value of parameterSyncStrategy to ensureConsistent and enable the configuration consistency check again.
                                                                  
-
                                                                • stub_domains: A domain name server for a user-defined domain name. The format is a key-value pair. The key is a suffix of DNS domain name, and the value is one or more DNS IP addresses.
                                                                • upstream_nameservers: IP address of the upstream DNS server.
                                                                • servers: The servers configuration is available since coredns 1.23.1. You can customize the servers configuration. For details, see dns-custom-nameservers. plugins indicates the configuration of each component in coredns (https://coredns.io/manual/plugins/). You are advised to retain the default configurations in common scenarios to prevent CoreDNS from being unavailable due to configuration errors. Each plugin component contains name, parameters (optional), and configBlock (optional). The format of the generated Corefile is as follows:
                                                                  $name  $parameters {
                                                                  
-
                                                                  $configBlock
                                                                  
-
                                                                  }
                                                                  
-
                                                                  Table 2 describes common plugins.
                                                                  
-
                                                                
-
                                                                Example:
                                                                
-
                                                                {
+
                                                                A domain name server for a custom domain name. The format is a key-value pair. The key is a domain name suffix, and the value is one or more DNS IP addresses, for example, acme.local -- 1.2.3.4,6.7.8.9.
                                                                
+
                                                                For details, see Configuring the Stub Domain for CoreDNS.
                                                                
+
                                                                Advanced settings
                                                                
+
                                                                • parameterSyncStrategy: indicates whether to configure consistency check when an add-on is upgraded.
                                                                  • ensureConsistent: indicates that the configuration consistency check is enabled. If the configuration recorded in the cluster is inconsistent with the actual configuration, the add-on cannot be upgraded.
                                                                  • force: indicates that the configuration consistency check is ignored during an upgrade. Ensure that the current effective configuration is the same as the original configuration. After the add-on is upgraded, restore the value of parameterSyncStrategy to ensureConsistent and enable the configuration consistency check again.
                                                                  • inherit: indicates that differentiated configurations are automatically inherited during an upgrade. After the add-on is upgraded, restore the value of parameterSyncStrategy to ensureConsistent and enable the configuration consistency check again.
                                                                  
+
                                                                • stub_domains: A domain name server for a user-defined domain name. The format is a key-value pair. The key is a suffix of DNS domain name, and the value is one or more DNS IP addresses.
                                                                • upstream_nameservers: IP address of the upstream DNS server.
                                                                • servers: nameservers, which are available in CoreDNS v1.23.1 and later versions. You can customize nameservers. For details, see dns-custom-nameservers.
                                                                  plugins indicates the configuration of each component in CoreDNS. Retain the default settings typically to prevent CoreDNS from being unavailable due to configuration errors. Each plugin component contains name, parameters (optional), and configBlock (optional). The format of the generated Corefile is as follows:
                                                                  $name  $parameters {
+$configBlock
+}
                                                                  
+
                                                                  
+
                                                                  Table 3 describes common plugins. For details, see Plugins.
                                                                  
+
                                                                  Example:
                                                                  
+
                                                                  {
      "servers": [
 		   {
 			"plugins": [
@@ -69,6 +87,10 @@
 					"name": "health",
 					"parameters": "{$POD_IP}:8080"
 				},
+                                {
+					"name": "ready",
+					"{$POD_IP}:8081"
+				},
 				{
 					"configBlock": "pods insecure\nfallthrough in-addr.arpa ip6.arpa",
 					"name": "kubernetes",
@@ -89,9 +111,6 @@
 				},
 				{
 					"name": "reload"
-				},
-				{
-					"name": "log"
 				}
 			],
 			"port": 5353,
@@ -110,80 +129,106 @@
 	},
 	"upstream_nameservers": ["8.8.8.8", "8.8.4.4"]
 }
                                                                  
+
                                                                
                                                                 		
 
                                                                
                                                                 
 
                                                                
 
                                                                
 
-
                                                                Table 2 Default plugin configuration of the active zone of coredns
                                                                plugin Name
                                                                
+
                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
                                                                Table 3 Default plugin configuration of the active zone of CoreDNS
                                                                plugin Name
                                                                
 
                                                                Description
                                                                
+
                                                                Description
                                                                
                                                                 		
 
                                                                
 
                                                                bind
                                                                
+
                                                                bind
                                                                
 
                                                                Host IP address listened by coredns. You are advised to retain the default value {$POD_IP}.
                                                                
+
                                                                Host IP address listened by CoreDNS. You are advised to retain the default value {$POD_IP}. For details, see bind.
                                                                
                                                                 		
 
                                                                cache
                                                                
+
                                                                cache
                                                                
 
                                                                DNS cache is enabled.
                                                                
+
                                                                DNS cache is enabled. For details, see cache.
                                                                
                                                                 		
 
                                                                errors
                                                                
+
                                                                errors
                                                                
 
                                                                Errors are logged to stdout.
                                                                
+
                                                                Errors are logged to stdout. For details, see errors.
                                                                
                                                                 		
 
                                                                health
                                                                
+
                                                                health
                                                                
 
                                                                Health check configuration. The current listening IP address is {$POD_IP}:8080. Retain the default value. Otherwise, the coredns health check fails and coredns restarts repeatedly.
                                                                
+
                                                                Health check configuration. The current listening IP address is {$POD_IP}:8080. Retain the default setting. Otherwise, the CoreDNS health check fails and CoreDNS restarts repeatedly. For details, see health.
                                                                
                                                                 		
 
                                                                kubernetes
                                                                
+
                                                                ready
                                                                
 
                                                                CoreDNS Kubernetes plug-in, which provides the service parsing capability in a cluster.
                                                                
+
                                                                Whether the backend server is ready to receive traffic. The current listening port is {$POD_IP}:8081. If the backend server is not ready, CoreDNS suspends DNS resolution until the backend server is ready. For details, see ready.
                                                                
                                                                 		
 
                                                                loadbalance
                                                                
+
                                                                kubernetes
                                                                
 
                                                                Round-robin DNS load balancer that randomizes the order of A, AAAA, and MX records in the answer.
                                                                
+
                                                                CoreDNS Kubernetes plug-in, which provides the service parsing capability in a cluster. For details, see kubernetes.
                                                                
                                                                 		
 
                                                                prometheus
                                                                
+
                                                                loadbalance
                                                                
 
                                                                Port for obtaining coredns metrics. The default zone listening IP address is {$POD_IP}:9153. Retain the default value. Otherwise, CloudScope cannot collect coredns metrics.
                                                                
+
                                                                Round-robin DNS load balancer that randomizes the order of A, AAAA, and MX records in the answer. For details, see loadbalance.
                                                                
                                                                 		
 
                                                                forward
                                                                
+
                                                                prometheus
                                                                
 
                                                                Any queries that are not within the cluster domain of Kubernetes will be forwarded to predefined resolvers (/etc/resolv.conf).
                                                                
+
                                                                Port for obtaining CoreDNS metrics. The default zone listening IP address is {$POD_IP}:9153. Retain the default setting. Otherwise, prometheus cannot collect CoreDNS metrics. For details about, see prometheus.
                                                                
                                                                 		
 
                                                                reload
                                                                
+
                                                                forward
                                                                
 
                                                                The changed Corefile can be automatically reloaded. After editing the ConfigMap, wait for two minutes for the modification to take effect.
                                                                
+
                                                                Any queries that are not within the cluster domain of Kubernetes will be forwarded to predefined resolvers (/etc/resolv.conf). For details, see forward.
                                                                
+
                                                                reload
                                                                
+
                                                                The changed Corefile can be automatically reloaded. After editing the ConfigMap, wait for 2 minutes for the modification to take effect. For details, see reload.
                                                                
+
                                                                
+
                                                                
+
                                                              4. Click Install.
                                                                5. 
+
+
                                                                Components
                                                                
+
                                                                
+
+
+
+
+
+
+
                                                                Table 4 CoreDNS components
                                                                Container Component
                                                                
+
                                                                Description
                                                                
+
                                                                Resource Type
                                                                
+
                                                                CoreDNS
                                                                
+
                                                                DNS server for clusters
                                                                
+
                                                                Deployment
                                                                
                                                                 		
 
                                                                
                                                                 
 
                                                                
 
                                                                
-
                                                              5. After the preceding configurations are complete, click Install.
                                                                6. 
 
                                                                
 
                                                                How Does Domain Name Resolution Work in Kubernetes?
                                                                DNS policies can be set on a per-pod basis. Currently, Kubernetes supports four types of DNS policies: Default, ClusterFirst, ClusterFirstWithHostNet, and None. For details, see https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/. These policies are specified in the dnsPolicy field in the pod-specific.
                                                                
-
                                                                
 
                                                                • Default: Pods inherit the name resolution configuration from the node that the pods run on. The custom upstream DNS server and the stub domain cannot be used together with this policy.
                                                                • ClusterFirst: Any DNS query that does not match the configured cluster domain suffix, such as www.kubernetes.io, is forwarded to the upstream name server inherited from the node. Cluster administrators may have extra stub domains and upstream DNS servers configured. 
                                                                • ClusterFirstWithHostNet: For pods running with hostNetwork, set its DNS policy ClusterFirstWithHostNet.
                                                                • None: It allows a pod to ignore DNS settings from the Kubernetes environment. All DNS settings are supposed to be provided using the dnsPolicy field in the pod-specific.
                                                                
 
                                                                 
                                                                • Clusters of Kubernetes v1.10 and later support Default, ClusterFirst, ClusterFirstWithHostNet, and None. Clusters earlier than Kubernetes v1.10 support only Default, ClusterFirst, and ClusterFirstWithHostNet.
                                                                • Default is not the default DNS policy. If dnsPolicy is not explicitly specified, ClusterFirst is used.
                                                                
 
                                                                
 
                                                                Routing
                                                                
 
                                                                Without stub domain configurations: Any query that does not match the configured cluster domain suffix, such as www.kubernetes.io, is forwarded to the upstream DNS server inherited from the node.
                                                                
 
                                                                With stub domain configurations: If stub domains and upstream DNS servers are configured, DNS queries are routed according to the following flow:
                                                                
-
                                                                1. The query is first sent to the DNS caching layer in coredns.
                                                                2. From the caching layer, the suffix of the request is examined and then the request is forwarded to the corresponding DNS:
                                                                  • Names with the cluster suffix, for example, .cluster.local: The request is sent to coredns.
                                                                  
+
                                                                  1. The query is first sent to the DNS caching layer in CoreDNS.
                                                                  2. From the caching layer, the suffix of the request is examined and then the request is forwarded to the corresponding DNS:
                                                                    • Names with the cluster suffix, for example, .cluster.local: The request is sent to CoreDNS.
                                                                    
 
                                                                    • Names with the stub domain suffix, for example, .acme.local: The request is sent to the configured custom DNS resolver that listens, for example, on 1.2.3.4.
                                                                    • Names that do not match the suffix (for example, widget.com): The request is forwarded to the upstream DNS.
                                                                    
 
                                                                  
-
                                                                  Figure 1 Routing
                                                                  
+
                                                                  Figure 1 Routing
                                                                  
+
 
 
                                                                  
 
                                                                  
diff --git a/docs/cce/umn/cce_10_0130.html b/docs/cce/umn/cce_10_0130.html
index 4484e9f57..bb999bda4 100644
--- a/docs/cce/umn/cce_10_0130.html
+++ b/docs/cce/umn/cce_10_0130.html
@@ -4,9 +4,11 @@
 
                                                                  
 
                                                                  
 
 
 
                                                                  
diff --git a/docs/cce/umn/cce_10_0132.html b/docs/cce/umn/cce_10_0132.html
index 4e752a09a..94cb7ad6e 100644
--- a/docs/cce/umn/cce_10_0132.html
+++ b/docs/cce/umn/cce_10_0132.html
@@ -1,276 +1,360 @@
 
 
 
                                                                  npd
                                                                  
-
                                                                  Introduction
                                                                  node-problem-detector (npd for short) is an add-on that monitors abnormal events of cluster nodes and connects to a third-party monitoring platform. It is a daemon running on each node. It collects node issues from different daemons and reports them to the API server. The npd add-on can run as a DaemonSet or a daemon.
                                                                  
-
                                                                  For more information, see node-problem-detector.
                                                                  
+
                                                                  Introduction
                                                                  node-problem-detector (npd for short) is an add-on that monitors abnormal events of cluster nodes and connects to a third-party monitoring platform. It is a daemon running on each node. It collects node issues from different daemons and reports them to the API server. The npd add-on can run as a DaemonSet or a daemon.
                                                                  
+
                                                                  For more information, see node-problem-detector.
                                                                  
 
                                                                  
-
                                                                  Notes and Constraints
                                                                  • When using this add-on, do not format or partition node disks.
                                                                  • Each npd process occupies 30 mCPU and 100 MB memory.
                                                                  
+
                                                                  Constraints
                                                                  • When using this add-on, do not format or partition node disks.
                                                                  • Each npd process occupies 30 m CPU and 100 MB memory.
                                                                  
 
                                                                  
-
                                                                  Permission Description
                                                                  To monitor kernel logs, the npd add-on needs to read the host /dev/kmsg. Therefore, the privileged mode must be enabled. For details, see privileged.
                                                                  
-
                                                                  In addition, CCE mitigates risks according to the least privilege principle. Only the following privileges are available for npd running:
                                                                  
-
                                                                  • cap_dac_read_search: permission to access /run/log/journal.
                                                                  • cap_sys_admin: permission to access /dev/kmsg.
                                                                  
+
                                                                  Permissions
                                                                  To monitor kernel logs, the npd add-on needs to read the host /dev/kmsg. Therefore, the privileged mode must be enabled. For details, see privileged.
                                                                  
+
                                                                  In addition, CCE mitigates risks according to the least privilege principle. Only the following privileges are available for npd running:
                                                                  
+
                                                                  • cap_dac_read_search: permission to access /run/log/journal.
                                                                  • cap_sys_admin: permission to access /dev/kmsg.
                                                                  
 
                                                                  
-
                                                                  Installing the Add-on
                                                                  1. Log in to the CCE console and access the cluster console. Choose Add-ons in the navigation pane, locate npd on the right, and click Install.
                                                                  2. On the Install Add-on page, select the add-on specifications and set related parameters.
                                                                    • Pods: Set the number of pods based on service requirements.
                                                                    • Containers: Select a proper container quota based on service requirements.
                                                                    
-
                                                                  3. Set the npd parameters and click Install.
                                                                    The parameters are configurable only in 1.16.0 and later versions. For details, see Table 7.
                                                                    
-
                                                                  
+
                                                                  Installing the Add-on
                                                                  1. Log in to the CCE console and access the cluster console. Choose Add-ons in the navigation pane, locate npd on the right, and click Install.
                                                                  2. On the Install Add-on page, configure the specifications.
                                                                    
+
                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                    Table 1 Add-on configuration
                                                                    Parameter
                                                                    
+
                                                                    Description
                                                                    
+
                                                                    Add-on Specifications
                                                                    
+
                                                                    The specifications can be Custom.
                                                                    
+
                                                                    Pods
                                                                    
+
                                                                    If you select Custom, you can adjust the number of pods as required.
                                                                    
+
                                                                    Containers
                                                                    
+
                                                                    If you select Custom, you can adjust the container specifications as required.
                                                                    
+
                                                                    
 
                                                                    
-
                                                                    npd Check Items
                                                                     
                                                                    Check items are supported only in 1.16.0 and later versions.
                                                                    
+
                                                                  3. Configure the add-on parameters.
                                                                    Only v1.16.0 and later versions support the configurations.
                                                                    
+
+
                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                    Table 2 Add-on parameters
                                                                    Parameter
                                                                    
+
                                                                    Description
                                                                    
+
                                                                    common.image.pullPolicy
                                                                    
+
                                                                    An image pulling policy. The default value is IfNotPresent.
                                                                    
+
                                                                    feature_gates
                                                                    
+
                                                                    A feature gate
                                                                    
+
                                                                    npc.maxTaintedNode
                                                                    
+
                                                                    The maximum number of nodes that npc can add taints to when a single fault occurs on multiple nodes for minimizing impact
                                                                    
+
                                                                    The value can be in int or percentage format.
                                                                    
+
                                                                    npc.nodeAffinity
                                                                    
+
                                                                    Node affinity of the controller
                                                                    
+
                                                                    
+
                                                                    
+
                                                                     
                                                                    Only some parameters are listed here. For more information, see the details of the open-source project node-problem-detector.
                                                                    
 
                                                                    
-
                                                                    Check items cover events and statuses.
                                                                    
-
                                                                    • Event-related
                                                                      For event-related check items, when a problem occurs, npd reports an event to the API server. The event type can be Normal (normal event) or Warning (abnormal event).
                                                                      
-
-
                                                                      Table 1 Event-related check items
                                                                      Check Item
                                                                      
+
                                                                    • Click Install.
                                                                      • 
+
+
                                                                      Components
                                                                      
+
                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
                                                                      Table 3 npd components
                                                                      Container Component
                                                                      
 
                                                                      Function
                                                                      
+
                                                                      Description
                                                                      
 
                                                                      Description
                                                                      
+
                                                                      Resource Type
                                                                      
                                                                       		
 
                                                                      
 
                                                                      OOMKilling
                                                                      
+
                                                                      node-problem-controller
                                                                      
 
                                                                      Listen to the kernel logs and check whether OOM events occur and are reported.
                                                                      
-
                                                                      Typical scenario: When the memory usage of a process in a container exceeds the limit, OOM is triggered and the process is terminated.
                                                                      
+
                                                                      Isolate faults basically based on fault detection results.
                                                                      
 
                                                                      Warning event
                                                                      
-
                                                                      Listening object: /dev/kmsg
                                                                      
-
                                                                      Matching rule: "Killed process \\d+ (.+) total-vm:\\d+kB, anon-rss:\\d+kB, file-rss:\\d+kB.*"
                                                                      
+
                                                                      Deployment
                                                                      
                                                                       		
 
                                                                      TaskHung
                                                                      
+
                                                                      node-problem-detector
                                                                      
 
                                                                      Listen to the kernel logs and check whether taskHung events occur and are reported.
                                                                      
-
                                                                      Typical scenario: Disk I/O suspension causes process suspension.
                                                                      
+
                                                                      Detect node faults.
                                                                      
 
                                                                      Warning event
                                                                      
-
                                                                      Listening object: /dev/kmsg
                                                                      
-
                                                                      Matching rule: "task \\S+:\\w+ blocked for more than \\w+ seconds\\."
                                                                      
-
                                                                      ReadonlyFilesystem
                                                                      
-
                                                                      Check whether the Remount root filesystem read-only error occurs in the system kernel by listening to the kernel logs.
                                                                      
-
                                                                      Typical scenario: A user detaches a data disk from a node by mistake on the ECS, and applications continuously write data to the mount point of the data disk. As a result, an I/O error occurs in the kernel and the disk is remounted as a read-only disk.
                                                                      
-
                                                                      Warning event
                                                                      
-
                                                                      Listening object: /dev/kmsg
                                                                      
-
                                                                      Matching rule: Remounting filesystem read-only
                                                                      
+
                                                                      DaemonSet
                                                                      
                                                                       		
 
                                                                      
                                                                       
 
                                                                      
 
                                                                      
-
                                                                    • Status-related
                                                                      For status-related check items, when a problem occurs, npd reports an event to the API server and changes the node status synchronously. This function can be used together with Node-problem-controller fault isolation to isolate nodes.
                                                                      
-
                                                                      If the check period is not specified in the following check items, the default period is 30 seconds.
                                                                      
+
                                                                      • 
+
                                                                      npd Check Items
                                                                       
                                                                      Check items are supported only in 1.16.0 and later versions.
                                                                      
+
                                                                      
+
                                                                      Check items cover events and statuses.
                                                                      
+
                                                                      • Event-related
                                                                        For event-related check items, when a problem occurs, npd reports an event to the API server. The event type can be Normal (normal event) or Warning (abnormal event).
                                                                        
 
-
                                                                        Table 2 Checking system components
                                                                        Check Item
                                                                        
+
                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
+
                                                                        Table 4 Event-related check items
                                                                        Check Item
                                                                        
 
                                                                        Function
                                                                        
+
                                                                        Function
                                                                        
 
                                                                        Description
                                                                        
+
                                                                        Description
                                                                        
                                                                         		
 
                                                                        
 
                                                                        Container network component error
                                                                        
-
                                                                        CNIProblem
                                                                        
+
                                                                        OOMKilling
                                                                        
 
                                                                        Check the status of the CNI components (container network components).
                                                                        
+
                                                                        Listen to the kernel logs and check whether OOM events occur and are reported.
                                                                        
+
                                                                        Typical scenario: When the memory usage of a process in a container exceeds the limit, OOM is triggered and the process is terminated.
                                                                        
 
                                                                        None
                                                                        
+
                                                                        Warning event
                                                                        
+
                                                                        Listening object: /dev/kmsg
                                                                        
+
                                                                        Matching rule: "Killed process \\d+ (.+) total-vm:\\d+kB, anon-rss:\\d+kB, file-rss:\\d+kB.*"
                                                                        
                                                                         		
 
                                                                        Container runtime component error
                                                                        
-
                                                                        CRIProblem
                                                                        
+
                                                                        TaskHung
                                                                        
 
                                                                        Check the status of Docker and containerd of the CRI components (container runtime components).
                                                                        
+
                                                                        Listen to the kernel logs and check whether taskHung events occur and are reported.
                                                                        
+
                                                                        Typical scenario: Disk I/O suspension causes process suspension.
                                                                        
 
                                                                        Check object: Docker or containerd
                                                                        
+
                                                                        Warning event
                                                                        
+
                                                                        Listening object: /dev/kmsg
                                                                        
+
                                                                        Matching rule: "task \\S+:\\w+ blocked for more than \\w+ seconds\\."
                                                                        
                                                                         		
 
                                                                        Frequent restarts of Kubelet
                                                                        
-
                                                                        FrequentKubeletRestart
                                                                        
+
                                                                        ReadonlyFilesystem
                                                                        
 
                                                                        Periodically backtrack system logs to check whether the key component Kubelet restarts frequently.
                                                                        
+
                                                                        Check whether the Remount root filesystem read-only error occurs in the system kernel by listening to the kernel logs.
                                                                        
+
                                                                        Typical scenario: A user detaches a data disk from a node by mistake on the ECS, and applications continuously write data to the mount point of the data disk. As a result, an I/O error occurs in the kernel and the disk is remounted as a read-only disk.
                                                                        
 
                                                                        • Default threshold: 10 restarts within 10 minutes
                                                                          If Kubelet restarts for 10 times within 10 minutes, it indicates that the system restarts frequently and a fault alarm is generated.
                                                                          
-
                                                                        • Listening object: logs in the /run/log/journal directory
                                                                        
+
                                                                        Warning event
                                                                        
+
                                                                        Listening object: /dev/kmsg
                                                                        
+
                                                                        Matching rule: Remounting filesystem read-only
                                                                        
                                                                         		
 
                                                                        Frequent restarts of Docker
                                                                        
-
                                                                        FrequentDockerRestart
                                                                        
+
                                                                        
+
                                                                        
+
                                                                      • Status-related
                                                                        For status-related check items, when a problem occurs, npd reports an event to the API server and changes the node status synchronously. This function can be used together with Node-problem-controller fault isolation to isolate nodes.
                                                                        
+
                                                                        If the check period is not specified in the following check items, the default period is 30 seconds.
                                                                        
+
+
                                                                        
+
+
+
+
+
-
+
-
-
+
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
                                                                        Table 5 Checking system components
                                                                        Check Item
                                                                        
+
                                                                        Function
                                                                        
+
                                                                        Description
                                                                        
+
                                                                        Container network component error
                                                                        
+
                                                                        CNIProblem
                                                                        
 
                                                                        Periodically backtrack system logs to check whether the container runtime Docker restarts frequently.
                                                                        
+
                                                                        Check the status of the CNI components (container network components).
                                                                        
+
                                                                        None
                                                                        
                                                                         		
 
                                                                        Frequent restarts of containerd
                                                                        
-
                                                                        FrequentContainerdRestart
                                                                        
+
                                                                        Container runtime component error
                                                                        
+
                                                                        CRIProblem
                                                                        
 
                                                                        Periodically backtrack system logs to check whether the container runtime containerd restarts frequently.
                                                                        
+
                                                                        Check the status of Docker and containerd of the CRI components (container runtime components).
                                                                        
+
                                                                        Check object: Docker or containerd
                                                                        
                                                                         		
 
                                                                        kubelet error
                                                                        
-
                                                                        KubeletProblem
                                                                        
+
                                                                        Frequent restarts of Kubelet
                                                                        
+
                                                                        FrequentKubeletRestart
                                                                        
 
                                                                        Check the status of the key component Kubelet.
                                                                        
+
                                                                        Periodically backtrack system logs to check whether the key component Kubelet restarts frequently.
                                                                        
 
                                                                        None
                                                                        
+
                                                                        • Default threshold: 10 restarts within 10 minutes
                                                                          If Kubelet restarts for 10 times within 10 minutes, it indicates that the system restarts frequently and a fault alarm is generated.
                                                                          
+
                                                                        • Listening object: logs in the /run/log/journal directory
                                                                        
                                                                         		
 
                                                                        kube-proxy error
                                                                        
-
                                                                        KubeProxyProblem
                                                                        
+
                                                                        Frequent restarts of Docker
                                                                        
+
                                                                        FrequentDockerRestart
                                                                        
 
                                                                        Check the status of the key component kube-proxy.
                                                                        
+
                                                                        Periodically backtrack system logs to check whether the container runtime Docker restarts frequently.
                                                                        
 
                                                                        None
                                                                        
+
                                                                        Frequent restarts of containerd
                                                                        
+
                                                                        FrequentContainerdRestart
                                                                        
+
                                                                        Periodically backtrack system logs to check whether the container runtime containerd restarts frequently.
                                                                        
+
                                                                        kubelet error
                                                                        
+
                                                                        KubeletProblem
                                                                        
+
                                                                        Check the status of the key component Kubelet.
                                                                        
+
                                                                        None
                                                                        
+
                                                                        kube-proxy error
                                                                        
+
                                                                        KubeProxyProblem
                                                                        
+
                                                                        Check the status of the key component kube-proxy.
                                                                        
+
                                                                        None
                                                                        
                                                                         		
 
                                                                        
                                                                         
 
                                                                        
 
                                                                        
 
-
                                                                        Table 3 Checking system metrics
                                                                        Check Item
                                                                        
+
                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                        Table 6 Checking system metrics
                                                                        Check Item
                                                                        
 
                                                                        Function
                                                                        
+
                                                                        Function
                                                                        
 
                                                                        Description
                                                                        
+
                                                                        Description
                                                                        
                                                                         		
 
                                                                        
 
                                                                        Conntrack table full
                                                                        
-
                                                                        ConntrackFullProblem
                                                                        
+
                                                                        Conntrack table full
                                                                        
+
                                                                        ConntrackFullProblem
                                                                        
 
                                                                        Check whether the conntrack table is full.
                                                                        
+
                                                                        Check whether the conntrack table is full.
                                                                        
 
                                                                        • Default threshold: 90%
                                                                        
-
                                                                        • Usage: nf_conntrack_count
                                                                        • Maximum value: nf_conntrack_max
                                                                        
+
                                                                        • Default threshold: 90%
                                                                        
+
                                                                        • Usage: nf_conntrack_count
                                                                        • Maximum value: nf_conntrack_max
                                                                        
                                                                         		
 
                                                                        Insufficient disk resources
                                                                        
-
                                                                        DiskProblem
                                                                        
+
                                                                        Insufficient disk resources
                                                                        
+
                                                                        DiskProblem
                                                                        
 
                                                                        Check the usage of the system disk and CCE data disks (including the CRI logical disk and kubelet logical disk) on the node.
                                                                        
+
                                                                        Check the usage of the system disk and CCE data disks (including the CRI logical disk and kubelet logical disk) on the node.
                                                                        
 
                                                                        • Default threshold: 90%
                                                                        • Source:
                                                                          df -h
                                                                          
+
                                                                        • Default threshold: 90%
                                                                        • Source:
                                                                          df -h
                                                                          
 
                                                                        
-
                                                                        Currently, additional data disks are not supported.
                                                                        
+
                                                                        Currently, additional data disks are not supported.
                                                                        
                                                                         		
 
                                                                        Insufficient file handles
                                                                        
-
                                                                        FDProblem
                                                                        
+
                                                                        Insufficient file handles
                                                                        
+
                                                                        FDProblem
                                                                        
 
                                                                        Check whether FD file handles are used up.
                                                                        
+
                                                                        Check if the FD file handles are used up.
                                                                        
 
                                                                        • Default threshold: 90%
                                                                        • Usage: the first value in /proc/sys/fs/file-nr
                                                                        • Maximum value: the third value in /proc/sys/fs/file-nr
                                                                        
+
                                                                        • Default threshold: 90%
                                                                        • Usage: the first value in /proc/sys/fs/file-nr
                                                                        • Maximum value: the third value in /proc/sys/fs/file-nr
                                                                        
                                                                         		
 
                                                                        Insufficient node memory
                                                                        
-
                                                                        MemoryProblem
                                                                        
+
                                                                        Insufficient node memory
                                                                        
+
                                                                        MemoryProblem
                                                                        
 
                                                                        Check whether memory is used up.
                                                                        
+
                                                                        Check whether memory is used up.
                                                                        
 
                                                                        • Default threshold: 80%
                                                                        • Usage: MemTotal-MemAvailable in /proc/meminfo
                                                                        • Maximum value: MemTotal in /proc/meminfo
                                                                        
+
                                                                        • Default threshold: 80%
                                                                        • Usage: MemTotal-MemAvailable in /proc/meminfo
                                                                        • Maximum value: MemTotal in /proc/meminfo
                                                                        
                                                                         		
 
                                                                        Insufficient process resources
                                                                        
-
                                                                        PIDProblem
                                                                        
+
                                                                        Insufficient process resources
                                                                        
+
                                                                        PIDProblem
                                                                        
 
                                                                        Check whether PID process resources are exhausted.
                                                                        
+
                                                                        Check whether PID process resources are exhausted.
                                                                        
 
                                                                        • Default threshold: 90%
                                                                        • Usage: nr_threads in /proc/loadavg
                                                                        • Maximum value: smaller value between /proc/sys/kernel/pid_max and /proc/sys/kernel/threads-max.
                                                                        
+
                                                                        • Default threshold: 90%
                                                                        • Usage: nr_threads in /proc/loadavg
                                                                        • Maximum value: smaller value between /proc/sys/kernel/pid_max and /proc/sys/kernel/threads-max.
                                                                        
                                                                         		
 
                                                                        
                                                                         
 
                                                                        
 
                                                                        
 
-
                                                                        Table 4 Checking the storage
                                                                        Check Item
                                                                        
+
                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -278,96 +362,96 @@
 
                                                                        Table 7 Checking the storage
                                                                        Check Item
                                                                        
 
                                                                        Function
                                                                        
+
                                                                        Function
                                                                        
 
                                                                        Description
                                                                        
+
                                                                        Description
                                                                        
                                                                         		
 
                                                                        
 
                                                                        Disk read-only
                                                                        
-
                                                                        DiskReadonly
                                                                        
+
                                                                        Disk read-only
                                                                        
+
                                                                        DiskReadonly
                                                                        
 
                                                                        Periodically perform read and write tests on the system disk and CCE data disks (including the CRI logical disk and Kubelet logical disk) of the node to check the availability of key disks.
                                                                        
+
                                                                        Periodically perform write tests on the system disk and CCE data disks (including the CRI logical disk and Kubelet logical disk) of the node to check the availability of key disks.
                                                                        
 
                                                                        Detection paths:
                                                                        
-
                                                                        • /mnt/paas/kubernetes/kubelet/
                                                                        • /var/lib/docker/
                                                                        • /var/lib/containerd/
                                                                        • /var/paas/sys/log/cceaddon-npd/
                                                                        
-
                                                                        The temporary file npd-disk-write-ping is generated in the detection path.
                                                                        
-
                                                                        Currently, additional data disks are not supported.
                                                                        
+
                                                                        Detection paths:
                                                                        
+
                                                                        • /mnt/paas/kubernetes/kubelet/
                                                                        • /var/lib/docker/
                                                                        • /var/lib/containerd/
                                                                        • /var/paas/sys/log/cceaddon-npd/
                                                                        
+
                                                                        The temporary file npd-disk-write-ping is generated in the detection path.
                                                                        
+
                                                                        Currently, additional data disks are not supported.
                                                                        
                                                                         		
 
                                                                        Insufficient disk resources
                                                                        
-
                                                                        DiskProblem
                                                                        
+
                                                                        Insufficient disk resources
                                                                        
+
                                                                        DiskProblem
                                                                        
 
                                                                        Check the usage of the system disk and CCE data disks (including the CRI logical disk and kubelet logical disk) on the node.
                                                                        
-
                                                                        
+
                                                                        Check the usage of the system disk and CCE data disks (including the CRI logical disk and kubelet logical disk) on the node.
                                                                        
+
                                                                        
 
                                                                        • Default threshold: 90%
                                                                        • Source:
                                                                          df -h
                                                                          
+
                                                                        • Default threshold: 90%
                                                                        • Source:
                                                                          df -h
                                                                          
 
                                                                        
-
                                                                        Currently, additional data disks are not supported.
                                                                        
+
                                                                        Currently, additional data disks are not supported.
                                                                        
                                                                         		
 
                                                                        emptyDir storage pool error
                                                                        
-
                                                                        EmptyDirVolumeGroupStatusError
                                                                        
+
                                                                        emptyDir storage pool error
                                                                        
+
                                                                        EmptyDirVolumeGroupStatusError
                                                                        
 
                                                                        Check whether the ephemeral volume group on the node is normal.
                                                                        
-
                                                                        Impact: The pod that depends on the storage pool cannot write data to the temporary volume. The temporary volume is remounted as a read-only file system by the kernel due to an I/O error.
                                                                        
-
                                                                        Typical scenario: When creating a node, a user configures two data disks as a temporary volume storage pool. The user deletes some data disks by mistake. As a result, the storage pool becomes abnormal.
                                                                        
+
                                                                        Check whether the ephemeral volume group on the node is normal.
                                                                        
+
                                                                        Impact: The pod that depends on the storage pool cannot write data to the temporary volume. The temporary volume is remounted as a read-only file system by the kernel due to an I/O error.
                                                                        
+
                                                                        Typical scenario: When creating a node, a user configures two data disks as a temporary volume storage pool. The user deletes some data disks by mistake. As a result, the storage pool becomes abnormal.
                                                                        
 
                                                                        • Detection period: 30s
                                                                        • Source:
                                                                          vgs -o vg_name, vg_attr
                                                                          
-
                                                                        • Principle: Check whether the VG (storage pool) is in the P state. If yes, some PVs (data disks) are lost.
                                                                        • Joint scheduling: The scheduler can automatically identify a PV storage pool error and prevent pods that depend on the storage pool from being scheduled to the node.
                                                                        • Exceptional scenario: The npd add-on cannot detect the loss of all PVs (data disks), resulting in the loss of VGs (storage pools). In this case, kubelet automatically isolates the node, detects the loss of VGs (storage pools), and updates the corresponding resources in nodestatus.allocatable to 0. This prevents pods that depend on the storage pool from being scheduled to the node. The damage of a single PV cannot be detected by this check item, but by the ReadonlyFilesystem check item.
                                                                        
+
                                                                        • Detection period: 30s
                                                                        • Source:
                                                                          vgs -o vg_name, vg_attr
                                                                          
+
                                                                        • Principle: Check whether the VG (storage pool) is in the P state. If yes, some PVs (data disks) are lost.
                                                                        • Joint scheduling: The scheduler can automatically identify a PV storage pool error and prevent pods that depend on the storage pool from being scheduled to the node.
                                                                        • Exceptional scenario: The npd add-on cannot detect the loss of all PVs (data disks), resulting in the loss of VGs (storage pools). In this case, kubelet automatically isolates the node, detects the loss of VGs (storage pools), and updates the corresponding resources in nodestatus.allocatable to 0. This prevents pods that depend on the storage pool from being scheduled to the node. The damage of a single PV cannot be detected by this check item, but by the ReadonlyFilesystem check item.
                                                                        
                                                                         		
 
                                                                        PV storage pool error
                                                                        
-
                                                                        LocalPvVolumeGroupStatusError
                                                                        
+
                                                                        PV storage pool error
                                                                        
+
                                                                        LocalPvVolumeGroupStatusError
                                                                        
 
                                                                        Check the PV group on the node.
                                                                        
-
                                                                        Impact: Pods that depend on the storage pool cannot write data to the persistent volume. The persistent volume is remounted as a read-only file system by the kernel due to an I/O error.
                                                                        
-
                                                                        Typical scenario: When creating a node, a user configures two data disks as a persistent volume storage pool. Some data disks are deleted by mistake.
                                                                        
+
                                                                        Check the PV group on the node.
                                                                        
+
                                                                        Impact: Pods that depend on the storage pool cannot write data to the persistent volume. The persistent volume is remounted as a read-only file system by the kernel due to an I/O error.
                                                                        
+
                                                                        Typical scenario: When creating a node, a user configures two data disks as a persistent volume storage pool. Some data disks are deleted by mistake.
                                                                        
                                                                         		
 
                                                                        Mount point error
                                                                        
-
                                                                        MountPointProblem
                                                                        
+
                                                                        Mount point error
                                                                        
+
                                                                        MountPointProblem
                                                                        
 
                                                                        Check the mount point on the node.
                                                                        
-
                                                                        Exceptional definition: You cannot access the mount point by running the cd command.
                                                                        
-
                                                                        Typical scenario: Network File System (NFS), for example, obsfs and s3fs is mounted to a node. When the connection is abnormal due to network or peer NFS server exceptions, all processes that access the mount point are suspended. For example, during a cluster upgrade, a kubelet is restarted, and all mount points are scanned. If the abnormal mount point is detected, the upgrade fails.
                                                                        
+
                                                                        Check the mount point on the node.
                                                                        
+
                                                                        Exceptional definition: You cannot access the mount point by running the cd command.
                                                                        
+
                                                                        Typical scenario: Network File System (NFS), for example, obsfs and s3fs is mounted to a node. When the connection is abnormal due to network or peer NFS server exceptions, all processes that access the mount point are suspended. For example, during a cluster upgrade, a kubelet is restarted, and all mount points are scanned. If the abnormal mount point is detected, the upgrade fails.
                                                                        
 
                                                                        Alternatively, you can run the following command:
                                                                        
-
                                                                        for dir in `df -h | grep -v "Mounted on" | awk "{print \\$NF}"`;do cd $dir; done && echo "ok"
                                                                        
+
                                                                        Alternatively, you can run the following command:
                                                                        
+
                                                                        for dir in `df -h | grep -v "Mounted on" | awk "{print \\$NF}"`;do cd $dir; done && echo "ok"
                                                                        
                                                                         		
 
                                                                        Suspended disk I/O
                                                                        
-
                                                                        DiskHung
                                                                        
+
                                                                        Suspended disk I/O
                                                                        
+
                                                                        DiskHung
                                                                        
 
                                                                        Check whether I/O suspension occurs on all disks on the node, that is, whether I/O read and write operations are not responded.
                                                                        
-
                                                                        Definition of I/O suspension: The system does not respond to disk I/O requests, and some processes are in the D state.
                                                                        
-
                                                                        Typical scenario: Disks cannot respond due to abnormal OS hard disk drivers or severe faults on the underlying network.
                                                                        
+
                                                                        Check whether I/O suspension occurs on all disks on the node, that is, whether I/O read and write operations are not responded.
                                                                        
+
                                                                        Definition of I/O suspension: The system does not respond to disk I/O requests, and some processes are in the D state.
                                                                        
+
                                                                        Typical scenario: Disks cannot respond due to abnormal OS hard disk drivers or severe faults on the underlying network.
                                                                        
 
                                                                        • Check object: all data disks
                                                                        • Source:
                                                                          /proc/diskstat
                                                                          
-
                                                                          Alternatively, you can run the following command:
                                                                          iostat -xmt 1
                                                                          
+
                                                                        • Check object: all data disks
                                                                        • Source:
                                                                          /proc/diskstat
                                                                          
+
                                                                          Alternatively, you can run the following command:
                                                                          iostat -xmt 1
                                                                          
 
                                                                          
-
                                                                        • Threshold:
                                                                          • Average usage: ioutil >= 0.99
                                                                          • Average I/O queue length: avgqu-sz >= 1
                                                                          • Average I/O transfer volume: iops (w/s) + ioth (wMB/s) <= 1
                                                                          
-
                                                                           NOTE: 
                                                                          In some OSs, no data changes during I/O. In this case, calculate the CPU I/O time usage. The value of iowait should be greater than 0.8.
                                                                          
+
                                                                        • Threshold:
                                                                          • Average usage: ioutil >= 0.99
                                                                          • Average I/O queue length: avgqu-sz >= 1
                                                                          • Average I/O transfer volume: iops (w/s) + ioth (wMB/s) <= 1
                                                                          
+
                                                                           NOTE: 
                                                                          In some OSs, no data changes during I/O. In this case, calculate the CPU I/O time usage. The value of iowait should be greater than 0.8.
                                                                          
 
                                                                          
 
                                                                        
                                                                         		
 
                                                                        Slow disk I/O
                                                                        
-
                                                                        DiskSlow
                                                                        
+
                                                                        Slow disk I/O
                                                                        
+
                                                                        DiskSlow
                                                                        
 
                                                                        Check whether all disks on the node have slow I/Os, that is, whether I/Os respond slowly.
                                                                        
-
                                                                        Typical scenario: EVS disks have slow I/Os due to network fluctuation.
                                                                        
+
                                                                        Check whether all disks on the node have slow I/Os, that is, whether I/Os respond slowly.
                                                                        
+
                                                                        Typical scenario: EVS disks have slow I/Os due to network fluctuation.
                                                                        
 
                                                                        • Check object: all data disks
                                                                        • Source:
                                                                          /proc/diskstat
                                                                          
-
                                                                          Alternatively, you can run the following command:
                                                                          iostat -xmt 1
                                                                          
+
                                                                        • Check object: all data disks
                                                                        • Source:
                                                                          /proc/diskstat
                                                                          
+
                                                                          Alternatively, you can run the following command:
                                                                          iostat -xmt 1
                                                                          
 
                                                                          
-
                                                                        • Default threshold:
                                                                          Average I/O latency: await >= 5000 ms
                                                                          
+
                                                                        • Default threshold:
                                                                          Average I/O latency: await >= 5000 ms
                                                                          
 
                                                                        
-
                                                                         NOTE: 
                                                                        If I/O requests are not responded and the await data is not updated, this check item is invalid.
                                                                        
+
                                                                         NOTE: 
                                                                        If I/O requests are not responded and the await data is not updated, this check item is invalid.
                                                                        
 
                                                                        
 
                                                                        		
 
                                                                        
 
                                                                        
 
-
                                                                        Table 5 Other check items
                                                                        Check Item
                                                                        
+
                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                        Table 8 Other check items
                                                                        Check Item
                                                                        
 
                                                                        Function
                                                                        
+
                                                                        Function
                                                                        
 
                                                                        Description
                                                                        
+
                                                                        Description
                                                                        
                                                                         		
 
                                                                        
 
                                                                        Abnormal NTP
                                                                        
-
                                                                        NTPProblem
                                                                        
+
                                                                        Abnormal NTP
                                                                        
+
                                                                        NTPProblem
                                                                        
 
                                                                        Check whether the node clock synchronization service ntpd or chronyd is running properly and whether a system time drift is caused.
                                                                        
+
                                                                        Check whether the node clock synchronization service ntpd or chronyd is running properly and whether a system time drift is caused.
                                                                        
 
                                                                        Default clock offset threshold: 8000 ms
                                                                        
+
                                                                        Default clock offset threshold: 8000 ms
                                                                        
                                                                         		
 
                                                                        Process D error
                                                                        
-
                                                                        ProcessD
                                                                        
+
                                                                        Process D error
                                                                        
+
                                                                        ProcessD
                                                                        
 
                                                                        Check whether there is a process D on the node.
                                                                        
+
                                                                        Check whether there is a process D on the node.
                                                                        
 
                                                                        Default threshold: 10 abnormal processes detected for three consecutive times
                                                                        
-
                                                                        Source:
                                                                        
-
                                                                        • /proc/{PID}/stat
                                                                        • Alternately, you can run the ps aux command.
                                                                        
-
                                                                        Exceptional scenario: ProcessD ignores the resident D processes (heartbeat and update) on which the SDI driver on the BMS node depends.
                                                                        
-
                                                                        
+
                                                                        Default threshold: 10 abnormal processes detected for three consecutive times
                                                                        
+
                                                                        Source:
                                                                        
+
                                                                        • /proc/{PID}/stat
                                                                        • Alternately, you can run the ps aux command.
                                                                        
+
                                                                        Exceptional scenario: The ProcessD check item ignores the resident D processes (heartbeat and update) on which the SDI driver on the BMS node depends.
                                                                        
+
                                                                        
                                                                         		
 
                                                                        Process Z error
                                                                        
-
                                                                        ProcessZ
                                                                        
+
                                                                        Process Z error
                                                                        
+
                                                                        ProcessZ
                                                                        
 
                                                                        Check whether the node has processes in Z state.
                                                                        
+
                                                                        Check whether the node has processes in Z state.
                                                                        
                                                                         		
 
                                                                        ResolvConf error
                                                                        
-
                                                                        ResolvConfFileProblem
                                                                        
+
                                                                        ResolvConf error
                                                                        
+
                                                                        ResolvConfFileProblem
                                                                        
 
                                                                        Check whether the ResolvConf file is lost.
                                                                        
-
                                                                        Check whether the ResolvConf file is normal.
                                                                        
-
                                                                        Exceptional definition: No upstream domain name resolution server (nameserver) is included.
                                                                        
+
                                                                        Check whether the ResolvConf file is lost.
                                                                        
+
                                                                        Check whether the ResolvConf file is normal.
                                                                        
+
                                                                        Exceptional definition: No upstream domain name resolution server (nameserver) is included.
                                                                        
 
                                                                        Object: /etc/resolv.conf
                                                                        
+
                                                                        Object: /etc/resolv.conf
                                                                        
                                                                         		
 
                                                                        Existing scheduled event
                                                                        
-
                                                                        ScheduledEvent
                                                                        
+
                                                                        Existing scheduled event
                                                                        
+
                                                                        ScheduledEvent
                                                                        
 
                                                                        Check whether scheduled live migration events exist on the node. A live migration plan event is usually triggered by a hardware fault and is an automatic fault rectification method at the IaaS layer.
                                                                        
-
                                                                        Typical scenario: The host is faulty. For example, the fan is damaged or the disk has bad sectors. As a result, live migration is triggered for VMs.
                                                                        
+
                                                                        Check whether scheduled live migration events exist on the node. A live migration plan event is usually triggered by a hardware fault and is an automatic fault rectification method at the IaaS layer.
                                                                        
+
                                                                        Typical scenario: The host is faulty. For example, the fan is damaged or the disk has bad sectors. As a result, live migration is triggered for VMs.
                                                                        
 
                                                                        Source:
                                                                        
-
                                                                        • http://169.254.169.254/meta-data/latest/events/scheduled
                                                                        
-
                                                                        This check item is an Alpha feature and is disabled by default.
                                                                        
+
                                                                        Source:
                                                                        
+
                                                                        • http://169.254.169.254/meta-data/latest/events/scheduled
                                                                        
+
                                                                        This check item is an Alpha feature and is disabled by default.
                                                                        
                                                                         		
 
                                                                        
                                                                         
 
                                                                        
 
                                                                        
-
                                                                        The kubelet component has the following default check items, which have bugs or defects. You can fix them by upgrading the cluster or using npd.
                                                                        
+
                                                                        The kubelet component has the following default check items, which have bugs or defects. You can fix them by upgrading the cluster or using npd.
                                                                        
 
-
                                                                        Table 6 Default kubelet check items
                                                                        Check Item
                                                                        
+
                                                                        
-
-
-
-
-
-
-
-
-
-
-
@@ -375,53 +459,53 @@
 
-
                                                                        Node-problem-controller Fault Isolation
                                                                         
                                                                        Fault isolation is supported only by add-ons of 1.16.0 and later versions.
                                                                        
-
                                                                        By default, if multiple nodes become faulty, NPC adds taints to up to 10% of the nodes. You can set npc.maxTaintedNode to increase the threshold.
                                                                        
+
                                                                        Node-problem-controller Fault Isolation
                                                                         
                                                                        Fault isolation is supported only by add-ons of 1.16.0 and later versions.
                                                                        
+
                                                                        By default, if multiple nodes become faulty, NPC adds taints to up to 10% of the nodes. You can set npc.maxTaintedNode to increase the threshold.
                                                                        
 
                                                                        
-
                                                                        The open source NPD plug-in provides fault detection but not fault isolation. CCE enhances the node-problem-controller (NPC) based on the open source NPD. This component is implemented based on the Kubernetes node controller. For faults reported by NPD, NPC automatically adds taints to nodes for node fault isolation.
                                                                        
+
                                                                        The open source NPD plug-in provides fault detection but not fault isolation. CCE enhances the node-problem-controller (NPC) based on the open source NPD. This component is implemented based on the Kubernetes node controller. For faults reported by NPD, NPC automatically adds taints to nodes for node fault isolation.
                                                                        
 
-
                                                                        Table 9 Default kubelet check items
                                                                        Check Item
                                                                        
 
                                                                        Function
                                                                        
+
                                                                        Function
                                                                        
 
                                                                        Description
                                                                        
+
                                                                        Description
                                                                        
                                                                         		
 
                                                                        
 
                                                                        Insufficient PID resources
                                                                        
-
                                                                        PIDPressure
                                                                        
+
                                                                        Insufficient PID resources
                                                                        
+
                                                                        PIDPressure
                                                                        
 
                                                                        Check whether PIDs are sufficient.
                                                                        
+
                                                                        Check whether PIDs are sufficient.
                                                                        
 
                                                                        • Interval: 10 seconds
                                                                        • Threshold: 90%
                                                                        • Defect: In community version 1.23.1 and earlier versions, this check item becomes invalid when over 65535 PIDs are used. For details, see issue 107107. In community version 1.24 and earlier versions, thread-max is not considered in this check item.
                                                                        
+
                                                                        • Interval: 10 seconds
                                                                        • Threshold: 90%
                                                                        • Defect: In community version 1.23.1 and earlier versions, this check item becomes invalid when over 65535 PIDs are used. For details, see issue 107107. In community version 1.24 and earlier versions, thread-max is not considered in this check item.
                                                                        
                                                                         		
 
                                                                        Insufficient memory
                                                                        
-
                                                                        MemoryPressure
                                                                        
+
                                                                        Insufficient memory
                                                                        
+
                                                                        MemoryPressure
                                                                        
 
                                                                        Check whether the allocable memory for the containers is sufficient.
                                                                        
+
                                                                        Check whether the allocable memory for the containers is sufficient.
                                                                        
 
                                                                        • Interval: 10 seconds
                                                                        • Threshold: max. 100 MiB
                                                                        • Allocable = Total memory of a node – Reserved memory of a node
                                                                        • Defect: This check item checks only the memory consumed by containers, and does not consider that consumed by other elements on the node.
                                                                        
+
                                                                        • Interval: 10 seconds
                                                                        • Threshold: max. 100 MiB
                                                                        • Allocable = Total memory of a node – Reserved memory of a node
                                                                        • Defect: This check item checks only the memory consumed by containers, and does not consider that consumed by other elements on the node.
                                                                        
                                                                         		
 
                                                                        Insufficient disk resources
                                                                        
-
                                                                        DiskPressure
                                                                        
+
                                                                        Insufficient disk resources
                                                                        
+
                                                                        DiskPressure
                                                                        
 
                                                                        Check the disk usage and inodes usage of the kubelet and Docker disks.
                                                                        
+
                                                                        Check the disk usage and inodes usage of the kubelet and Docker disks.
                                                                        
 
                                                                        • Interval: 10 seconds
                                                                        • Threshold: 90%
                                                                        
+
                                                                        • Interval: 10 seconds
                                                                        • Threshold: 90%
                                                                        
                                                                         		
 
                                                                        
                                                                         
 
 
                                                                        
@@ -46,7 +46,7 @@
 
                                                                        Table 7 Parameters
                                                                        Parameter
                                                                        
+
                                                                        
-
-
-
-
-
-
-
-
-
-
-
                                                                        Table 10 Parameters
                                                                        Parameter
                                                                        
 
                                                                        Description
                                                                        
+
                                                                        Description
                                                                        
 
                                                                        Default
                                                                        
+
                                                                        Default
                                                                        
                                                                         		
 
                                                                        
 
                                                                        npc.enable
                                                                        
+
                                                                        npc.enable
                                                                        
 
                                                                        Whether to enable NPC
                                                                        
-
                                                                        NPC cannot be disabled in 1.18.0 or later versions.
                                                                        
+
                                                                        Whether to enable NPC
                                                                        
+
                                                                        This parameter is not supported in 1.18.0 or later versions.
                                                                        
 
                                                                        true
                                                                        
+
                                                                        true
                                                                        
                                                                         		
 
                                                                        npc. maxTaintedNode
                                                                        
+
                                                                        npc.maxTaintedNode
                                                                        
 
                                                                        Check how many nodes can npc add taints to for mitigating the impact when a single fault occurs on multiple nodes.
                                                                        
-
                                                                        The int format and percentage format are supported.
                                                                        
+
                                                                        Check how many nodes can npc add taints to for mitigating the impact when a single fault occurs on multiple nodes.
                                                                        
+
                                                                        The int format and percentage format are supported.
                                                                        
 
                                                                        10%
                                                                        
-
                                                                        Value range:
                                                                        
-
                                                                        • The value is in int format and ranges from 1 to infinity.
                                                                        • The value ranges from 1% to 100%, in percentage. The minimum value of this parameter multiplied by the number of cluster nodes is 1.
                                                                        
+
                                                                        10%
                                                                        
+
                                                                        Value range:
                                                                        
+
                                                                        • The value is in int format and ranges from 1 to infinity.
                                                                        • The value ranges from 1% to 100%, in percentage. The minimum value of this parameter multiplied by the number of cluster nodes is 1.
                                                                        
                                                                         		
 
                                                                        npc.affinity
                                                                        
+
                                                                        npc.nodeAffinity
                                                                        
 
                                                                        Node affinity of the controller
                                                                        
+
                                                                        Node affinity of the controller
                                                                        
 
                                                                        N/A
                                                                        
+
                                                                        N/A
                                                                        
                                                                         		
 
                                                                        
                                                                         
 
                                                                        
 
                                                                        
 
-
                                                                        Collecting Prometheus Metrics
                                                                        The NPD daemon pod exposes Prometheus metric data on port 19901. By default, the NPD pod is added with the annotation metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"prometheus","path":"/metrics","port":"19901","names":""}]'. You can build a Prometheus collector to identify and obtain NPD metrics from http://{{NpdPodIP}}:{{NpdPodPort}}/metrics.
                                                                        
-
                                                                         
                                                                        If the npd add-on version is earlier than 1.16.5, the exposed port of Prometheus metrics is 20257.
                                                                        
+
                                                                        Collecting Prometheus Metrics
                                                                        The NPD daemon pod exposes Prometheus metric data on port 19901. By default, the NPD pod is added with the annotation metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"prometheus","path":"/metrics","port":"19901","names":""}]'. You can build a Prometheus collector to identify and obtain NPD metrics from http://{{NpdPodIP}}:{{NpdPodPort}}/metrics.
                                                                        
+
                                                                         
                                                                        If the npd add-on version is earlier than 1.16.5, the exposed port of Prometheus metrics is 20257.
                                                                        
 
                                                                        
-
                                                                        Currently, the metric data includes problem_counter and problem_gauge, as shown below.
                                                                        
-
                                                                        # HELP problem_counter Number of times a specific type of problem have occurred.
+
                                                                        Currently, the metric data includes problem_counter and problem_gauge, as shown below.
                                                                        
+
                                                                        # HELP problem_counter Number of times a specific type of problem have occurred.
 # TYPE problem_counter counter
 problem_counter{reason="DockerHung"} 0
 problem_counter{reason="DockerStart"} 0
diff --git a/docs/cce/umn/cce_10_0139.html b/docs/cce/umn/cce_10_0139.html
deleted file mode 100644
index df93bcee0..000000000
--- a/docs/cce/umn/cce_10_0139.html
+++ /dev/null
@@ -1,186 +0,0 @@
-
-
-
                                                                        Common kubectl Commands
                                                                        
-
                                                                        Getting Started
                                                                        get
                                                                        
-
                                                                        The get command displays one or many resources of a cluster.
                                                                        
-
                                                                        This command prints a table of the most important information about all resources, including cluster nodes, running pods, Deployments, and Services.
                                                                        
-
                                                                         
                                                                        A cluster can have multiple namespaces. If no namespace is specified, this command will run with the --namespace=default flag.
                                                                        
-
                                                                        
-
                                                                        Examples:
                                                                        
-
                                                                        To list all pods with detailed information:
                                                                        
-
                                                                        kubectl get po -o wide
                                                                        
-
                                                                        To display pods in all namespaces:
                                                                        
-
                                                                        kubectl get po --all-namespaces
                                                                        
-
                                                                        To list labels of pods in all namespaces:
                                                                        
-
                                                                        kubectl get po --show-labels
                                                                        
-
                                                                        To list all namespaces of the node:
                                                                        
-
                                                                        kubectl get namespace
                                                                        
-
                                                                         
                                                                        To list information of other nodes, run this command with the -s flag. To list a specified type of resources, add the resource type to this command, for example, kubectl get svc, kubectl get nodes, and kubectl get deploy.
                                                                        
-
                                                                        
-
                                                                        To list a pod with a specified name in YAML output format:
                                                                        
-
                                                                        kubectl get po <podname> -o yaml
                                                                        
-
                                                                        To list a pod with a specified name in JSON output format:
                                                                        
-
                                                                        kubectl get po <podname> -o json
                                                                        
-
                                                                        kubectl get po rc-nginx-2-btv4j -o=custom-columns=LABELS:.metadata.labels.app
                                                                        
-
                                                                         
                                                                        LABELS indicates a comma separated list of user-defined column titles. metadata.labels.app indicates the data to be listed in either YAML or JSON output format.
                                                                        
-
                                                                        
-
                                                                        create
                                                                        
-
                                                                        The create command creates a cluster resource from a file or input.
                                                                        
-
                                                                        If there is already a resource descriptor (a YAML or JSON file), you can create the resource from the file by running the following command:
                                                                        
-
                                                                        kubectl create -f filename
                                                                        
-
                                                                        expose
                                                                        
-
                                                                        The expose command exposes a resource as a new Kubernetes service. Possible resources include a pod, Service, and Deployment.
                                                                        
-
                                                                        kubectl expose deployment deployname --port=81 --type=NodePort --target-port=80 --name=service-name
                                                                        
-
                                                                         
                                                                        In the preceding command, --port indicates the port exposed by the Service, --type indicates the Service type, and --target-port indicates the port of the pod backing the Service. Visiting ClusterIP:Port allows you to access the applications in the cluster.
                                                                        
-
                                                                        
-
                                                                        run
                                                                        
-
                                                                        Examples:
                                                                        
-
                                                                        To run a particular image in the cluster:
                                                                        
-
                                                                        kubectl run deployname --image=nginx:latest
                                                                        
-
                                                                        To run a particular image using a specified command:
                                                                        
-
                                                                        kubectl run deployname -image=busybox --command -- ping baidu.com
                                                                        
-
                                                                        set
                                                                        
-
                                                                        The set command configures object resources.
                                                                        
-
                                                                        Example:
                                                                        
-
                                                                        To change the image of a deployment with the name specified in deployname to image 1.0:
                                                                        
-
                                                                        kubectl set image deploy deployname containername=containername:1.0
                                                                        
-
                                                                        edit
                                                                        
-
                                                                        The edit command edits a resource from the default editor.
                                                                        
-
                                                                        Examples:
                                                                        
-
                                                                        To update a pod:
                                                                        
-
                                                                        kubectl edit po po-nginx-btv4j
                                                                        
-
                                                                        The example command yields the same effect as the following command:
                                                                        
-
                                                                        kubectl get po po-nginx-btv4j -o yaml >> /tmp/nginx-tmp.yaml
-vim /tmp/nginx-tmp.yaml
-/*do some changes here */
-kubectl replace -f /tmp/nginx-tmp.yaml
                                                                        
-
                                                                        explain
                                                                        
-
                                                                        The explain command views documents or reference documents.
                                                                        
-
                                                                        Example:
                                                                        
-
                                                                        To get documentation of pods:
                                                                        
-
                                                                        kubectl explain pod
                                                                        
-
                                                                        delete
                                                                        
-
                                                                        The delete command deletes resources by resource name or label.
                                                                        
-
                                                                        Example:
                                                                        
-
                                                                        To delete a pod with minimal delay:
                                                                        
-
                                                                        kubectl delete po podname --now 
                                                                        
-
                                                                        kubectl delete -f nginx.yaml
-kubectl delete deployment deployname
                                                                        
-
                                                                        
-
                                                                        Deployment Commands
                                                                        rolling-update*
                                                                        
-
                                                                        rolling-update is a very important command. It updates a running service with zero downtime. Pods are incrementally replaced by new ones. One pod is updated at a time. The old pod is deleted only after the new pod is up. New pods must be distinct from old pods by name, version, and label. Otherwise, an error message will be reported.
                                                                        
-
                                                                        kubectl rolling-update poname -f newfilename
-kubectl rolling-update poname -image=image:v2
                                                                        
-
                                                                        If any problem occurs during the rolling update, run the command with the -rollback flag to abort the rolling update and revert to the previous pod.
                                                                        
-
                                                                        kubectl rolling-update poname -rollback
                                                                        
-
                                                                        rollout
                                                                        
-
                                                                        The rollout command manages the rollout of a resource.
                                                                        
-
                                                                        Examples:
                                                                        
-
                                                                        To check the rollout status of a particular deployment:
                                                                        
-
                                                                        kubectl rollout status deployment/deployname
                                                                        
-
                                                                        To view the rollout history of a particular deployment:
                                                                        
-
                                                                        kubectl rollout history deployment/deployname
                                                                        
-
                                                                        To roll back to the previous deployment: (by default, a resource is rolled back to the previous version)
                                                                        
-
                                                                        kubectl rollout undo deployment/test-nginx
                                                                        
-
                                                                        scale
                                                                        
-
                                                                        The scale command sets a new size for a resource by adjusting the number of resource replicas.
                                                                        
-
                                                                        kubectl scale deployment deployname --replicas=newnumber
                                                                        
-
                                                                        autoscale
                                                                        
-
                                                                        The autoscale command automatically chooses and sets the number of pods. This command specifies the range for the number of pod replicas maintained by a replication controller. If there are too many pods, the replication controller terminates the extra pods. If there is too few, the replication controller starts more pods.
                                                                        
-
                                                                        kubectl autoscale deployment deployname --min=minnumber --max=maxnumber
                                                                        
-
                                                                        
-
                                                                        Cluster Management Commands
                                                                        cordon, drain, uncordon*
                                                                        
-
                                                                        If a node to be upgraded is running many pods or is already down, perform the following steps to prepare the node for maintenance:
                                                                        
-
                                                                        1. Run the cordon command to mark a node as unschedulable. This means that new pods will not be scheduled onto the node.
                                                                          kubectl cordon nodename
                                                                          
-
                                                                          Note: In CCE, nodename indicates the private network IP address of a node.
                                                                          
-
                                                                        2. Run the drain command to smoothly migrate the running pods from the node to another node.
                                                                          kubectl drain nodename --ignore-daemonsets --ignore-emptydir
                                                                          
-
                                                                          ignore-emptydir ignores the pods that use emptyDirs.
                                                                          
-
                                                                        3. Perform maintenance operations on the node, such as upgrading the kernel and upgrading Docker.
                                                                        4. After node maintenance is completed, run the uncordon command to mark the node as schedulable.
                                                                          kubectl uncordon nodename
                                                                          
-
                                                                        
-
                                                                        cluster-info
                                                                        
-
                                                                        To display the add-ons running in the cluster:
                                                                        
-
                                                                        kubectl cluster-info
                                                                        
-
                                                                        To dump current cluster information to stdout:
                                                                        
-
                                                                        kubectl cluster-info dump
                                                                        
-
                                                                        top*
                                                                        
-
                                                                        The top command displays resource (CPU/memory/storage) usage. This command requires Heapster to be correctly configured and working on the server.
                                                                        
-
                                                                        taint*
                                                                        
-
                                                                        The taint command updates the taints on one or more nodes.
                                                                        
-
                                                                        certificate*
                                                                        
-
                                                                        The certificate command modifies the certificate resources.
                                                                        
-
                                                                        
-
                                                                        Fault Diagnosis and Debugging Commands
                                                                        describe
                                                                        
-
                                                                        The describe command is similar to the get command. The difference is that the describe command shows details of a specific resource or group of resources, whereas the get command lists one or more resources in a cluster. The describe command does not support the -o flag. For resources of the same type, resource details are printed out in the same format.
                                                                        
-
                                                                         
                                                                        If the information about a resource is queried, you can use the get command to obtain more detailed information. If you want to check the status of a specific resource, for example, to check if a pod is in the running state, run the describe command to show more detailed status information.
                                                                        
-
                                                                        kubectl describe po <podname>
                                                                        
-
                                                                        
-
                                                                        logs
                                                                        
-
                                                                        The logs command prints logs for a container in a pod or specified resource to stdout. To display logs in the tail -f mode, run this command with the -f flag.
                                                                        
-
                                                                        kubectl logs -f podname
                                                                        
-
                                                                        exec
                                                                        
-
                                                                        The kubectl exec command is similar to the Docker exec command and executes a command in a container. If there are multiple containers in a pod, use the -c flag to choose a container.
                                                                        
-
                                                                        kubectl exec -it podname bash
-kubectl exec -it podname -c containername bash
                                                                        
-
                                                                        port-forward*
                                                                        
-
                                                                        The port-forward command forwards one or more local ports to a pod.
                                                                        
-
                                                                        Example:
                                                                        
-
                                                                        To listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in the pod:
                                                                        
-
                                                                        kubectl port-forward podname 5000:6000
                                                                        
-
                                                                        proxy*
                                                                        
-
                                                                        The proxy command creates a proxy server between localhost and the Kubernetes API server.
                                                                        
-
                                                                        Example:
                                                                        
-
                                                                        To enable the HTTP REST APIs on the master node:
                                                                        
-
                                                                        kubectl proxy -accept-hosts= '.*' -port=8001 -address= '0.0.0.0'
                                                                        
-
                                                                        cp
                                                                        
-
                                                                        The cp command copies files and directories to and from containers.
                                                                        
-
                                                                        cp filename newfilename
                                                                        
-
                                                                        auth*
                                                                        
-
                                                                        The auth command inspects authorization.
                                                                        
-
                                                                        attach*
                                                                        
-
                                                                        The attach command is similar to the logs -f command and attaches to a process that is already running inside an existing container. To exit, run the ctrl-c command. If a pod contains multiple containers, to view the output of a specific container, use the -c flag and containername following podname to specify a container.
                                                                        
-
                                                                        kubectl attach podname -c containername
                                                                        
-
                                                                        
-
                                                                        Advanced Commands
                                                                        replace
                                                                        
-
                                                                        The replace command updates or replaces an existing resource by attributes including the number of replicas, labels, image versions, and ports. You can directly modify the original YAML file and then run the replace command.
                                                                        
-
                                                                        kubectl replace -f filename
                                                                        
-
                                                                         
                                                                        Resource names cannot be updated.
                                                                        
-
                                                                        
-
                                                                        apply*
                                                                        
-
                                                                        The apply command provides a more strict control on resource updating than patch and edit commands. The apply command applies a configuration to a resource and maintains a set of configuration files in source control. Whenever there is an update, the configuration file is pushed to the server, and then the kubectl apply command applies the latest configuration to the resource. The Kubernetes compares the new configuration file with the original one and updates only the changed configuration instead of the whole file. The configuration that is not contained in the -f flag will remain unchanged. Unlike the replace command which deletes the resource and creates a new one, the apply command directly updates the original resource. Similar to the git operation, the apply command adds an annotation to the resource to mark the current apply.
                                                                        
-
                                                                        kubectl apply -f
                                                                        
-
                                                                        patch
                                                                        
-
                                                                        If you want to modify attributes of a running container without first deleting the container or using the replace command, the patch command is to the rescue. The patch command updates field(s) of a resource using strategic merge patch, a JSON merge patch, or a JSON patch. For example, to change a pod label from app=nginx1 to app=nginx2 while the pod is running, use the following command:
                                                                        
-
                                                                        kubectl patch pod podname -p '{"metadata":{"labels":{"app":"nginx2"}}}'
                                                                        
-
                                                                        convent*
                                                                        
-
                                                                        The convert command converts configuration files between different API versions.
                                                                        
-
                                                                        
-
                                                                        Configuration Commands
                                                                        label
                                                                        
-
                                                                        The label command update labels on a resource.
                                                                        
-
                                                                        kubectl label pods my-pod new-label=newlabel
                                                                        
-
                                                                        annotate
                                                                        
-
                                                                        The annotate command update annotations on a resource.
                                                                        
-
                                                                        kubectl annotate pods my-pod icon-url=http://......
                                                                        
-
                                                                        completion
                                                                        
-
                                                                        The completion command provides autocompletion for shell.
                                                                        
-
                                                                        
-
                                                                        Other Commands
                                                                        api-versions
                                                                        
-
                                                                        The api-versions command prints the supported API versions.
                                                                        
-
                                                                        kubectl api-versions
                                                                        
-
                                                                        api-resources
                                                                        
-
                                                                        The api-resources command prints the supported API resources.
                                                                        
-
                                                                        kubectl api-resources
                                                                        
-
                                                                        config*
                                                                        
-
                                                                        The config command modifies kubeconfig files. An example use case of this command is to configure authentication information in API calls.
                                                                        
-
                                                                        help
                                                                        
-
                                                                        The help command gets all command references.
                                                                        
-
                                                                        version
                                                                        
-
                                                                        The version command prints the client and server version information for the current context.
                                                                        
-
                                                                        kubectl version
                                                                        
-
                                                                        
-
                                                                        
-
                                                                        
-
                                                                        
-
                                                                        Parent topic: Using kubectl to Run a Cluster
                                                                        
-
                                                                        
-
                                                                        
-
diff --git a/docs/cce/umn/cce_10_0140.html b/docs/cce/umn/cce_10_0140.html
index db323a0bd..8218a1163 100644
--- a/docs/cce/umn/cce_10_0140.html
+++ b/docs/cce/umn/cce_10_0140.html
@@ -1,14 +1,14 @@
 
 
-
                                                                        Using kubectl to Run a Cluster
                                                                        
+
                                                                        Connecting to a Cluster
                                                                        
 
                                                                        
 
                                                                        
 
 
diff --git a/docs/cce/umn/cce_10_0141.html b/docs/cce/umn/cce_10_0141.html
index db6c148b9..a309baabe 100644
--- a/docs/cce/umn/cce_10_0141.html
+++ b/docs/cce/umn/cce_10_0141.html
@@ -1,28 +1,79 @@
 
 
 
                                                                        gpu-beta
                                                                        
-
                                                                        Introduction
                                                                        gpu-beta is a device management add-on that supports GPUs in containers. If GPU nodes are used in the cluster, the gpu-beta add-on must be installed.
                                                                        
+
                                                                        Introduction
                                                                        gpu-beta is a device management add-on that supports GPUs in containers. If GPU nodes are used in the cluster, this add-on must be installed.
                                                                        
 
                                                                        
-
                                                                        Notes and Constraints
                                                                        • The driver to be downloaded must be a .run file.
                                                                        • Only NVIDIA Tesla drivers are supported, not GRID drivers.
                                                                        • When installing or reinstalling the add-on, ensure that the driver download address is correct and accessible. CCE does not verify the address validity.
                                                                        • The gpu-beta add-on only enables you to download the driver and execute the installation script. The add-on status only indicates that how the add-on is running, not whether the driver is successfully installed.
                                                                        
+
                                                                        Constraints
                                                                        • The driver to be downloaded must be a .run file.
                                                                        • Only NVIDIA Tesla drivers are supported, not GRID drivers.
                                                                        • When installing or reinstalling the add-on, ensure that the driver download address is correct and accessible. CCE does not verify the address validity.
                                                                        • The gpu-beta add-on only enables you to download the driver and execute the installation script. The add-on status only indicates that how the add-on is running, not whether the driver is successfully installed.
                                                                        • CCE does not guarantee the compatibility between the GPU driver version and the CDUA library version of your application. You need to check the compatibility by yourself.
                                                                        • If a GPU driver has been added to a custom OS image, CCE cannot ensure that the GPU driver is compatible with other GPU components such as the monitoring components used in CCE.
                                                                        
 
                                                                        
-
                                                                        Installing the Add-on
                                                                        1. Log in to the CCE console and access the cluster console. Choose Add-ons in the navigation pane, locate gpu-beta on the right, and click Install.
                                                                        2. Configure the driver link.
                                                                           
                                                                          • If the download link is a public network address, for example, https://us.download.nvidia.com/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run, bind an EIP to each GPU node. For details about how to obtain the driver link, see Obtaining the Driver Link from Public Network.
                                                                          • If the download link is an OBS URL, you do not need to bind an EIP to GPU nodes. 
                                                                          • Ensure that the NVIDIA driver version matches the GPU node.
                                                                          • After the driver version is changed, restart the node for the change to take effect.
                                                                          
+
                                                                          Installing the Add-on
                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate gpu-beta on the right, and click Install.
                                                                          2. On the Install Add-on page, configure the specifications.
                                                                            
+
                                                                            
+
+
+
+
+
+
+
+
+
+
+
                                                                            Table 1 Add-on configuration
                                                                            Parameter
                                                                            
+
                                                                            Description
                                                                            
+
                                                                            Add-on Specifications
                                                                            
+
                                                                            Select Default or Custom.
                                                                            
+
                                                                            Containers
                                                                            
+
                                                                            CPU and memory quotas of the container allowed for the selected add-on specifications.
                                                                            
+
                                                                            If you select Custom, you can adjust the container specifications as required.
                                                                            
+
                                                                            
+
                                                                            
+
                                                                          3. Configure the add-on parameters.
                                                                            • NVIDIA Driver: Enter the link for downloading the NVIDIA driver. All GPU nodes in the cluster will use this driver.
                                                                               
                                                                              • If the download link is a public network address, for example, https://us.download.nvidia.com/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run, bind an EIP to each GPU node. For details about how to obtain the driver link, see Obtaining the Driver Link from Public Network.
                                                                              • If the download link is an OBS URL, you do not need to bind an EIP to GPU nodes. For details about how to obtain the driver link, see Obtaining the Driver Link from OBS.
                                                                              • Ensure that the NVIDIA driver version matches the GPU node.
                                                                              • After the driver version is changed, restart the node for the change to take effect.
                                                                              
 
                                                                              
-
                                                                            • Click Install.
                                                                          
+
                                                                          3. 
+
                                                                        3. Click Install.
                                                                           
                                                                          Uninstalling the add-on will clear the GPU driver on the nodes. As a result, GPU pods newly scheduled to the nodes cannot run properly, but running GPU pods are not affected.
                                                                          
+
                                                                          
+
                                                                        
 
                                                                        
 
                                                                        Verifying the Add-on
                                                                        After the add-on is installed, run the nvidia-smi command on the GPU node and the container that schedules GPU resources to verify the availability of the GPU device and driver.
                                                                        
-
                                                                        GPU node:
                                                                        cd /opt/cloud/cce/nvidia/bin && ./nvidia-smi
                                                                        
+
                                                                        • GPU node:
                                                                          # If the add-on version is earlier than 2.0.0, run the following command:
+cd /opt/cloud/cce/nvidia/bin && ./nvidia-smi
+
+# If the add-on version is 2.0.0 or later and the driver installation path is changed, run the following command:
+cd /usr/local/nvidia/bin && ./nvidia-smi
                                                                          
+
                                                                        • Container:
                                                                          cd /usr/local/nvidia/bin && ./nvidia-smi
                                                                          
+
                                                                        
+
                                                                        If GPU information is returned, the device is available and the add-on has been installed.
                                                                        
+
                                                                        
 
                                                                        
-
                                                                        Container:
                                                                        
-
                                                                        cd /usr/local/nvidia/bin && ./nvidia-smi
                                                                        
-
                                                                        If GPU information is returned, the device is available and the add-on is successfully installed.
                                                                        
-
                                                                        
-
                                                                        
-
                                                                        Obtaining the Driver Link from Public Network
                                                                        1. Log in to the CCE console.
                                                                        2. Click Create Node and select the GPU node to be created in the Specifications area. The GPU card model of the node is displayed in the lower part of the page.
                                                                        1. Visit https://www.nvidia.com/Download/Find.aspx?lang=en.
                                                                        2. Select the driver information on the NVIDIA Driver Downloads page, as shown in Figure 1. Operating System must be Linux 64-bit.
                                                                          Figure 1 Setting parameters
                                                                          
-
                                                                        3. After confirming the driver information, click SEARCH. A page is displayed, showing the driver information, as shown in Figure 2. Click DOWNLOAD.
                                                                          Figure 2 Driver information
                                                                          
-
                                                                        4. Obtain the driver link in either of the following ways:
                                                                          • Method 1: As shown in Figure 3, find url=/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run in the browser address box. Then, supplement it to obtain the driver link https://us.download.nvidia.com/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run. By using this method, you must bind an EIP to each GPU node.
                                                                          • Method 2: As shown in Figure 3, click AGREE & DOWNLOAD to download the driver. Then, upload the driver to OBS and record the OBS URL. By using this method, you do not need to bind an EIP to GPU nodes.
                                                                            Figure 3 Obtaining the link
                                                                            
+
                                                                            Obtaining the Driver Link from Public Network
                                                                            1. Log in to the CCE console.
                                                                            2. Click Create Node and select the GPU node to be created in the Specifications area. The GPU card model of the node is displayed in the lower part of the page.
                                                                            1. Visit https://www.nvidia.com/Download/Find.aspx?lang=en.
                                                                            2. Select the driver information on the NVIDIA Driver Downloads page, as shown in Figure 1. Operating System must be Linux 64-bit.
                                                                              Figure 1 Setting parameters
                                                                              
+
                                                                            3. After confirming the driver information, click SEARCH. A page is displayed, showing the driver information, as shown in Figure 2. Click DOWNLOAD.
                                                                              Figure 2 Driver information
                                                                              
+
                                                                            4. Obtain the driver link in either of the following ways:
                                                                              • Method 1: As shown in Figure 3, find url=/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run in the browser address box. Then, supplement it to obtain the driver link https://us.download.nvidia.com/tesla/470.103.01/NVIDIA-Linux-x86_64-470.103.01.run. By using this method, you must bind an EIP to each GPU node.
                                                                              • Method 2: As shown in Figure 3, click AGREE & DOWNLOAD to download the driver. Then, upload the driver to OBS and record the OBS URL. By using this method, you do not need to bind an EIP to GPU nodes.
                                                                                Figure 3 Obtaining the link
                                                                                
 
                                                                              
 
                                                                            
 
                                                                            
+
                                                                            Obtaining the Driver Link from OBS
                                                                            1. Upload the driver to OBS and set the driver file to public read. 
                                                                               
                                                                              When the node is restarted, the driver will be downloaded and installed again. Ensure that the OBS bucket link of the driver is valid.
                                                                              
+
                                                                              
+
                                                                            2. In the bucket list, click a bucket name, and then the Overview page of the bucket is displayed.
                                                                            3. In the navigation pane, choose Objects.
                                                                            4. Select the name of the target object and copy the driver link on the object details page.
                                                                            
+
                                                                            
+
                                                                            Components
                                                                            
+
                                                                            
+
+
+
+
+
+
+
+
+
+
                                                                            Table 2 GPU component
                                                                            Container Component
                                                                            
+
                                                                            Description
                                                                            
+
                                                                            Resource Type
                                                                            
+
                                                                            nvidia-driver-installer
                                                                            
+
                                                                            Used for installing an NVIDIA driver on GPU nodes.
                                                                            
+
                                                                            DaemonSet
                                                                            
+
                                                                            
+
                                                                            
+
                                                                            
 
                                                                        
 
                                                                        
 
                                                                        
diff --git a/docs/cce/umn/cce_10_0142.html b/docs/cce/umn/cce_10_0142.html
index 3914fdb6a..8176ca08c 100644
--- a/docs/cce/umn/cce_10_0142.html
+++ b/docs/cce/umn/cce_10_0142.html
@@ -1,17 +1,17 @@
 
 
 
                                                                        NodePort
                                                                        
-
                                                                        Scenario
                                                                        A Service is exposed on each node's IP address at a static port (NodePort). A ClusterIP Service, to which the NodePort Service will route, is automatically created. By requesting <NodeIP>:<NodePort>, you can access a NodePort Service from outside the cluster.
                                                                        
-
                                                                        Figure 1 NodePort access
                                                                        
+
                                                                        Scenario
                                                                        A Service is exposed on each node's IP address at a static port (NodePort). When you create a NodePort Service, Kubernetes automatically allocates an internal IP address (ClusterIP) of the cluster. When clients outside the cluster access <NodeIP>:<NodePort>, the traffic will be forwarded to the target pod through the ClusterIP of the NodePort Service.
                                                                        
+
                                                                        Figure 1 NodePort access
                                                                        
 
                                                                        
-
                                                                        Notes and Constraints
                                                                        • By default, a NodePort Service is accessed within a VPC. If you need to use an EIP to access a NodePort Service through public networks, bind an EIP to the node in the cluster in advance.
                                                                        • After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. You are advised not to modify the Service affinity setting after the Service is created. If you need to modify it, create a Service again.
                                                                        • CCE Turbo clusters support only cluster-level service affinity.
                                                                        • In VPC network mode, when container A is published through a NodePort service and the service affinity is set to the node level (that is, externalTrafficPolicy is set to local), container B deployed on the same node cannot access container A through the node IP address and NodePort service.
                                                                        • When a NodePort service is created in a cluster of v1.21.7 or later, the port on the node is not displayed using netstat by default. If the cluster forwarding mode is iptables, run the iptables -t nat -L command to view the port. If the cluster forwarding mode is ipvs, run the ipvsadm -nL command to view the port.
                                                                        
+
                                                                        Constraints
                                                                        • By default, a NodePort Service is accessed within a VPC. To use an EIP to access a NodePort Service through public networks, bind an EIP to the node in the cluster in advance.
                                                                        • After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. Do not modify the Service affinity setting after the Service is created. To modify it, create a Service again.
                                                                        • CCE Turbo clusters support only cluster-level service affinity.
                                                                        • In VPC network mode, when container A is published through a NodePort service and the service affinity is set to the node level (that is, externalTrafficPolicy is set to local), container B deployed on the same node cannot access container A through the node IP address and NodePort service.
                                                                        • When a NodePort service is created in a cluster of v1.21.7 or later, the port on the node is not displayed using netstat by default. If the cluster forwarding mode is iptables, run the iptables -t nat -L command to view the port. If the cluster forwarding mode is IPVS, run the ipvsadm -Ln command to view the port.
                                                                        
 
                                                                        
-
                                                                        Creating a NodePort Service
                                                                        1. Log in to the CCE console and click the cluster name to access the cluster.
                                                                        2. Choose Networking in the navigation pane and click Create Service in the upper right corner.
                                                                        3. Set intra-cluster access parameters.
                                                                          • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                          • Service Type: Select NodePort.
                                                                          • Namespace: Namespace to which the workload belongs.
                                                                          • Service Affinity: For details, see externalTrafficPolicy (Service Affinity).
                                                                            • Cluster level: The IP addresses and access ports of all nodes in a cluster can access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                            • Node level: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                                            
-
                                                                          • Selector: Add a label and click Add. A Service selects a pod based on the added label. You can also click Reference Workload Label to reference the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                          • Port Settings
                                                                            • Protocol: protocol used by the Service.
                                                                            • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                            • Container Port: port on which the workload listens. For example, Nginx uses port 80 by default.
                                                                            • Node Port: You are advised to select Auto. You can also specify a port. The default port ranges from 30000 to 32767.
                                                                            
+
                                                                            Creating a NodePort Service
                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                            2. Choose Networking in the navigation pane and click Create Service in the upper right corner.
                                                                            3. Set intra-cluster access parameters.
                                                                              • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                              • Service Type: Select NodePort.
                                                                              • Namespace: Namespace to which the workload belongs.
                                                                              • Service Affinity: For details, see externalTrafficPolicy (Service Affinity).
                                                                                • Cluster level: The IP addresses and access ports of all nodes in a cluster can access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                                • Node level: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                                                
+
                                                                              • Selector: Add a label and click Add. A Service selects a pod based on the added label. You can also click Reference Workload Label to reference the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                              • Port
                                                                                • Protocol: protocol used by the Service.
                                                                                • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                • Container Port: port on which the workload listens. For example, Nginx uses port 80 by default.
                                                                                • Node Port: You are advised to select Auto. You can also specify a port. The default port ranges from 30000 to 32767.
                                                                                
 
                                                                              
 
                                                                            4. Click OK.
                                                                            
 
                                                                            
-
                                                                            Using kubectl
                                                                            You can run kubectl commands to set the access type. This section uses a Nginx workload as an example to describe how to set a NodePort Service using kubectl.
                                                                            
+
                                                                            Using kubectl
                                                                            You can run kubectl commands to set the access type. This section uses an Nginx workload as an example to describe how to set a NodePort Service using kubectl.
                                                                            
 
                                                                            1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                            2. Create and edit the nginx-deployment.yaml and nginx-nodeport-svc.yaml files.
                                                                              The file names are user-defined. nginx-deployment.yaml and nginx-nodeport-svc.yaml are merely example file names.
                                                                              
 
                                                                              vi nginx-deployment.yaml
                                                                              
 
                                                                              apiVersion: apps/v1
@@ -103,34 +103,10 @@ Commercial support is available at
 / # 
                                                                              
 
                                                                            
 
                                                                            
-
                                                                            externalTrafficPolicy (Service Affinity)
                                                                            For a NodePort Service, requests are first sent to the node port, then the Service, and finally the pod backing the Service. The backing pod may be not located in the node receiving the requests. By default, the backend workload can be accessed from any node IP address and service port. If the pod is not on the node that receives the request, the request will be redirected to the node where the pod is located, which may cause performance loss.
                                                                            
-
                                                                            externalTrafficPolicy is a configuration parameter of the Service.
                                                                            
-
                                                                            apiVersion: v1
-kind: Service
-metadata:
-  name: nginx-nodeport
-spec:
-  externalTrafficPolicy: local
-  ports:
-  - name: service
-    nodePort: 30000
-    port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: nginx
-  type: NodePort
                                                                            
-
                                                                            If the value of externalTrafficPolicy is local, requests sent from Node IP address:Service port will be forwarded only to the pod on the local node. If the node does not have a pod, the requests are suspended.
                                                                            
-
                                                                            The other value of externalTrafficPolicy is cluster (default value), which indicates that requests are forwarded in a cluster.
                                                                            
-
                                                                            You can set this parameter when creating a Service of the NodePort type on the CCE console.
                                                                            
-
                                                                            
-
                                                                            The values of externalTrafficPolicy are as follows:
                                                                            
-
                                                                            • cluster: The IP addresses and access ports of all nodes in a cluster can access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                            • local: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                                            
-
                                                                            
 
                                                                            
 
                                                                            
 
                                                                            
-
                                                                            Parent topic: Services
                                                                            
+
                                                                            Parent topic: Service
                                                                            
 
                                                                            
 
                                                                            
 
diff --git a/docs/cce/umn/cce_10_0144.html b/docs/cce/umn/cce_10_0144.html
new file mode 100644
index 000000000..faddb64a2
--- /dev/null
+++ b/docs/cce/umn/cce_10_0144.html
@@ -0,0 +1,66 @@
+
+
+
                                                                            Deploying an Application Through the Helm v3 Client
                                                                            
+
                                                                            Prerequisites
                                                                            The Kubernetes cluster created on CCE has been connected to kubectl. For details, see Using kubectl.
                                                                            
+
                                                                            
+
                                                                            Installing Helm v3
                                                                            This section uses Helm v3.3.0 as an example.
                                                                            
+
                                                                            For other versions, visit https://github.com/helm/helm/releases.
                                                                            
+
                                                                            1. Download the Helm client from the VM connected to the cluster.
                                                                              wget https://get.helm.sh/helm-v3.3.0-linux-amd64.tar.gz
                                                                              
+
                                                                            2. Decompress the Helm package.
                                                                              tar -xzvf helm-v3.3.0-linux-amd64.tar.gz
                                                                              
+
                                                                            3. Copy Helm to the system path, for example, /usr/local/bin/helm.
                                                                              mv linux-amd64/helm /usr/local/bin/helm
                                                                              
+
                                                                            4. Query the Helm version.
                                                                              helm version
+version.BuildInfo{Version:"v3.3.0", GitCommit:"e29ce2a54e96cd02ccfce88bee4f58bb6e2a28b6", GitTreeState:"clean", GoVersion:"go1.13.4"}
                                                                              
+
                                                                            
+
                                                                            
+
                                                                            Installing the Helm Chart
                                                                            You can use Helm to install a chart. Before using Helm, you may need to understand the following concepts to better use Helm:
                                                                            
+
                                                                            • Chart: contains resource definitions and a large number of configuration files of Kubernetes applications.
                                                                            • Repository: stores shared charts. You can download charts from the repository to a local path for installation or install them online.
                                                                            • Release: running result of after a chart is installed in a Kubernetes cluster using Helm. A chart can be installed multiple times in a cluster. A new release will be created for each installation. A MySQL chart is used as an example. To run two databases in a cluster, install the chart twice. Each database has its own release and release name.
                                                                            
+
                                                                            For more details, see Using Helm.
                                                                            
+
                                                                            1. Search for a chart from the Artifact Hub repository recommended by Helm and configure the Helm repository.
                                                                              helm repo add {repo_name} {repo_addr}
                                                                              
+
                                                                              The following uses the WordPress chart as an example:
                                                                              helm repo add bitnami https://charts.bitnami.com/bitnami
                                                                              
+
                                                                              
+
                                                                            2. Run the helm install command to install the chart.
                                                                              • Default installation: This is the simplest method, which requires only two parameters.
                                                                                helm install {release_name} {chart_name}
                                                                                
+
                                                                                For example, to install WordPress, the WordPress chart added in step 1 is bitnami/wordpress, and the release name is my-wordpress.
                                                                                helm install my-wordpress bitnami/wordpress
                                                                                
+
                                                                                
+
                                                                              • Custom installation: The default installation uses the default settings in the chart. Use custom installation to custom parameter settings. Run the helm show values {chart_name} command to view the configurable options of the chart. For example, to view the configurable items of WordPress, run the following command:
                                                                                helm show values bitnami/wordpress
                                                                                
+
                                                                                Overwrite specified parameters by running the following commands:
                                                                                
+
                                                                                helm install my-wordpress bitnami/wordpress \
+     --set mariadb.primary.persistence.enabled=true \
+     --set mariadb.primary.persistence.storageClass=csi-disk \
+     --set mariadb.primary.persistence.size=10Gi \
+     --set persistence.enabled=false
                                                                                
+
                                                                              
+
                                                                            3. View the installed chart release.
                                                                              helm list
                                                                              
+
                                                                            
+
                                                                            
+
                                                                            Common Issues
                                                                            • The following error message is displayed after the helm version command is run:
                                                                              Client:
+&version.Version{SemVer:"v3.3.0",
+GitCommit:"012cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"}
+E0718 11:46:10.132102    7023 portforward.go:332] an error occurred
+forwarding 41458 -> 44134: error forwarding port 44134 to pod
+d566b78f997eea6c4b1c0322b34ce8052c6c2001e8edff243647748464cd7919, uid : unable
+to do port forwarding: socat not found.
+Error: cannot connect to Tiller
                                                                              
+
                                                                              The preceding information is displayed because the socat is not installed. Run the following command to install the socat:
                                                                              
+
                                                                              yum install socat -y
                                                                              
+
                                                                            • When you run the yum install socat –y command on a node running EulerOS 2.9 , if the following error message is displayed:
                                                                              No match for argument: socat
+Error: Unable to find a match: socat
                                                                              
+
                                                                              The node image does not contain socat. In this case, manually download the RPM chart and run the following command to install it (replace the RPM chart name with the actual one):
                                                                              
+
                                                                              rpm -i socat-1.7.3.2-8.oe1.x86_64.rpm
                                                                              
+
                                                                            • When the socat has been installed and the following error message is displayed after the helm version command is run:
                                                                              $ helm version
+Client: &version.Version{SemVer:"v3.3.0", GitCommit:"021cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"}
+Error: cannot connect to Tiller
                                                                              
+
                                                                              The Helm chart reads the configuration certificate in .Kube/config to communicate with Kubernetes. The preceding error indicates that the kubectl configuration is incorrect. In this case, reconnect the cluster to kubectl. For details, see Using kubectl.
                                                                              
+
                                                                            • Storage fails to be created after you have connected to cloud storage services.
                                                                              This issue may be caused by the annotation field in the created PVC. Change the chart name and install the chart again.
                                                                              
+
                                                                            • If kubectl is not properly configured, the following error message is displayed after the helm install command is run:
                                                                              # helm install prometheus/ --generate-name
+WARNING: This chart is deprecated
+Error: Kubernetes cluster unreachable: Get "http://localhost:8080/version?timeout=32s": dial tcp [::1]:8080: connect: connection refused
                                                                              
+
                                                                              Solution: Configure kubeconfig for the node. For details, see Using kubectl.
                                                                              
+
                                                                            
+
                                                                            
+
                                                                            
+
                                                                            
+
                                                                            
+
                                                                            Parent topic: Helm Chart
                                                                            
+
                                                                            
+
                                                                            
+
diff --git a/docs/cce/umn/cce_10_0146.html b/docs/cce/umn/cce_10_0146.html
index 9c06932ce..e30d0c9af 100644
--- a/docs/cce/umn/cce_10_0146.html
+++ b/docs/cce/umn/cce_10_0146.html
@@ -2,7 +2,7 @@
 
 
                                                                            Deploying an Application from a Chart
                                                                            
 
                                                                            On the CCE console, you can upload a Helm chart package, deploy it, and manage the deployed pods.
                                                                            
-
                                                                            Notes and Constraints
                                                                            • The number of charts that can be uploaded by a single user is limited. The value displayed on the console of each region is the allowed quantity.
                                                                            • A chart with multiple versions consumes the same amount of portion of chart quota.
                                                                            • Users with chart operation permissions can perform multiple operations on clusters. Therefore, exercise caution when assigning users the chart lifecycle management permissions, including uploading charts and creating, deleting, and updating chart releases.
                                                                            
+
                                                                            Constraints
                                                                            • The number of charts that can be uploaded by a single user is limited. The value displayed on the console of each region is the allowed quantity.
                                                                            • A chart with multiple versions consumes the same amount of portion of chart quota.
                                                                            • Users with chart operation permissions can perform multiple operations on clusters. Therefore, exercise caution when assigning users the chart lifecycle management permissions, including uploading charts and creating, deleting, and updating chart releases.
                                                                            
 
                                                                            
 
                                                                            Chart Specifications
                                                                            The Redis workload is used as an example to illustrate the chart specifications.
                                                                            
 
                                                                            • Naming Requirement
                                                                              A chart package is named in the format of {name}-{version}.tgz, where {version} indicates the version number in the format of Major version number.Minor version number.Revision number, for example, redis-0.4.2.tgz.
                                                                              
@@ -33,7 +33,7 @@
 
 
                                                                        Describes configuration parameters required by templates.
                                                                        
 
                                                                         NOTICE: 
                                                                        Make sure that the image address set in the values.yaml file is the same as the image address in the container image repository. Otherwise, an exception occurs when you create a workload, and the system displays a message indicating that the image fails to be pulled.
                                                                        
-
                                                                        To obtain the image address, perform the following operations: Log in to the CCE console. In the navigation pane, choose Image Repository to access the SWR console. Choose My Images > Private Images and click the name of the uploaded image. On the Image Tags tab page, obtain the image address from the pull command. You can click  to copy the command in the Image Pull Command column.
                                                                        
+
                                                                        To obtain the image address, perform the following operations: Log in to the CCE console. In the navigation pane, choose Image Repository to access the SWR console. Choose My Images > Private Images and click the name of the uploaded image. On the Image Tags tab page, obtain the image address from the pull command. You can click  to copy the command in the Image Pull Command column.
                                                                        
 
                                                                        
                                                                         		
 
                                                                        * Chart.yaml
                                                                        
                                                                         		
 
                                                                        Basic information about the chart.
                                                                        
-
                                                                        Note: Helm v3 bumps the apiVersion from v1 to v2.
                                                                        
+
                                                                        Note: The API version of Helm v3 is switched from v1 to v2.
                                                                        
                                                                         		
 
                                                                        
 
                                                                        .helmignore
                                                                        
@@ -60,11 +60,11 @@
 
 
 
-
                                                                        Uploading a Chart
                                                                        1. Log in to the CCE console, click the cluster name, and access the cluster console. Choose Charts in the navigation pane and click Upload Chart in the upper right corner.
                                                                        2. Click Select File, select the chart to be uploaded, and click Upload.
                                                                           
                                                                          When you upload a chart, the naming rule of the OBS bucket is changed from cce-charts-{region}-{domain_name} to cce-charts-{region}-{domain_id}. In the old naming rule, the system converts the domain_name value into a Base64 string and uses the first 63 characters. If you cannot find the chart in the OBS bucket with the new name, search for the bucket with the old name.
                                                                          
+
                                                                          Uploading a Chart
                                                                          1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Charts in the navigation pane and click Upload Chart in the upper right corner.
                                                                          2. Click Select File, select the chart to be uploaded, and click Upload.
                                                                             
                                                                            When you upload a chart, the naming rule of the OBS bucket is changed from cce-charts-{region}-{domain_name} to cce-charts-{region}-{domain_id}. In the old naming rule, the system converts the domain_name value into a Base64 string and uses the first 63 characters. If you cannot find the chart in the OBS bucket with the new name, search for the bucket with the old name.
                                                                            
 
                                                                            
 
                                                                          
 
                                                                          
-
                                                                          Creating a Release
                                                                          1. Log in to the CCE console, click the cluster name, and access the cluster console. In the navigation pane, choose Charts.
                                                                          2. On the My Charts tab page, click Install of the target chart.
                                                                          3. Set workload installation parameters by referring to Table 2.
                                                                            
+
                                                                            Creating a Release
                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Charts.
                                                                            2. On the My Charts tab page, click Install of the target chart.
                                                                            3. Set workload installation parameters by referring to Table 2.
                                                                              
 
                                                                              Table 2 Installation parameters
                                                                              Parameter
                                                                              
                                                                               		
 
                                                                              Description
                                                                              
@@ -101,17 +101,17 @@
 
                                                                            4. Click Install.
                                                                              On the Releases tab page, you can view the installation status of the release.
                                                                              
 
                                                                              5. 
 
-
                                                                              Upgrading a Chart-based Workload
                                                                              1. Log in to the CCE console, click the cluster name, and access the cluster console. Choose Charts in the navigation pane and click the Releases tab.
                                                                              2. Click Upgrade in the row where the desired workload resides and set the parameters for the workload.
                                                                              3. Select a chart version for Chart Version.
                                                                              4. Follow the prompts to modify the chart parameters. Click Upgrade, and then click Submit.
                                                                              5. Click Back to Release List. If the chart status changes to Upgrade successful, the workload is successfully upgraded.
                                                                              
+
                                                                              Upgrading a Chart-based Workload
                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Charts in the navigation pane and click the Releases tab.
                                                                              2. Click Upgrade in the row where the desired workload resides and set the parameters for the workload.
                                                                              3. Select a chart version for Chart Version.
                                                                              4. Follow the prompts to modify the chart parameters. Click Upgrade, and then click Submit.
                                                                              5. Click Back to Release List. If the chart status changes to Upgrade successful, the workload is successfully upgraded.
                                                                              
 
                                                                              
-
                                                                              Rolling Back a Chart-based Workload
                                                                              1. Log in to the CCE console, click the cluster name, and access the cluster console. Choose Charts in the navigation pane and click the Releases tab.
                                                                              2. Click More > Roll Back for the workload to be rolled back, select the workload version, and click Roll back to this version.
                                                                                In the workload list, if the status is Rollback successful, the workload is rolled back successfully.
                                                                                
+
                                                                                Rolling Back a Chart-based Workload
                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Charts in the navigation pane and click the Releases tab.
                                                                                2. Click More > Roll Back for the workload to be rolled back, select the workload version, and click Roll back to this version.
                                                                                  In the workload list, if the status is Rollback successful, the workload is rolled back successfully.
                                                                                  
 
                                                                                
 
                                                                                
-
                                                                                Uninstalling a Chart-based Workload
                                                                                1. Log in to the CCE console, click the cluster name, and access the cluster console. Choose Charts in the navigation pane and click the Releases tab.
                                                                                2. Click More > Uninstall next to the release to be uninstalled, and click Yes. Exercise caution when performing this operation because releases cannot be restored after being uninstalled.
                                                                                
+
                                                                                Uninstalling a Chart-based Workload
                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Charts in the navigation pane and click the Releases tab.
                                                                                2. Click More > Uninstall next to the release to be uninstalled, and click Yes. Exercise caution when performing this operation because releases cannot be restored after being uninstalled.
                                                                                
 
                                                                                
 
                                                                                
 
                                                                                
 
                                                                                
-
                                                                                Parent topic: Charts
                                                                                
+
                                                                                Parent topic: Helm Chart
                                                                                
 
                                                                                
 
                                                                                
 
diff --git a/docs/cce/umn/cce_10_0150.html b/docs/cce/umn/cce_10_0150.html
index 2cefd9aa7..dc0f3594c 100644
--- a/docs/cce/umn/cce_10_0150.html
+++ b/docs/cce/umn/cce_10_0150.html
@@ -8,15 +8,81 @@
 
                                                                              
 
                                                                              Prerequisites
                                                                              Resources have been created. For details, see Creating a Node. If clusters and nodes are available, you need not create them again.
                                                                              
 
                                                                              
-
                                                                              Using the CCE Console
                                                                              1. Log in to the CCE console.
                                                                              2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                                              3. Set basic information about the workload. 
                                                                                Basic Info
                                                                                • Workload Type: Select Job. For details about workload types, see Overview.
                                                                                • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                                                • Pods: Enter the number of pods.
                                                                                • Container Runtime: A CCE cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences between runC and Kata, see Kata Containers and Common Containers.
                                                                                
+
                                                                                Using the CCE Console
                                                                                1. Log in to the CCE console.
                                                                                2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                                                3. Set basic information about the workload. 
                                                                                  Basic Info
                                                                                  • Workload Type: Select Job. For details about workload types, see Overview.
                                                                                  • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                  • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                                                  • Pods: Enter the number of pods of the workload.
                                                                                  • Container Runtime: A CCE cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Kata Runtime and Common Runtime.
                                                                                  
 
                                                                                  
-
                                                                                  Container Settings
                                                                                  • Container Information
                                                                                    Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                                                                                    • Basic Info: See Setting Basic Container Information.
                                                                                    • Lifecycle: See Setting Container Lifecycle Parameters.
                                                                                    • Environment Variables: See Setting an Environment Variable.
                                                                                    • Data Storage: See Overview.
                                                                                       
                                                                                      If the workload contains more than one pod, EVS volumes cannot be mounted.
                                                                                      
+
                                                                                      Container Settings
                                                                                      • Container Information
                                                                                        Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                                                                                        • Basic Info: Configure basic information about the container.
+
                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                          Parameter
                                                                                          
+
                                                                                          Description
                                                                                          
+
                                                                                          Container Name
                                                                                          
+
                                                                                          Name the container.
                                                                                          
+
                                                                                          Pull Policy
                                                                                          
+
                                                                                          Image update or pull policy. If you select Always, the image is pulled from the image repository each time. If you do not select Always, the existing image of the node is preferentially used. If the image does not exist, the image is pulled from the image repository.
                                                                                          
+
                                                                                          Image Name
                                                                                          
+
                                                                                          Click Select Image and select the image used by the container.
                                                                                          
+
                                                                                          To use a third-party image, see Using Third-Party Images.
                                                                                          
+
                                                                                          Image Tag
                                                                                          
+
                                                                                          Select the image tag to be deployed.
                                                                                          
+
                                                                                          CPU Quota
                                                                                          
+
                                                                                          • Request: minimum number of CPU cores required by a container. The default value is 0.25 cores.
                                                                                          • Limit: maximum number of CPU cores available for a container. Do not leave Limit unspecified. Otherwise, intensive use of container resources will occur and your workload may exhibit unexpected behavior.
                                                                                          
+
                                                                                          If Request and Limit are not specified, the quota is not limited. For more information and suggestions about Request and Limit, see Setting Container Specifications.
                                                                                          
+
                                                                                          Memory Quota
                                                                                          
+
                                                                                          • Request: minimum amount of memory required by a container. The default value is 512 MiB.
                                                                                          • Limit: maximum amount of memory available for a container. When memory usage exceeds the specified memory limit, the container will be terminated.
                                                                                          
+
                                                                                          If Request and Limit are not specified, the quota is not limited. For more information and suggestions about Request and Limit, see Setting Container Specifications.
                                                                                          
+
                                                                                          (Optional) GPU Quota
                                                                                          
+
                                                                                          Configurable only when the cluster contains GPU nodes and the gpu-beta add-on is installed.
                                                                                          
+
                                                                                          • All: The GPU is not used.
                                                                                          • Dedicated: GPU resources are exclusively used by the container.
                                                                                          • Shared: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container uses 10% of GPU resources.
                                                                                          
+
                                                                                          For details about how to use GPU in the cluster, see Default GPU Scheduling in Kubernetes.
                                                                                          
+
                                                                                          (Optional) Privileged Container
                                                                                          
+
                                                                                          Programs in a privileged container have certain privileges.
                                                                                          
+
                                                                                          If Privileged Container is enabled, the container is assigned privileges. For example, privileged containers can manipulate network devices on the host machine and modify kernel parameters.
                                                                                          
+
                                                                                          (Optional) Init Container
                                                                                          
+
                                                                                          Indicates whether to use the container as an init container. The init container does not support health check.
                                                                                          
+
                                                                                          An init container is a special container that runs before other app containers in a pod are started. Each pod can contain multiple containers. In addition, a pod can contain one or more Init containers. Application containers in a pod are started and run only after the running of all Init containers completes. For details, see Init Container.
                                                                                          
+
                                                                                          
+
                                                                                          
+
                                                                                        
+
                                                                                        • (Optional) Lifecycle: Configure operations to be performed in a specific phase of the container lifecycle, such as Startup Command, Post-Start, and Pre-Stop. For details, see Setting Container Lifecycle Parameters.
                                                                                        • (Optional) Environment Variables: Set variables for the container running environment using key-value pairs. These variables transfer external information to containers running in pods and can be flexibly modified after application deployment. For details, see Setting an Environment Variable.
                                                                                        • (Optional) Data Storage: Mount local storage or cloud storage to the container. The application scenarios and mounting modes vary with the storage type. For details, see Storage.
                                                                                           
                                                                                          If the workload contains more than one pod, EVS volumes cannot be mounted.
                                                                                          
 
                                                                                          
-
                                                                                        • Logging: See Using ICAgent to Collect Container Logs.
                                                                                        
+
                                                                                      • (Optional) Logging: Report container stdout streams to AOM by default and require no manual settings. You can manually configure the log collection path. For details, see Using ICAgent to Collect Container Logs.
                                                                                        To disable the standard output of the current workload, add the annotation kubernetes.AOM.log.stdout: [] in Labels and Annotations. For details about how to use this annotation, see Table 1.
                                                                                        
+
                                                                                      
 
                                                                                      
-
                                                                                    • Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                                                                                    • GPU graphics card: All is selected by default. The workload instance will be scheduled to the node with the specified GPU graphics card type.
                                                                                    
+
                                                                                  • Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                                                                                  • (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node with the specified GPU graphics card type.
                                                                                  
 
                                                                                  
-
                                                                                  Advanced Settings
                                                                                  • Labels and Annotations: See Pod Labels and Annotations.
                                                                                  • Job Settings:
                                                                                    • Parallel Pods: Maximum number of pods that can run in parallel during job execution. The value cannot be greater than the total number of pods in the job.
                                                                                    • Timeout (s): Once a job reaches this time, the job status becomes failed and all pods in this job will be deleted. If you leave this parameter blank, the job will never time out.
                                                                                    
+
                                                                                    (Optional) Advanced Settings
                                                                                    • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Labels and Annotations.
                                                                                    
+
                                                                                    • Job Settings
                                                                                      • Parallel Pods: Maximum number of pods that can run in parallel during job execution. The value cannot be greater than the total number of pods in the job.
                                                                                      • Timeout (s): Once a job reaches this time, the job status becomes failed and all pods in this job will be deleted. If you leave this parameter blank, the job will never time out.
                                                                                      
+
                                                                                    • Network configuration:
 
                                                                                    
 
                                                                                    
 
                                                                                  • Click Create Workload in the lower right corner.
                                                                                
@@ -79,7 +145,9 @@ spec:
       - name: pi
         image: perl
         command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
-      restartPolicy: Never
+      restartPolicy: Never
+      imagePullSecrets:
+        - name: default-secret
 
                                                                                Description
                                                                                
 
                                                                                • apiVersion: batch/v1 indicates the version of the current job.
                                                                                • kind: Job indicates that the current resource is a job.
                                                                                • restartPolicy: Never indicates the current restart policy. For jobs, this parameter can only be set to Never or OnFailure. For other controllers (for example, Deployments), you can set this parameter to Always.
                                                                                
 
                                                                                Run the job.
                                                                                
@@ -103,7 +171,7 @@ myjob-29qlw   0/1     Completed   0          4m5s
 
                                                                                
 
                                                                                Related Operations
                                                                                After a one-off job is created, you can perform operations listed in Table 2.
                                                                                
 
-
                                                                                Table 2 Other operations
                                                                                Operation
                                                                                
+
                                                                                
@@ -111,12 +179,12 @@ myjob-29qlw   0/1     Completed   0          4m5s
 
-
-
@@ -127,7 +195,7 @@ myjob-29qlw   0/1     Completed   0          4m5s
 
                                                                                
 
                                                                                
-
                                                                                Parent topic: Workloads
                                                                                
+
                                                                                Parent topic: Creating a Workload
                                                                                
 
                                                                                
 
                                                                                
 
diff --git a/docs/cce/umn/cce_10_0151.html b/docs/cce/umn/cce_10_0151.html
index 18bc9b2d7..7a0efcdcd 100644
--- a/docs/cce/umn/cce_10_0151.html
+++ b/docs/cce/umn/cce_10_0151.html
@@ -9,20 +9,85 @@
 
                                                                                Prerequisites
                                                                                Resources have been created. For details, see Creating a Node.
                                                                                
 
                                                                                
-
                                                                                Using the CCE Console
                                                                                1. Log in to the CCE console.
                                                                                2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                                                3. Set basic information about the workload.
                                                                                  Basic Info
                                                                                  • Workload Type: Select Cron Job. For details about workload types, see Overview.
                                                                                  • Workload Name: Enter the name of the workload. Enter 1 to 52 characters starting with a lowercase letter and ending with a letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                  • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                                                  • Container Runtime: A CCE cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences between runC and Kata, see Kata Containers and Common Containers.
                                                                                  
+
                                                                                  Using the CCE Console
                                                                                  1. Log in to the CCE console.
                                                                                  2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                                                  3. Set basic information about the workload.
                                                                                    Basic Info
                                                                                    • Workload Type: Select Cron Job. For details about workload types, see Overview.
                                                                                    • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                    • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                                                    • Container Runtime: A CCE cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Kata Runtime and Common Runtime.
                                                                                    
 
                                                                                    
-
                                                                                    Container Settings
                                                                                    • Container Information
                                                                                      Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
+
                                                                                      Container Settings
                                                                                      • Container Information
                                                                                        Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                                                                                        • Basic Info: Configure basic information about the container.
+
                                                                                Table 2 Related operations
                                                                                Operation
                                                                                
                                                                                 		
 
                                                                                Description
                                                                                
 
                                                                                
 
                                                                                Editing a YAML file
                                                                                
 
                                                                                Click More > Edit YAML next to the job name to edit the YAML file corresponding to the current job.
                                                                                
+
                                                                                Click More > Edit YAML next to the job name to edit the YAML file corresponding to the current job.
                                                                                
                                                                                 		
 
                                                                                
 
                                                                                Deleting a job
                                                                                
 
                                                                                1. Select the job to be deleted and click Delete in the Operation column.
                                                                                2. Click Yes.
                                                                                  Deleted jobs cannot be restored. Exercise caution when deleting a job.
                                                                                  
+
                                                                                1. Select the job to be deleted and choose More > Delete in the Operation column.
                                                                                2. Click Yes.
                                                                                  Deleted jobs cannot be restored. Exercise caution when deleting a job.
                                                                                  
 
                                                                                
                                                                                 		
 
                                                                                
 
 
                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                Parameter
                                                                                
+
                                                                                Description
                                                                                
+
                                                                                Container Name
                                                                                
+
                                                                                Name the container.
                                                                                
+
                                                                                Pull Policy
                                                                                
+
                                                                                Image update or pull policy. If you select Always, the image is pulled from the image repository each time. If you do not select Always, the existing image of the node is preferentially used. If the image does not exist, the image is pulled from the image repository.
                                                                                
+
                                                                                Image Name
                                                                                
+
                                                                                Click Select Image and select the image used by the container.
                                                                                
+
                                                                                To use a third-party image, see Using Third-Party Images.
                                                                                
+
                                                                                Image Tag
                                                                                
+
                                                                                Select the image tag to be deployed.
                                                                                
+
                                                                                CPU Quota
                                                                                
+
                                                                                • Request: minimum number of CPU cores required by a container. The default value is 0.25 cores.
                                                                                • Limit: maximum number of CPU cores available for a container. Do not leave Limit unspecified. Otherwise, intensive use of container resources will occur and your workload may exhibit unexpected behavior.
                                                                                
+
                                                                                If Request and Limit are not specified, the quota is not limited. For more information and suggestions about Request and Limit, see Setting Container Specifications.
                                                                                
+
                                                                                Memory Quota
                                                                                
+
                                                                                • Request: minimum amount of memory required by a container. The default value is 512 MiB.
                                                                                • Limit: maximum amount of memory available for a container. When memory usage exceeds the specified memory limit, the container will be terminated.
                                                                                
+
                                                                                If Request and Limit are not specified, the quota is not limited. For more information and suggestions about Request and Limit, see Setting Container Specifications.
                                                                                
+
                                                                                (Optional) GPU Quota
                                                                                
+
                                                                                Configurable only when the cluster contains GPU nodes and the gpu-beta add-on is installed.
                                                                                
+
                                                                                • All: The GPU is not used.
                                                                                • Dedicated: GPU resources are exclusively used by the container.
                                                                                • Shared: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container uses 10% of GPU resources.
                                                                                
+
                                                                                For details about how to use GPU in the cluster, see Default GPU Scheduling in Kubernetes.
                                                                                
+
                                                                                (Optional) Privileged Container
                                                                                
+
                                                                                Programs in a privileged container have certain privileges.
                                                                                
+
                                                                                If Privileged Container is enabled, the container is assigned privileges. For example, privileged containers can manipulate network devices on the host machine and modify kernel parameters.
                                                                                
+
                                                                                (Optional) Init Container
                                                                                
+
                                                                                Indicates whether to use the container as an init container. The init container does not support health check.
                                                                                
+
                                                                                An init container is a special container that runs before other app containers in a pod are started. Each pod can contain multiple containers. In addition, a pod can contain one or more Init containers. Application containers in a pod are started and run only after the running of all Init containers completes. For details, see Init Container.
                                                                                
+
                                                                                
 
                                                                                
-
                                                                              4. Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                                                                              5. GPU graphics card: All is selected by default. The workload instance will be scheduled to the node with the specified GPU graphics card type.
                                                                                6. 
+
+
                                                                                • (Optional) Lifecycle: Configure operations to be performed in a specific phase of the container lifecycle, such as Startup Command, Post-Start, and Pre-Stop. For details, see Setting Container Lifecycle Parameters.
                                                                                • (Optional) Environment Variables: Set variables for the container running environment using key-value pairs. These variables transfer external information to containers running in pods and can be flexibly modified after application deployment. For details, see Setting an Environment Variable.
                                                                                
+
+
                                                                              6. Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                                                                              7. (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node with the specified GPU graphics card type.
                                                                                8. 
 
 
                                                                                Schedule
                                                                                
 
                                                                                • Concurrency Policy: The following three modes are supported:
                                                                                  • Forbid: A new job cannot be created before the previous job is completed.
                                                                                  • Allow: The cron job allows concurrently running jobs, which preempt cluster resources.
                                                                                  • Replace: A new job replaces the previous job when it is time to create a job but the previous job is not completed.
                                                                                  
-
                                                                                • Policy Settings: specifies when a new cron job is executed. Policy settings in YAML are implemented using cron expressions.
                                                                                  • A cron job is executed at a fixed interval. The unit can be minute, hour, day, or month. For example, if a cron job is executed every 30 minutes, the cron expression is */30 * * * *, the execution time starts from 0 in the unit range, for example, 00:00:00, 00:30:00, 01:00:00, and ....
                                                                                  • The cron job is executed at a fixed time (by month). For example, if a cron job is executed at 00:00 on the first day of each month, the cron expression is 0 0 1 */1 *, and the execution time is ****-01-01 00:00:00, ****-02-01 00:00:00, and ....
                                                                                  • The cron job is executed at a fixed time (by week). For example, if a cron job is executed at 00:00 every Monday, the cron expression is 0 0 * * 1, and the execution time is ****-**-01 00:00:00 on Monday, ****-**-08 00:00:00 on Monday, and ....
                                                                                  • For details about how to use cron expressions, see cron.
                                                                                  
-
                                                                                   
                                                                                  • If a cron job is executed at a fixed time (by month) and the number of days in a month does not exist, the cron job will not be executed in this month. For example, if the number of days is set to 30 but February does not have the 30th day, the cron job skips this month and continues on March 30.
                                                                                  • Due to the definition of the cron expression, the fixed period is not a strict period. The time unit range is divided from 0 by period. For example, if the unit is minute, the value ranges from 0 to 59. If the value cannot be exactly divided, the last period is reset. Therefore, an accurate period can be represented only when the period can evenly divide its time unit range.
                                                                                    For example, the unit of the period is hour. Because /2, /3, /4, /6, /8, and /12 can be divided by 24, the accurate period can be represented. If another period is used, the last period will be reset at the beginning of a new day. For example, if the cron expression is * */12 * * *, the execution time is 00:00:00 and 12:00:00 every day. If the cron expression is * */13 * * *, the execution time is 00:00:00 and 13:00:00 every day. At 00:00 on the next day, the execution time is updated even if the period does not reach 13 hours.
                                                                                    
+
                                                                                  • Policy Settings: specifies when a new cron job is executed. Policy settings in YAML are implemented using cron expressions.
                                                                                    • A cron job is executed at a fixed interval. The unit can be minute, hour, day, or month. For example, if a cron job is executed every 30 minutes and the corresponding cron expression is */30 * * * *, the execution time starts from 0 in the unit range, for example, 00:00:00, 00:30:00, 01:00:00, and ....
                                                                                    • The cron job is executed at a fixed time (by month). For example, if a cron job is executed at 00:00 on the first day of each month, the cron expression is 0 0 1 */1 *, and the execution time is ****-01-01 00:00:00, ****-02-01 00:00:00, and ....
                                                                                    • The cron job is executed by week. For example, if a cron job is executed at 00:00 every Monday, the cron expression is 0 0 * * 1, and the execution time is ****-**-01 00:00:00 on Monday, ****-**-08 00:00:00 on Monday, and ....
                                                                                    • Custom Cron Expression: For details about how to use cron expressions, see CronJob.
                                                                                    
+
                                                                                     
                                                                                    • If a cron job is executed at a fixed time (by month) and the number of days in a month does not exist, the cron job will not be executed in this month. For example, the execution will skip February if the date is set to 30.
                                                                                    • Due to the definition of cron, the fixed period is not a strict period. The time unit range is divided from 0 by period. For example, if the unit is minute, the value ranges from 0 to 59. If the value cannot be exactly divided, the last period is reset. Therefore, an accurate period can be represented only when the period can be evenly divided.
                                                                                      Take a cron job that is executed by hour as an example. As /2, /3, /4, /6, /8, and /12 can exactly divide 24 hours, an accurate period can be represented. If another period is used, the last period will be reset at the beginning of a new day. For example, if the cron expression is * */12 * * *, the execution time is 00:00:00 and 12:00:00 every day. If the cron expression is * */13 * * *, the execution time is 00:00:00 and 13:00:00 every day. At 00:00 on the next day, the execution time is updated even if the period does not reach 13 hours.
                                                                                      
 
                                                                                    
 
                                                                                    
 
                                                                                  • Job Records: You can set the number of jobs that are successfully executed or fail to be executed. Setting a limit to 0 corresponds to keeping none of the jobs after they finish.
                                                                                  
-
                                                                                  Advanced Settings
+
                                                                                  (Optional) Advanced Settings
                                                                                  • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Labels and Annotations.
                                                                                  
+
 
                                                                                  
 
                                                                                • Click Create Workload in the lower right corner.
                                                                                  • 
 
@@ -30,7 +95,10 @@
 
                                                                                  • .spec.schedule: takes a Cron format string, for example, 0 * * * * or @hourly, as schedule time of jobs to be created and executed.
                                                                                  • .spec.jobTemplate: specifies jobs to be run, and has the same schema as when you are Creating a Job Using kubectl.
                                                                                  • .spec.startingDeadlineSeconds: specifies the deadline for starting a job.
                                                                                  • .spec.concurrencyPolicy: specifies how to treat concurrent executions of a job created by the Cron job. The following options are supported:
                                                                                    • Allow (default value): allows concurrently running jobs.
                                                                                    • Forbid: forbids concurrent runs, skipping next run if previous has not finished yet.
                                                                                    • Replace: cancels the currently running job and replaces it with a new one.
                                                                                    
 
                                                                                  
 
                                                                                  The following is an example cron job, which is saved in the cronjob.yaml file.
                                                                                  
-
                                                                                  apiVersion: batch/v1beta1
+
                                                                                   
                                                                                  In clusters of v1.21 or later, CronJob apiVersion is batch/v1.
                                                                                  
+
                                                                                  In clusters earlier than v1.21, CronJob apiVersion is batch/v1beta1.
                                                                                  
+
                                                                                  
+
                                                                                  apiVersion: batch/v1
 kind: CronJob
 metadata:
   name: hello
@@ -43,11 +111,13 @@ spec:
           containers:
           - name: hello
             image: busybox
-            args:
+            command:
             - /bin/sh
             - -c
             - date; echo Hello from the Kubernetes cluster
-          restartPolicy: OnFailure
                                                                                  
+          restartPolicy: OnFailure
+          imagePullSecrets:
+            - name: default-secret
                                                                                  
 
                                                                                  Run the job.
                                                                                  
 
                                                                                  1. Create a cron job.
                                                                                    kubectl create -f cronjob.yaml
                                                                                    
 
                                                                                    Information similar to the following is displayed:
                                                                                    
@@ -67,13 +137,13 @@ hello-1597388040-lckg9         0/1       Completed   0          39s
 Hello from the Kubernetes cluster
 
                                                                                    kubectl delete cronjob hello
                                                                                    
 
                                                                                    cronjob.batch "hello" deleted
                                                                                    
-
                                                                                     
                                                                                    When a cron job is deleted, the related jobs and pods are deleted too.
                                                                                    
+
                                                                                     
                                                                                    When a CronJob is deleted, the related jobs and pods are deleted accordingly.
                                                                                    
 
                                                                                    
 
                                                                                  
 
-
                                                                                  Related Operations
                                                                                  After a cron job is created, you can perform operations listed in Table 1.
                                                                                  
+
                                                                                  Related Operations
                                                                                  After a CronJob is created, you can perform operations listed in Table 1.
                                                                                  
 
-
                                                                                  Table 1 Other operations
                                                                                  Operation
                                                                                  
+
                                                                                  
@@ -81,17 +151,17 @@ Hello from the Kubernetes cluster
-
-
-
-
-
@@ -102,7 +172,7 @@ Hello from the Kubernetes cluster
                                                                                  
 
                                                                                  
-
                                                                                  Parent topic: Workloads
                                                                                  
+
                                                                                  Parent topic: Creating a Workload
                                                                                  
 
                                                                                  
 
                                                                                  
 
diff --git a/docs/cce/umn/cce_10_0152.html b/docs/cce/umn/cce_10_0152.html
index 5acf05ceb..2dbbca7a1 100644
--- a/docs/cce/umn/cce_10_0152.html
+++ b/docs/cce/umn/cce_10_0152.html
@@ -6,9 +6,9 @@
 
                                                                                  Benefits of ConfigMaps:
                                                                                  • Manage configurations of different environments and services.
                                                                                  • Deploy workloads in different environments. Multiple versions are supported for configuration files so that you can update and roll back workloads easily.
                                                                                  • Quickly import configurations in the form of files to containers.
                                                                                  
-
                                                                                  Notes and Constraints
                                                                                  • The size of a ConfigMap resource file cannot exceed 2 MB.
                                                                                  • ConfigMaps cannot be used in static pods.
                                                                                  
+
                                                                                  Constraints
                                                                                  • The size of a ConfigMap resource file cannot exceed 2 MB.
                                                                                  • ConfigMaps cannot be used in static pods.
                                                                                  
 
                                                                                  
-
                                                                                  Procedure
                                                                                  1. Log in to the CCE console and access the cluster console.
                                                                                  2. Choose ConfigMaps and Secrets in the navigation pane and click Create ConfigMap in the upper right corner.
                                                                                  3. Set parameters.
                                                                                    
+
                                                                                    Procedure
                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                    2. Choose ConfigMaps and Secrets in the navigation pane and click Create ConfigMap in the upper right corner.
                                                                                    3. Set parameters.
                                                                                      
 
                                                                                  Table 1 Related operations
                                                                                  Operation
                                                                                  
                                                                                   		
 
                                                                                  Description
                                                                                  
                                                                                   		
 
                                                                                  
 
                                                                                  Editing a YAML file
                                                                                  
 
                                                                                  Click More > Edit YAML next to the cron job name to edit the YAML file of the current job.
                                                                                  
+
                                                                                  Click More > Edit YAML next to the cron job name to edit the YAML file of the current job.
                                                                                  
                                                                                   		
 
                                                                                  Stopping a cron job
                                                                                  
+
                                                                                  Stopping a CronJob
                                                                                  
 
                                                                                  1. Select the job to be stopped and click Stop in the Operation column.
                                                                                  2. Click Yes.
                                                                                  
+
                                                                                  1. Select the job to be stopped and click Stop in the Operation column.
                                                                                  2. Click Yes.
                                                                                  
                                                                                   		
 
                                                                                  Deleting a cron job
                                                                                  
+
                                                                                  Deleting a CronJob
                                                                                  
 
                                                                                  1. Select the cron job to be deleted and click More > Delete in the Operation column.
                                                                                  2. Click Yes.
                                                                                    Deleted jobs cannot be restored. Therefore, exercise caution when deleting a job.
                                                                                    
+
                                                                                  1. Select the CronJob to be deleted and click More > Delete in the Operation column.
                                                                                  2. Click Yes.
                                                                                    Deleted jobs cannot be restored. Therefore, exercise caution when deleting a job.
                                                                                    
 
                                                                                  
                                                                                   		
 
                                                                                  
 
 
 
 
                                                                                  
-
-
                                                                                  Table 1 Parameters for creating a ConfigMap
                                                                                  Parameter
                                                                                  
                                                                                   		
 
                                                                                  Description
                                                                                  
@@ -33,7 +33,7 @@
 
                                                                                  Data
                                                                                  
                                                                                   		
 
                                                                                  Data of a ConfigMap, in the key-value pair format.
                                                                                  
-
                                                                                  Click  to add data. The value can be in string, JSON, or YAML format.
                                                                                  
+
                                                                                  Click  to add data. The value can be in string, JSON, or YAML format.
                                                                                  
                                                                                   		
 
                                                                                  
 
                                                                                  Label
                                                                                  
@@ -47,7 +47,7 @@
 
                                                                                • After the configuration is complete, click OK.
                                                                                  The new ConfigMap is displayed in the ConfigMap list.
                                                                                  
 
                                                                                  • 
 
-
                                                                                  Creating a ConfigMap Using kubectl
                                                                                  1. Configure the kubectl command to connect an ECS to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                  2. Create and edit the cce-configmap.yaml file.
                                                                                    vi cce-configmap.yaml
                                                                                    
+
                                                                                    Creating a ConfigMap Using kubectl
                                                                                    1. Configure the kubectl command to connect an ECS to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                    2. Create a file named cce-configmap.yaml and edit it.
                                                                                      vi cce-configmap.yaml
                                                                                      
 
                                                                                      apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -64,12 +64,12 @@ data:
 
                                                                                  
 
                                                                                  apiVersion
                                                                                  
 
                                                                                  The value is fixed at v1.
                                                                                  
+
                                                                                  The value is fixed at v1.
                                                                                  
                                                                                   		
 
                                                                                  
 
                                                                                  kind
                                                                                  
 
                                                                                  The value is fixed at ConfigMap.
                                                                                  
+
                                                                                  The value is fixed at ConfigMap.
                                                                                  
                                                                                   		
 
                                                                                  
 
                                                                                  metadata.name
                                                                                  
diff --git a/docs/cce/umn/cce_10_0153.html b/docs/cce/umn/cce_10_0153.html
index 1cd31dab2..4a986b05c 100644
--- a/docs/cce/umn/cce_10_0153.html
+++ b/docs/cce/umn/cce_10_0153.html
@@ -3,9 +3,9 @@
 
                                                                                  Creating a Secret
                                                                                  
 
                                                                                  Scenario
                                                                                  A secret is a type of resource that holds sensitive data, such as authentication and key information. Its content is user-defined. After creating secrets, you can use them as files or environment variables in a containerized workload.
                                                                                  
 
                                                                                  
-
                                                                                  Notes and Constraints
                                                                                  Secrets cannot be used in static pods.
                                                                                  
+
                                                                                  Constraints
                                                                                  Secrets cannot be used in static pods.
                                                                                  
 
                                                                                  
-
                                                                                  Procedure
                                                                                  1. Log in to the CCE console and access the cluster console.
                                                                                  2. Choose ConfigMaps and Secrets in the navigation pane, click the Secrets tab, and click Create Secret in the upper right corner.
                                                                                  3. Set parameters.
                                                                                    
+
                                                                                    Procedure
                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                    2. Choose ConfigMaps and Secrets in the navigation pane, click the Secrets tab, and click Create Secret in the upper right corner.
                                                                                    3. Set parameters.
                                                                                      
 
                                                                                      
@@ -52,54 +52,54 @@
 
                                                                                    4. After the configuration is complete, click OK.
                                                                                      The new secret is displayed in the key list.
                                                                                      
 
                                                                                      5. 
-
                                                                                      Secret Resource File Configuration
                                                                                      This section describes configuration examples of secret resource description files.
                                                                                      
-
                                                                                      • Opaque
                                                                                        The secret.yaml file is defined as shown below. The data field is filled in as a key-value pair, and the value field must be encoded using Base64. For details about the Base64 encoding method, see Base64 Encoding.
                                                                                        
+
                                                                                        Secret Resource File Configuration Example
                                                                                        This section describes configuration examples of secret resource description files.
                                                                                        
+
                                                                                        • Opaque type
                                                                                          The secret.yaml file is defined as shown below. The data field is filled in as a key-value pair, and the value field must be encoded using Base64. For details about the Base64 encoding method, see Base64 Encoding.
                                                                                          
 
                                                                                          apiVersion: v1
 kind: Secret
 metadata:
   name: mysecret           #Secret name
   namespace: default       #Namespace. The default value is default.
 data:
-  <your_key>: <your_value>  # Enter a key-value pair. The value must be encoded using Base64.
+  <your_key>: <your_value>  # Enter a key-value pair. The value must be encoded using Base64.
 type: Opaque
                                                                                          
-
                                                                                        • kubernetes.io/dockerconfigjson
                                                                                          The secret.yaml file is defined as shown below. The value of .dockerconfigjson must be encoded using Base64. For details, see Base64 Encoding.
                                                                                          
+
                                                                                        • kubernetes.io/dockerconfigjson type
                                                                                          The secret.yaml file is defined as shown below. The value of .dockerconfigjson must be encoded using Base64. For details, see Base64 Encoding.
                                                                                          
 
                                                                                          apiVersion: v1
 kind: Secret
 metadata:
   name: mysecret           #Secret name
-  namespace: default       #Namespace. The default value is default.
+  namespace: default       #Namespace. The default value is default.
 data:
-  .dockerconfigjson: eyJh*****    # Content encoded using Base64.
+  .dockerconfigjson: eyJh*****    # Content encoded using Base64.
 type: kubernetes.io/dockerconfigjson
                                                                                          
-
                                                                                          To obtain the .dockerconfigjson content, perform the following steps:
                                                                                          
-
                                                                                          1. Obtain the login information of the image repository.
                                                                                            • Image repository address: The section uses address as an example. Replace it with the actual address.
                                                                                            • Username: The section uses username as an example. Replace it with the actual username.
                                                                                            • Password: The section uses password as an example. Replace it with the actual password.
                                                                                            
-
                                                                                          2. Use Base64 to encode the key-value pair username:password and fill the encoded content in step 3.
                                                                                            echo -n "username:password" | base64
                                                                                            
+
                                                                                            To obtain the .dockerconfigjson content, perform the following steps:
                                                                                            
+
                                                                                            1. Obtain the following login information of the image repository.
                                                                                              • Image repository address: The section uses address as an example. Replace it with the actual address.
                                                                                              • Username: The section uses username as an example. Replace it with the actual username.
                                                                                              • Password: The section uses password as an example. Replace it with the actual password.
                                                                                              
+
                                                                                            2. Use Base64 to encode the key-value pair username:password and fill the encoded content in 3.
                                                                                              echo -n "username:password" | base64
                                                                                              
 
                                                                                              Command output:
                                                                                              
 
                                                                                              dXNlcm5hbWU6cGFzc3dvcmQ=
                                                                                              
 
                                                                                            3. Use Base64 to encode the following JSON content:
                                                                                              echo -n '{"auths":{"address":{"username":"username","password":"password","auth":"dXNlcm5hbWU6cGFzc3dvcmQ="}}}' | base64
                                                                                              
 
                                                                                              Command output:
                                                                                              
 
                                                                                              eyJhdXRocyI6eyJhZGRyZXNzIjp7InVzZXJuYW1lIjoidXNlcm5hbWUiLCJwYXNzd29yZCI6InBhc3N3b3JkIiwiYXV0aCI6ImRYTmxjbTVoYldVNmNHRnpjM2R2Y21RPSJ9fX0=
                                                                                              
-
                                                                                              The encoded content is the .dockerconfigjson content.
                                                                                              
+
                                                                                              The encoded content is the .dockerconfigjson content.
                                                                                              
 
                                                                                            
 
                                                                                        
-
                                                                                        • kubernetes.io/tls
                                                                                          The value of tls.crt and tls.key must be encoded using Base64. For details, see Base64 Encoding.
                                                                                          kind: Secret
+
                                                                                          • kubernetes.io/tls type
                                                                                            The value of tls.crt and tls.key must be encoded using Base64. For details, see Base64 Encoding.
                                                                                            kind: Secret
 apiVersion: v1
 metadata:
   name: mysecret           #Secret name
-  namespace: default       #Namespace. The default value is default.
+  namespace: default       #Namespace. The default value is default.
 data:
-  tls.crt: LS0tLS1CRU*****FURS0tLS0t  # Certificate content, which must be encoded using Base64.
-  tls.key: LS0tLS1CRU*****VZLS0tLS0=  # Private key content, which must be encoded using Base64.
+  tls.crt: LS0tLS1CRU*****FURS0tLS0t  # Certificate content, which must be encoded using Base64.
+  tls.key: LS0tLS1CRU*****VZLS0tLS0=  # Private key content, which must be encoded using Base64.
 type: kubernetes.io/tls
                                                                                            
 
                                                                                            
-
                                                                                          • IngressTLS
                                                                                            The value of tls.crt and tls.key must be encoded using Base64. For details, see Base64 Encoding.
                                                                                            kind: Secret
+
                                                                                          • IngressTLS type
                                                                                            The value of tls.crt and tls.key must be encoded using Base64. For details, see Base64 Encoding.
                                                                                            kind: Secret
 apiVersion: v1
 metadata:
   name: mysecret           #Secret name
-  namespace: default       #Namespace. The default value is default.
+  namespace: default       #Namespace. The default value is default.
 data:
-  tls.crt: LS0tLS1CRU*****FURS0tLS0t  # Certificate content, which must be encoded using Base64.
-  tls.key: LS0tLS1CRU*****VZLS0tLS0=  # Private key content, which must be encoded using Base64.
+  tls.crt: LS0tLS1CRU*****FURS0tLS0t  # Certificate content, which must be encoded using Base64.
+  tls.key: LS0tLS1CRU*****VZLS0tLS0=  # Private key content, which must be encoded using Base64.
 type: IngressTLS
                                                                                            
 
                                                                                            
 
                                                                                          
@@ -107,14 +107,14 @@ data:
 
                                                                                          Creating a Secret Using kubectl
                                                                                          1. According to Connecting to a Cluster Using kubectl, configure the kubectl command to connect an ECS to the cluster.
                                                                                          2. Create and edit the Base64-encoded cce-secret.yaml file.
                                                                                            # echo -n "content to be encoded" | base64
 ******
                                                                                            
 
                                                                                            vi cce-secret.yaml
                                                                                            
-
                                                                                            The following YAML file uses the Opaque type as an example. For details about other types, see Secret Resource File Configuration.
                                                                                            
+
                                                                                            The following YAML file uses the Opaque type as an example. For details about other types, see Secret Resource File Configuration Example.
                                                                                            
 
                                                                                            apiVersion: v1
 kind: Secret
 metadata:
   name: mysecret
 type: Opaque
 data:
-  <your_key>: <your_value>  # Enter a key-value pair. The value must be encoded using Base64.
                                                                                            
+  <your_key>: <your_value>  # Enter a key-value pair. The value must be encoded using Base64.
                                                                                          
 
                                                                                        • Create a secret.
                                                                                          kubectl create -f cce-secret.yaml
                                                                                          
 
                                                                                          You can query the secret after creation.
                                                                                          
 
                                                                                          kubectl get secret -n default
                                                                                          
@@ -147,7 +147,7 @@ data:
 
                                                                                      
-
diff --git a/docs/cce/umn/cce_10_0154.html b/docs/cce/umn/cce_10_0154.html
index 48309e145..cbce81770 100644
--- a/docs/cce/umn/cce_10_0154.html
+++ b/docs/cce/umn/cce_10_0154.html
@@ -3,24 +3,27 @@
 
                                                                                      autoscaler
                                                                                      Introduction
                                                                                      Autoscaler is an important Kubernetes controller. It supports microservice scaling and is key to serverless design.
                                                                                      
 
                                                                                      When the CPU or memory usage of a microservice is too high, horizontal pod autoscaling is triggered to add pods to reduce the load. These pods can be automatically reduced when the load is low, allowing the microservice to run as efficiently as possible.
                                                                                      
-
                                                                                      CCE simplifies the creation, upgrade, and manual scaling of Kubernetes clusters, in which traffic loads change over time. To balance resource usage and workload performance of nodes, Kubernetes introduces the autoscaler add-on to automatically resize a cluster based on the resource usage required for workloads deployed in the cluster. For details, see Creating a Node Scaling Policy.
                                                                                      
+
                                                                                      CCE simplifies the creation, upgrade, and manual scaling of Kubernetes clusters, in which traffic loads change over time. To balance resource usage and workload performance of nodes, Kubernetes introduces the autoscaler add-on to automatically adjust the number of nodes in a cluster based on the resource usage required for workloads deployed in the cluster. For details, see Creating a Node Scaling Policy.
                                                                                      
 
                                                                                      Open source community: https://github.com/kubernetes/autoscaler
                                                                                      
 
                                                                                      
 
                                                                                      How the Add-on Works
                                                                                      autoscaler controls auto scale-out and scale-in.
                                                                                      
-
                                                                                      • Auto scale-out
                                                                                        You can choose either of the following methods:
                                                                                        • If pods in a cluster cannot be scheduled due to insufficient worker nodes, cluster scaling is triggered to add nodes. The nodes to be added have the same specification as configured for the node pool to which the nodes belong.
                                                                                          Auto scale-out will be performed when:
                                                                                          • Node resources are insufficient.
                                                                                          • No node affinity policy is set in the pod scheduling configuration. That is, if a node has been configured as an affinity node for pods, no node will not be automatically added when pods cannot be scheduled. For details about how to configure the node affinity policy, see Scheduling Policy (Affinity/Anti-affinity).
                                                                                          
+
                                                                                          • Auto scale-out
                                                                                            You can choose either of the following methods:
                                                                                            • If pods in a cluster cannot be scheduled due to insufficient worker nodes, cluster scaling is triggered to add nodes. The nodes to be added have the same specification as configured for the node pool to which the nodes belong.
                                                                                              Auto scale-out will be performed when:
                                                                                              • Node resources are insufficient.
                                                                                              • No node affinity policy is set in the pod scheduling configuration. If a node has been configured as an affinity node for pods, no node will not be automatically added when pods cannot be scheduled. For details about how to configure the node affinity policy, see Scheduling Policy (Affinity/Anti-affinity).
                                                                                              
 
                                                                                              
 
                                                                                            • When the cluster meets the node scaling policy, cluster scale-out is also triggered. For details, see Creating a Node Scaling Policy.
                                                                                            
 
                                                                                             
                                                                                            The add-on follows the "No Less, No More" policy. For example, if three cores are required for creating a pod and the system supports four-core and eight-core nodes, autoscaler will preferentially create a four-core node.
                                                                                            
 
                                                                                            
 
                                                                                            
-
                                                                                          • Auto scale-in
                                                                                            When a cluster node is idle for a period of time (10 minutes by default), cluster scale-in is triggered, and the node is automatically deleted. However, a node cannot be deleted from a cluster if the following pods exist:
                                                                                            
-
                                                                                            • Pods that do not meet specific requirements set in PodDisruptionBudget
                                                                                            • Pods that cannot be scheduled to other nodes due to constraints such as affinity and anti-affinity policies
                                                                                            • Pods that have the cluster-autoscaler.kubernetes.io/safe-to-evict: 'false' annotation
                                                                                            • Pods (except those created by kube-system DaemonSet) that exist in the kube-system namespace on the node
                                                                                            • Pods that are not created by the controller (Deployment/ReplicaSet/job/StatefulSet)
                                                                                            
+
                                                                                          • Auto scale-in
                                                                                            When a cluster node is idle for a period of time (10 minutes by default), cluster scale-in is triggered, and the node is automatically deleted. However, a node cannot be deleted from a cluster if the following pods exist:
                                                                                            • Pods that do not meet specific requirements set in Pod Disruption Budgets (PodDisruptionBudget)
                                                                                            • Pods that cannot be scheduled to other nodes due to constraints such as affinity and anti-affinity policies
                                                                                            • Pods that have the cluster-autoscaler.kubernetes.io/safe-to-evict: 'false' annotation
                                                                                            • Pods (except those created by DaemonSets in the kube-system namespace) that exist in the kube-system namespace on the node
                                                                                            • Pods that are not created by the controller (Deployment/ReplicaSet/job/StatefulSet)
                                                                                            
+
                                                                                             
                                                                                            When a node meets the scale-in conditions, autoscaler adds the DeletionCandidateOfClusterAutoscaler taint to the node in advance to prevent pods from being scheduled to the node. After the autoscaler add-on is uninstalled, if the taint still exists on the node, manually delete it.
                                                                                            
+
                                                                                            
+
                                                                                            
 
                                                                                          
 
                                                                                          
-
                                                                                          Notes and Constraints
                                                                                          • Only clusters of v1.9.10-r2 and later support autoscaler.
                                                                                          • Ensure that there are sufficient resources for installing the add-on.
                                                                                          • The default node pool does not support auto scaling. For details, see Description of DefaultPool.
                                                                                          
+
                                                                                          Constraints
                                                                                          • Ensure that there are sufficient resources for installing the add-on.
                                                                                          • The default node pool does not support auto scaling. For details, see Description of DefaultPool.
                                                                                          • When autoscaler is used, some taints or annotations may affect auto scaling. Therefore, do not use the following taints or annotations in clusters:
                                                                                            • ignore-taint.cluster-autoscaler.kubernetes.io: The taint works on nodes. Kubernetes-native autoscaler supports protection against abnormal scale outs and periodically evaluates the proportion of available nodes in the cluster. When the proportion of non-ready nodes exceeds 45%, protection will be triggered. In this case, all nodes with the ignore-taint.cluster-autoscaler.kubernetes.io taint in the cluster are filtered out from the autoscaler template and recorded as non-ready nodes, which affects cluster scaling.
                                                                                            • cluster-autoscaler.kubernetes.io/enable-ds-eviction: The annotation works on pods, which determines whether DaemonSet pods can be evicted by autoscaler. For details, see Well-Known Labels, Annotations and Taints.
                                                                                            
+
                                                                                          
 
                                                                                          
-
                                                                                          Installing the Add-on
                                                                                          1. Log in to the CCE console, click the cluster name, and access the cluster console. Choose Add-ons in the navigation pane, locate autoscaler on the right, and click Install.
                                                                                          2. Configure add-on installation parameters.
                                                                                            
-
                                                                                      Table 1 Parameters for creating a secret
                                                                                      Parameter
                                                                                      
                                                                                       		
 
                                                                                      Description
                                                                                      
@@ -30,13 +30,13 @@
 
                                                                                      Type
                                                                                      
                                                                                       		
 
                                                                                      Type of the secret you create.
                                                                                      
-
                                                                                      • Opaque: common secret.
                                                                                      • kubernetes.io/dockerconfigjson: a secret that stores the authentication information required for pulling images from a private repository.
                                                                                      • kubernetes.io/tls: Kubernetes TLS secret, which is used to store the certificate required by layer-7 load balancing Services.
                                                                                      • IngressTLS: TLS secret provided by CCE to store the certificate required by layer-7 load balancing Services.
                                                                                      • Other: another type of secret, which is specified manually.
                                                                                      
+
                                                                                      • Opaque: common secret.
                                                                                      • kubernetes.io/dockerconfigjson: a secret that stores the authentication information required for pulling images from a private repository.
                                                                                      • kubernetes.io/tls: Kubernetes TLS secret, which is used to store the certificate required by layer-7 load balancing Services. For details about examples of the kubernetes.io/tls secret and its description, see TLS secrets.
                                                                                      • IngressTLS: TLS secret provided by CCE to store the certificate required by layer-7 load balancing Services.
                                                                                      • Other: another type of secret, which is specified manually.
                                                                                      
                                                                                       		
 
                                                                                      
 
                                                                                      Secret Data
                                                                                      
                                                                                       		
 
                                                                                      Workload secret data can be used in containers.
                                                                                      
-
                                                                                      • If Secret Type is Opaque, click . In the dialog box displayed, enter a key-value pair and select Auto Base64 Encoding.
                                                                                      • If the secret type is kubernetes.io/dockerconfigjson, enter the account and password of the private image repository.
                                                                                      • If Secret Type is kubernetes.io/tls or IngressTLS, upload the certificate file and private key file.
                                                                                         NOTE: 
                                                                                        • A certificate is a self-signed or CA-signed credential used for identity authentication.
                                                                                        • A certificate request is a request for a signature with a private key.
                                                                                        
+
                                                                                        • If Secret Type is Opaque, click . In the dialog box displayed, enter a key-value pair and select Auto Base64 Encoding.
                                                                                        • If Secret Type is kubernetes.io/dockerconfigjson, enter the account and password of the private image repository.
                                                                                        • If Secret Type is kubernetes.io/tls or IngressTLS, upload the certificate file and private key file.
                                                                                           NOTE: 
                                                                                          • A certificate is a self-signed or CA-signed credential used for identity authentication.
                                                                                          • A certificate request is a request for a signature with a private key.
                                                                                          
 
                                                                                          
 
                                                                                        
 
                                                                                      		
 
                                                                                      
 
                                                                                      Deleting secrets in batches
                                                                                      
 
                                                                                      1. Select the secrets to be deleted.
                                                                                      2. Click Delete above the secret list.
                                                                                      3. Follow the prompts to delete the secrets.
                                                                                      
+
                                                                                      1. Select the secrets to be deleted.
                                                                                      2. Click Delete above the secret list.
                                                                                      3. Follow the prompts to delete the secrets.
                                                                                      
                                                                                       		
 
                                                                                      
 
 
                                                                                      Table 1 Specifications configuration
                                                                                      Parameter
                                                                                      
+
                                                                                      Installing the Add-on
                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate autoscaler on the right, and click Install.
                                                                                      2. On the Install Add-on page, configure the specifications.
                                                                                        
+
                                                                                        
@@ -31,62 +34,94 @@
 
-
-
+
+
+
+
+
+
                                                                                        Table 1 Add-on configuration
                                                                                        Parameter
                                                                                        
                                                                                         		
 
                                                                                        Description
                                                                                        
 
                                                                                        The add-on can be deployed in the following specifications:
                                                                                        
 
                                                                                         NOTE: 
                                                                                        When the autoscaler add-on is deployed in HA or customized mode, anti-affinity policies exist between add-on instances and the add-on instances are deployed on different nodes. Therefore, the number of available nodes in the cluster must be greater than or equal to the number of add-on instances to ensure high availability of the add-on.
                                                                                        
 
                                                                                        
-
                                                                                        • Single: The add-on is deployed with only one pod.
                                                                                        • HA50: The add-on is deployed with two pods, serving a cluster with 50 nodes and ensuring high availability.
                                                                                        • HA200: The add-on is deployed with two pods, serving a cluster with 50 nodes and ensuring high availability. Each pod uses more resources than those of the HA50 specification.
                                                                                        • Custom: You can customize the number of pods and specifications as required.
                                                                                        
+
                                                                                        • Single: The add-on is deployed with only one pod.
                                                                                        • HA50: The add-on is deployed with two pods, serving a cluster with 50 nodes and ensuring high availability.
                                                                                        • HA200: The add-on is deployed with two pods, serving a cluster with 200 nodes and ensuring high availability. Each pod uses more resources than those of the HA50 specification.
                                                                                        • Custom: You can customize the number of pods and specifications as required.
                                                                                        
                                                                                         		
 
                                                                                        Multi AZ
                                                                                        
+
                                                                                        Pods
                                                                                        
 
                                                                                        • Preferred: Deployment pods of the add-on are preferentially scheduled to nodes in different AZs. If the nodes in the cluster do not meet the requirements of multiple AZs, the pods are scheduled to a single AZ.
                                                                                        • Required: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. If the nodes in the cluster do not meet the requirements of multiple AZs, not all pods can run.
                                                                                        
+
                                                                                        Number of pods that will be created to match the selected add-on specifications.
                                                                                        
+
                                                                                        If you select Custom, you can adjust the number of pods as required.
                                                                                        
+
                                                                                        Multi-AZ
                                                                                        
+
                                                                                        • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ.
                                                                                        • Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.
                                                                                        
+
                                                                                        Containers
                                                                                        
+
                                                                                        CPU and memory quotas of the container allowed for the selected add-on specifications.
                                                                                        
+
                                                                                        If you select Custom, you can adjust the container specifications as required.
                                                                                        
                                                                                         		
 
                                                                                        
 
 
                                                                                        
 
                                                                                        
-
-
                                                                                        Table 2 Parameter configuration
                                                                                        Parameter
                                                                                        
+
                                                                                      3. Configure the add-on parameters.
                                                                                        
+
                                                                                        
-
-
-
-
-
-
-
-
-
                                                                                        Table 2 Add-on parameters
                                                                                        Parameter
                                                                                        
 
                                                                                        Description
                                                                                        
+
                                                                                        Description
                                                                                        
                                                                                         		
 
                                                                                        
 
                                                                                        Scaling
                                                                                        
+
                                                                                        Scaling
                                                                                        
 
                                                                                        You can select the following options as required:
                                                                                        
-
                                                                                        • Nodes are automatically added (from the node pool) when pods in the cluster cannot be scheduled.
                                                                                          That is, when a pod is in Pending state, automatic scale-out is performed. If a node has been configured as an affinity node for pods, no node will not be automatically added when pods cannot be scheduled. Generally, an HPA policy works with such scaling. For details, see Using HPA and CA for Auto Scaling of Workloads and Nodes.
                                                                                          
-
                                                                                          If this parameter is not selected, scaling can be performed only through node scaling policies.
                                                                                          
-
                                                                                        • Auto node scale-in
                                                                                          • Node Idle Time (min): Time for which a node should be unneeded before it is eligible for scale-down. Default value: 10 minutes.
                                                                                          • Scale-in Threshold: If the percentage of both requested CPU and memory on a node is below this threshold, auto scale-down will be triggered to delete the node from the cluster. The default value is 0.5, which means 50%.
                                                                                          • Stabilization Window (s)
                                                                                            How long after a scale-out that a scale-in evaluation resumes. Default value: 10 minutes.
                                                                                            
-
                                                                                             NOTE: 
                                                                                            If both auto scale-out and scale-in exist in a cluster, you are advised to set How long after a scale-out that a scale-in evaluation resumes to 0 minutes. This can prevent the node scale-in from being blocked due to continuous scale-out of some node pools or retries upon a scale-out failure, resulting in unexpected waste of node resources.
                                                                                            
+
                                                                                        You can select the following options as required:
                                                                                        
+
                                                                                        • Nodes are automatically added (from the node pool) when pods in the cluster cannot be scheduled.
                                                                                          That is, when a pod is in Pending state, automatic scale-out is performed. If a node has been configured as an affinity node for pods, no node will not be automatically added when pods cannot be scheduled. Generally, an HPA policy works with such scaling. For details, see Using HPA and CA for Auto Scaling of Workloads and Nodes.
                                                                                          
+
                                                                                          If this parameter is not selected, scaling can be performed only through node scaling policies.
                                                                                          
+
                                                                                        • Auto node scale-in
                                                                                          • Node Idle Time (min): Time for which a node should be unneeded before it is eligible for scale-down. Default value: 10 minutes.
                                                                                          • Scale-in Threshold: If the percentage of both requested CPU and memory on a node is below this threshold, auto scale-down will be triggered to delete the node from the cluster. The default value is 0.5, which means 50%.
                                                                                          • Stabilization Window (s)
                                                                                            How long after a scale-out that a scale-in evaluation resumes. Default value: 10 minutes.
                                                                                            
+
                                                                                             NOTE: 
                                                                                            If both auto scale-out and scale-in exist in a cluster, set How long after a scale-out that a scale-in evaluation resumes to 0 minutes. This can prevent the node scale-in from being blocked due to continuous scale-out of some node pools or retries upon a scale-out failure, resulting in unexpected waste of node resources.
                                                                                            
 
                                                                                            
-
                                                                                            How long after the node deletion that a scale-in evaluation resumes. Default value: 10 minutes.
                                                                                            
-
                                                                                            How long after a scale-in failure that a scale-in evaluation resumes. Default value: 3 minutes. For details about the impact and relationship between the scale-in cooling intervals configured in the node pool and autoscaler, see Description of the Scale-In Cool-Down Period.
                                                                                            
-
                                                                                          • Max. Nodes for Batch Deletion: Maximum number of empty nodes that can be deleted at the same time. Default value: 10.
                                                                                            This feature applies only to idle nodes. Idle nodes can be concurrently scaled in. Nodes that are not idle can only be scaled in one by one.
                                                                                             NOTE: 
                                                                                            During node scale-in, if the pod on the node does not need to be evicted (such as the pods of DaemonSet), the node is idle. Otherwise, the node is not idle.
                                                                                            
+
                                                                                            How long after the node deletion that a scale-in evaluation resumes. Default value: 10 minutes.
                                                                                            
+
                                                                                            How long after a scale-in failure that a scale-in evaluation resumes. Default value: 3 minutes. For details about the impact and relationship between the scale-in cooling intervals configured in the node pool and autoscaler, see Scale-In Cool-Down Period.
                                                                                            
+
                                                                                          • Max. Nodes for Batch Deletion: Maximum number of empty nodes that can be deleted at the same time. Default value: 10.
                                                                                            This feature applies only to idle nodes. Idle nodes can be concurrently scaled in. Nodes that are not idle can only be scaled in one by one.
                                                                                             NOTE: 
                                                                                            During node scale-in, if the pod on the node does not need to be evicted (such as the pods of DaemonSet), the node is idle. Otherwise, the node is not idle.
                                                                                            
 
                                                                                            
 
                                                                                            
-
                                                                                          • Check Interval: Interval for checking again a node that could not be removed before. Default value: 5 minutes.
                                                                                          
+
                                                                                        • Check Interval: Interval for checking again a node that could not be removed before. Default value: 5 minutes.
                                                                                        
 
                                                                                         		
 
                                                                                        Total Nodes
                                                                                        
+
                                                                                        Total Nodes
                                                                                        
 
                                                                                        Maximum number of nodes that can be managed by the cluster, within which cluster scale-out is performed.
                                                                                        
+
                                                                                        Maximum number of nodes that can be managed by the cluster, within which cluster scale-out is performed.
                                                                                        
                                                                                         		
 
                                                                                        Total CPUs
                                                                                        
+
                                                                                        Total CPUs
                                                                                        
 
                                                                                        Maximum sum of CPU cores of all nodes in a cluster, within which cluster scale-out is performed.
                                                                                        
+
                                                                                        Maximum sum of CPU cores of all nodes in a cluster, within which cluster scale-out is performed.
                                                                                        
                                                                                         		
 
                                                                                        Total Memory (GB)
                                                                                        
+
                                                                                        Total Memory (GB)
                                                                                        
 
                                                                                        Maximum sum of memory of all nodes in a cluster, within which cluster scale-out is performed.
                                                                                        
+
                                                                                        Maximum sum of memory of all nodes in a cluster, within which cluster scale-out is performed.
                                                                                        
                                                                                         		
 
                                                                                        
                                                                                         
 
                                                                                        
 
                                                                                        
-
                                                                                      4. When the configuration is complete, click Install.
                                                                                        5. 
+
                                                                                      5. After the configuration is complete, click Install.
                                                                                        6. 
 
-
                                                                                        Description of the Scale-In Cool-Down Period
                                                                                        Scale-in cooling intervals can be configured in the node pool settings and the autoscaler add-on settings.
                                                                                        
+
                                                                                        Components
                                                                                        
+
                                                                                        
+
+
+
+
+
+
+
+
+
+
                                                                                        Table 3 autoscaler
                                                                                        Container Component
                                                                                        
+
                                                                                        Description
                                                                                        
+
                                                                                        Resource Type
                                                                                        
+
                                                                                        autoscaler
                                                                                        
+
                                                                                        Auto scaling for Kubernetes clusters
                                                                                        
+
                                                                                        Deployment
                                                                                        
+
                                                                                        
+
                                                                                        
+
                                                                                        
+
                                                                                        Scale-In Cool-Down Period
                                                                                        Scale-in cooling intervals can be configured in the node pool settings and the autoscaler add-on settings.
                                                                                        
 
                                                                                        Scale-in cooling interval configured in a node pool
                                                                                        
 
                                                                                        This interval indicates the period during which nodes added to the current node pool after a scale-out operation cannot be deleted. This interval takes effect at the node pool level.
                                                                                        
 
                                                                                        Scale-in cooling interval configured in the autoscaler add-on
                                                                                        
diff --git a/docs/cce/umn/cce_10_0160.html b/docs/cce/umn/cce_10_0160.html
new file mode 100644
index 000000000..d1dc01686
--- /dev/null
+++ b/docs/cce/umn/cce_10_0160.html
@@ -0,0 +1,24 @@
+
+
+
                                                                                        Object Storage Service (OBS)
                                                                                        
+
                                                                                        
+
                                                                                        
+
+
diff --git a/docs/cce/umn/cce_10_0163.html b/docs/cce/umn/cce_10_0163.html
index 2074629dc..887b63b60 100644
--- a/docs/cce/umn/cce_10_0163.html
+++ b/docs/cce/umn/cce_10_0163.html
@@ -1,15 +1,17 @@
 
 
 
                                                                                        Setting Container Specifications
                                                                                        
-
                                                                                        Scenario
                                                                                        CCE allows you to set resource limits for added containers during workload creation. You can apply for and limit the CPU and memory quotas used by each pod in a workload.
                                                                                        
+
                                                                                        Scenario
                                                                                        CCE allows you to set resource requirements and limits, such as CPU and RAM, for added containers during workload creation. Kubernetes also allows using YAML to set requirements of other resource types.
                                                                                        
 
                                                                                        
-
                                                                                        Meanings
                                                                                        For CPU and Memory, the meanings of Request and Limit are as follows:
                                                                                        • Request: Schedules the pod to the node that meets the requirements for workload deployment.
                                                                                        • Limit: Limits the resources used by the workload.
                                                                                        
+
                                                                                        Request and Limit
                                                                                        For CPU and Memory, the meanings of Request and Limit are as follows:
                                                                                        • Request: The system schedules a pod to the node that meets the requirements for workload deployment based on the request value.
                                                                                        • Limit: The system limits the resources used by the workload based on the limit value.
                                                                                        
 
                                                                                        
+
                                                                                        If a node has sufficient resources, the pod on this node can use more resources than requested, but no more than limited.
                                                                                        
+
                                                                                        For example, if you set the memory request of a container to 1 GiB and the limit value to 2 GiB, a pod is scheduled to a node with 8 GiB CPUs with no other pod running. In this case, the pod can use more than 1 GiB memory when the load is heavy, but the memory usage cannot exceed 2 GiB. If a process in a container attempts to use more than 2 GiB resources, the system kernel attempts to terminate the process. As a result, an out of memory (OOM) error occurs.
                                                                                        
 
                                                                                         
                                                                                        When creating a workload, you are advised to set the upper and lower limits of CPU and memory resources. If the upper and lower resource limits are not set for a workload, a resource leak of this workload will make resources unavailable for other workloads deployed on the same node. In addition, workloads that do not have upper and lower resource limits cannot be accurately monitored.
                                                                                        
 
                                                                                        
 
                                                                                        
-
                                                                                        Configuration Description
                                                                                        In actual production services, the recommended ratio of Request to Limit is about 1:1.5. For some sensitive services, the recommended ratio is 1:1. If the Request is too small and the Limit is too large, node resources are overcommitted. During service peaks, the memory or CPU of a node may be used up. As a result, the node is unavailable.
                                                                                        
-
                                                                                        • CPU quotas:
+
                                                                                          Configuration Description
                                                                                          In real-world scenarios, the recommended ratio of Request to Limit is about 1:1.5. For some sensitive services, the recommended ratio is 1:1. If the Request is too small and the Limit is too large, node resources are oversubscribed. During service peaks, the memory or CPU of a node may be used up. As a result, the node is unavailable.
                                                                                          
+
                                                                                          • CPU quota: The unit of CPU resources is core, which can be expressed by quantity or an integer suffixed with the unit (m). For example, 0.1 core in the quantity expression is equivalent to 100m in the expression. However, Kubernetes does not allow CPU resources whose precision is less than 1m.
 
                                                                                            Table 1 Description of CPU quotas
                                                                                            Parameter
                                                                                            
                                                                                             		
 
                                                                                            Description
                                                                                            
@@ -32,7 +34,7 @@
 
                                                                                            Recommended configuration
                                                                                            
 
                                                                                            Actual available CPU of a node ≥ Sum of CPU limits of all containers on the current node ≥ Sum of CPU requests of all containers on the current node. You can view the actual available CPUs of a node on the CCE console (Resource Management > Nodes > Allocatable).
                                                                                            
 
-
                                                                                            • Memory quotas:
+
                                                                                              • Memory quota: The default unit of memory resources is byte. You can also use an integer with the unit suffix, for example, 100 Mi. Note that the unit is case-sensitive.
 
                                                                                                Table 2 Description of memory quotas
                                                                                                Parameter
                                                                                                
                                                                                                 		
 
                                                                                                Description
                                                                                                
@@ -53,16 +55,55 @@
 
                                                                                                
 
                                                                                                
 
                                                                                                Recommended configuration
                                                                                                
-
                                                                                                Actual available memory of a node ≥ Sum of memory limits of all containers on the current node ≥ Sum of memory requests of all containers on the current node. You can view the actual available memory of a node on the CCE console (Resource Management > Nodes > Allocatable).
                                                                                                
+
                                                                                                Actual available memory of a node ≥ Sum of memory limits of all containers on the current node ≥ Sum of memory requests of all containers on the current node. You can view the actual available memory of a node on the CCE console (Resource Management > Nodes > Allocatable).
                                                                                                
 
                                                                                              
-
                                                                                               
                                                                                              The allocatable resources are calculated based on the resource request value (Request), which indicates the upper limit of resources that can be requested by pods on this node, but does not indicate the actual available resources of the node. The calculation formula is as follows:
                                                                                              
+
                                                                                               
                                                                                              The allocatable resources are calculated based on the resource request value (Request), which indicates the upper limit of resources that can be requested by pods on this node, but does not indicate the actual available resources of the node (for details, see Example of CPU and Memory Quota Usage). The calculation formula is as follows:
                                                                                              
 
                                                                                              • Allocatable CPU = Total CPU – Requested CPU of all pods – Reserved CPU for other resources
                                                                                              • Allocatable memory = Total memory – Requested memory of all pods – Reserved memory for other resources
                                                                                              
 
                                                                                              
 
                                                                                              
-
                                                                                              Example
                                                                                              Assume that a cluster contains a node with 4 cores and 8 GB. A workload containing two pods has been deployed on the cluster. The resources of the two pods (pods 1 and 2) are as follows: {CPU request, CPU limit, memory request, memory limit} = {1 core, 2 cores, 2 GB, 2 GB}.
                                                                                              
+
                                                                                              Example of CPU and Memory Quota Usage
                                                                                              Assume that a cluster contains a node with 4 CPU cores and 8 GiB memory. Two pods (pod 1 and pod 2) have been deployed on the cluster. Pod 1 oversubscribes resources (that is Limit > Request). The specifications of the two pods are as follows.
                                                                                              
+
+
                                                                                              
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                              Pod
                                                                                              
+
                                                                                              CPU Request
                                                                                              
+
                                                                                              CPU Limit
                                                                                              
+
                                                                                              Memory Request
                                                                                              
+
                                                                                              Memory Limit
                                                                                              
+
                                                                                              Pod 1
                                                                                              
+
                                                                                              1 core
                                                                                              
+
                                                                                              2 cores
                                                                                              
+
                                                                                              1 GiB
                                                                                              
+
                                                                                              4 GiB
                                                                                              
+
                                                                                              Pod 2
                                                                                              
+
                                                                                              2 cores
                                                                                              
+
                                                                                              2 cores
                                                                                              
+
                                                                                              2 GiB
                                                                                              
+
                                                                                              2 GiB
                                                                                              
+
                                                                                              
+
                                                                                              
 
                                                                                              The CPU and memory usage of the node is as follows:
                                                                                              
-
                                                                                              • Allocatable CPU = 4 cores - (1 core requested by pod 1 + 1 core requested by pod 2) = 2 cores
                                                                                              • Allocatable memory = 8 GB - (2 GB requested by pod 1 + 2 GB requested by pod 2) = 4 GB
                                                                                              
-
                                                                                              Therefore, the remaining 2 cores and 4 GB can be used by the next new pod.
                                                                                              
+
                                                                                              • Allocatable CPUs = 4 cores – (1 core requested by pod 1 + 2 cores requested by pod 2) = 1 core
                                                                                              • Allocatable memory = 8 GiB – (1 GiB requested by pod 1 + 2 GiB requested by pod 2) = 5 GiB
                                                                                              
+
                                                                                              In this case, the remaining 1 core 5 GiB can be used by the next new pod.
                                                                                              
+
                                                                                              If pod 1 is under heavy load during peak hours, it will use more CPUs and memory within the limit. Therefore, the actual allocatable resources are fewer than 1 core 5 GiB.
                                                                                              
 
                                                                                              
 
                                                                                              
 
                                                                                              
diff --git a/docs/cce/umn/cce_10_0164.html b/docs/cce/umn/cce_10_0164.html
index 3724fdfbc..43d22d6d3 100644
--- a/docs/cce/umn/cce_10_0164.html
+++ b/docs/cce/umn/cce_10_0164.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                              Permissions Management
                                                                                              
+
                                                                                              Permissions
                                                                                              
 
                                                                                              
 
                                                                                              
 
                                                                                                
diff --git a/docs/cce/umn/cce_10_0175.html b/docs/cce/umn/cce_10_0175.html
index 30b0a052b..e47737041 100644
--- a/docs/cce/umn/cce_10_0175.html
+++ b/docs/cce/umn/cce_10_0175.html
@@ -1,17 +1,20 @@
 
 
-
                                                                                                Obtaining a Cluster Certificate
                                                                                                
-
                                                                                                Scenario
                                                                                                This section describes how to obtain the cluster certificate from the console and use it to access Kubernetes clusters.
                                                                                                
+
                                                                                                Connecting to a Cluster Using an X.509 Certificate
                                                                                                
+
                                                                                                Scenario
                                                                                                This section describes how to obtain the cluster certificate from the console and use it access Kubernetes clusters.
                                                                                                
 
                                                                                                
-
                                                                                                Procedure
                                                                                                1. Log in to the CCE console and access the cluster console.
                                                                                                2. Choose Cluster Information from the navigation pane and click Download next to Authentication Mode in the Connection Information area.
                                                                                                3. In the Download X.509 Certificate dialog box displayed, select the certificate expiration time and download the X.509 certificate of the cluster as prompted.
                                                                                                  Figure 1 Downloading a certificate
                                                                                                  
+
                                                                                                  Procedure
                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                  2. Choose Cluster Information from the navigation pane and click Download next to Authentication Mode in the Connection Information area.
                                                                                                  3. In the Download X.509 Certificate dialog box displayed, select the certificate expiration time and download the X.509 certificate of the cluster as prompted.
                                                                                                    Figure 1 Downloading a certificate
                                                                                                    
 
                                                                                                     
                                                                                                    • The downloaded certificate contains three files: client.key, client.crt, and ca.crt. Keep these files secure.
                                                                                                    • Certificates are not required for mutual access between containers in a cluster.
                                                                                                    
 
                                                                                                    
+
                                                                                                  4. Call native Kubernetes APIs using the cluster certificate.
                                                                                                    For example, run the curl command to call an API to view the pod information. In the following information,192.168.***.***:5443 indicates the IP address of the API server in the cluster.
                                                                                                    
+
                                                                                                    curl --cacert ./ca.crt --cert ./client.crt --key ./client.key  https://192.168.***.***:5443/api/v1/namespaces/default/pods/
                                                                                                    
+
                                                                                                    For more cluster APIs, see Kubernetes APIs.
                                                                                                    
 
                                                                                                  
 
                                                                                                  
 
                                                                                                
 
                                                                                                
 
                                                                                                
-
                                                                                                Parent topic: Clusters
                                                                                                
+
                                                                                                Parent topic: Connecting to a Cluster
                                                                                                
 
                                                                                                
 
                                                                                                
 
diff --git a/docs/cce/umn/cce_10_0178.html b/docs/cce/umn/cce_10_0178.html
index 3a82c0578..695366ad1 100644
--- a/docs/cce/umn/cce_10_0178.html
+++ b/docs/cce/umn/cce_10_0178.html
@@ -1,86 +1,90 @@
 
 
-
                                                                                                Formula for Calculating the Reserved Resources of a Node
                                                                                                
-
                                                                                                Some of the resources on the node need to run some necessary Kubernetes system components and resources to make the node as part of your cluster. Therefore, the total number of node resources and the number of assignable node resources in Kubernetes are different. The larger the node specifications, the more the containers deployed on the node. Therefore, more node resources need to be reserved to run Kubernetes components.
                                                                                                
-
                                                                                                To ensure node stability, a certain amount of CCE node resources will be reserved for Kubernetes components (such as kubelet, kube-proxy, and docker) based on the node specifications.
                                                                                                
+
                                                                                                Node Resource Reservation Policy
                                                                                                
+
                                                                                                Some node resources are used to run mandatory Kubernetes system components and resources to make the node as part of your cluster. Therefore, the total number of node resources and the amount of allocatable node resources for your cluster are different. The larger the node specifications, the more the containers deployed on the node. Therefore, more node resources need to be reserved to run Kubernetes components.
                                                                                                
+
                                                                                                To ensure node stability, a certain number of CCE node resources will be reserved for Kubernetes components (such as kubelet, kube-proxy, and docker) based on the node specifications.
                                                                                                
 
                                                                                                CCE calculates the resources that can be allocated to user nodes as follows:
                                                                                                
-
                                                                                                Allocatable resources = Total amount - Reserved amount - Eviction threshold
                                                                                                
-
                                                                                                 The memory eviction threshold is fixed at 100 MB.
                                                                                                
+
                                                                                                Allocatable resources = Total amount - Reserved amount - Eviction threshold
                                                                                                
+
                                                                                                The memory eviction threshold is fixed at 100 MiB.
                                                                                                
+
                                                                                                 
                                                                                                Total amount indicates the available memory of the ECS, excluding the memory used by system components. Therefore, the total amount is slightly less than the memory of the node flavor. 
                                                                                                
+
                                                                                                
 
                                                                                                When the memory consumed by all pods on a node increases, the following behaviors may occur:
                                                                                                
-
                                                                                                1. When the available memory on a node is lower than the eviction threshold, kubelet is triggered to evict pods. For details about Kubernetes eviction threshold, see Node-pressure Eviction.
                                                                                                2. If a node triggers an OS Out-Of-Memory (OOM) event before kubelet reclaims memory, the system terminates the container. However, kubelet does not evict the pod, but restarts the container based on the RestartPolicy of the pod.
                                                                                                
-
                                                                                                Rules for Reserving Node Memory
                                                                                                You can use the following formula calculate how much memory you should reserve for running containers on a node:
                                                                                                
-
                                                                                                Total reserved amount = Reserved memory for system components + Reserved memory for kubelet to manage pods
                                                                                                
+
                                                                                                1. When the available memory of the node is lower than the eviction threshold, kubelet is triggered to evict the pod. For details about the eviction threshold in Kubernetes, see Node-pressure Eviction.
                                                                                                2. If a node triggers an OS memory insufficiency event (OOM) before kubelet reclaims memory, the system terminates the container. However, different from pod eviction, kubelet restarts the container based on the RestartPolicy of the pod.
                                                                                                
+
                                                                                                Rules v1 for Reserving Node Memory
                                                                                                 
                                                                                                For clusters of versions earlier than v1.21.4-r0 and v1.23.3-r0, the v1 model is used for node memory reservation. For clusters of v1.21.4-r0, v1.23.3-r0, or later, the node memory reservation model is optimized to v2. For details, see Rules v2 for Reserving Node Memory.
                                                                                                
+
                                                                                                
+
                                                                                                You can use the following formula calculate how much memory you should reserve for running containers on a node:
                                                                                                
+
                                                                                                Total reserved amount = Reserved memory for system components + Reserved memory for kubelet to manage pods
                                                                                                
 
-
                                                                                                Table 1 Reservation rules for system components
                                                                                                Total Memory (TM)
                                                                                                
+
                                                                                                
-
-
-
-
-
-
-
-
-
                                                                                                Table 1 Reservation rules for system components
                                                                                                Total Memory (TM)
                                                                                                
 
                                                                                                Reserved Memory for System Components
                                                                                                
+
                                                                                                Reserved Memory for System Components
                                                                                                
                                                                                                 		
 
                                                                                                
 
                                                                                                TM ≤ 8 GB
                                                                                                
+
                                                                                                TM ≤ 8 GB
                                                                                                
 
                                                                                                0 MB
                                                                                                
+
                                                                                                0 MB
                                                                                                
                                                                                                 		
 
                                                                                                8 GB < TM ≤ 16 GB
                                                                                                
+
                                                                                                8 GB < TM ≤ 16 GB
                                                                                                
 
                                                                                                [(TM – 8 GB) x 1024 x 10%] MB
                                                                                                
+
                                                                                                [(TM – 8 GB) x 1024 x 10%] MB
                                                                                                
                                                                                                 		
 
                                                                                                16 GB < TM ≤ 128 GB
                                                                                                
+
                                                                                                16 GB < TM ≤ 128 GB
                                                                                                
 
                                                                                                [8 GB x 1024 x 10% + (TM – 16 GB) x 1024 x 6%] MB
                                                                                                
+
                                                                                                [8 GB x 1024 x 10% + (TM – 16 GB) x 1024 x 6%] MB
                                                                                                
                                                                                                 		
 
                                                                                                TM > 128 GB
                                                                                                
+
                                                                                                TM > 128 GB
                                                                                                
 
                                                                                                (8 GB x 1024 x 10% + 112 GB x 1024 x 6% + (TM – 128 GB) x 1024 x 2%) MB
                                                                                                
+
                                                                                                (8 GB x 1024 x 10% + 112 GB x 1024 x 6% + (TM – 128 GB) x 1024 x 2%) MB
                                                                                                
                                                                                                 		
 
                                                                                                
                                                                                                 
 
                                                                                                
 
                                                                                                
 
-
                                                                                                Table 2 Reservation rules for kubelet
                                                                                                Total Memory (TM)
                                                                                                
+
                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -89,52 +93,52 @@
 
                                                                                                 
                                                                                                For a small-capacity node, adjust the maximum number of instances based on the site requirements. Alternatively, when creating a node on the CCE console, you can adjust the maximum number of instances for the node based on the node specifications.
                                                                                                
 
                                                                                                
-
                                                                                                Rules for Reserving Node Memory (v2)
                                                                                                For clusters of v1.21.4-r0, v1.23.3-r0, or later, the node memory reservation model is optimized to V2 and can be dynamically adjusted using the node pool parameters kube-reserved-mem and system-reserved-mem. For details, see Managing a Node Pool.
                                                                                                
-
                                                                                                The total reserved node memory of the V2 model is equal to the sum of that reserved for the OS and that reserved for CCE to manage pods.
                                                                                                
+
                                                                                                Rules v2 for Reserving Node Memory
                                                                                                For clusters of v1.21.4-r0, v1.23.3-r0, or later, the node memory reservation model is optimized to v2 and can be dynamically adjusted using the node pool parameters kube-reserved-mem and system-reserved-mem. For details, see Managing a Node Pool.
                                                                                                
+
                                                                                                The total reserved node memory of the v2 model is equal to the sum of that reserved for the OS and that reserved for CCE to manage pods.
                                                                                                
 
                                                                                                Reserved memory includes basic and floating parts. For the OS, the floating memory depends on the node specifications. For CCE, the floating memory depends on the number of pods on a node.
                                                                                                
 
-
                                                                                                Table 2 Reservation rules for kubelet
                                                                                                Total Memory (TM)
                                                                                                
 
                                                                                                Number of Pods
                                                                                                
+
                                                                                                Number of Pods
                                                                                                
 
                                                                                                Reserved Memory for kubelet
                                                                                                
+
                                                                                                Reserved Memory for kubelet
                                                                                                
                                                                                                 		
 
                                                                                                
 
                                                                                                TM ≤ 2 GB
                                                                                                
+
                                                                                                TM ≤ 2 GB
                                                                                                
 
                                                                                                -
                                                                                                
+
                                                                                                None
                                                                                                
 
                                                                                                TM x 25%
                                                                                                
+
                                                                                                TM x 25%
                                                                                                
                                                                                                 		
 
                                                                                                TM > 2 GB
                                                                                                
+
                                                                                                TM > 2 GB
                                                                                                
 
                                                                                                0 < Max. pods on a node ≤ 16
                                                                                                
+
                                                                                                0 < Max. pods on a node ≤ 16
                                                                                                
 
                                                                                                700 MB
                                                                                                
+
                                                                                                700 MB
                                                                                                
                                                                                                 		
 
                                                                                                16 < Max. pods on a node ≤ 32
                                                                                                
+
                                                                                                16 < Max. pods on a node ≤ 32
                                                                                                
 
                                                                                                [700 + (Max. pods on a node – 16) x 18.75] MB
                                                                                                
+
                                                                                                [700 + (Max. pods on a node – 16) x 18.75] MB
                                                                                                
                                                                                                 		
 
                                                                                                32 < Max. pods on a node ≤ 64
                                                                                                
+
                                                                                                32 < Max. pods on a node ≤ 64
                                                                                                
 
                                                                                                [1024 + (Max. pods on a node – 32) x 6.25] MB
                                                                                                
+
                                                                                                [1024 + (Max. pods on a node – 32) x 6.25] MB
                                                                                                
                                                                                                 		
 
                                                                                                64 < Max. pods on a node ≤ 128
                                                                                                
+
                                                                                                64 < Max. pods on a node ≤ 128
                                                                                                
 
                                                                                                [1230 + (Max. pods on a node – 64) x 7.80] MB
                                                                                                
+
                                                                                                [1230 + (Max. pods on a node – 64) x 7.80] MB
                                                                                                
                                                                                                 		
 
                                                                                                Max. pods on a node > 128
                                                                                                
+
                                                                                                Max. pods on a node > 128
                                                                                                
 
                                                                                                [1740 + (Max. pods on a node – 128) x 11.20] MB
                                                                                                
+
                                                                                                [1740 + (Max. pods on a node – 128) x 11.20] MB
                                                                                                
                                                                                                 		
 
                                                                                                
                                                                                                 
 
                                                                                                Table 3 Rules for reserving node memory (v2)
                                                                                                Reserved for
                                                                                                
+
                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -143,76 +147,42 @@
 
                                                                                                Rules for Reserving Node CPU
                                                                                                
-
                                                                                                Table 3 Rules for reserving node memory v2
                                                                                                Reserved for
                                                                                                
 
                                                                                                Basic/Floating
                                                                                                
+
                                                                                                Basic/Floating
                                                                                                
 
                                                                                                Reservation
                                                                                                
+
                                                                                                Reservation
                                                                                                
 
                                                                                                Used by
                                                                                                
+
                                                                                                Used by
                                                                                                
                                                                                                 		
 
                                                                                                
 
                                                                                                OS
                                                                                                
+
                                                                                                OS
                                                                                                
 
                                                                                                Basic
                                                                                                
+
                                                                                                Basic
                                                                                                
 
                                                                                                400 MB (fixed)
                                                                                                
+
                                                                                                400 MB (fixed)
                                                                                                
 
                                                                                                OS service components such as sshd and systemd-journald.
                                                                                                
+
                                                                                                OS service components such as sshd and systemd-journald.
                                                                                                
                                                                                                 		
 
                                                                                                Floating (depending on the node memory)
                                                                                                
+
                                                                                                Floating (depending on the node memory)
                                                                                                
 
                                                                                                25MB/GB
                                                                                                
+
                                                                                                25 MB/GB
                                                                                                
 
                                                                                                Kernel
                                                                                                
+
                                                                                                Kernel
                                                                                                
                                                                                                 		
 
                                                                                                CCE
                                                                                                
+
                                                                                                CCE
                                                                                                
 
                                                                                                Basic
                                                                                                
+
                                                                                                Basic
                                                                                                
 
                                                                                                500 MB (fixed)
                                                                                                
+
                                                                                                500 MB (fixed)
                                                                                                
 
                                                                                                Container engine components, such as kubelet and kube-proxy, when the node is unloaded
                                                                                                
+
                                                                                                Container engine components, such as kubelet and kube-proxy, when the node is unloaded
                                                                                                
                                                                                                 		
 
                                                                                                Floating (depending on the number of pods on the node)
                                                                                                
+
                                                                                                Floating (depending on the number of pods on the node)
                                                                                                
 
                                                                                                Docker: 20 MB/pod
                                                                                                
+
                                                                                                Docker: 20 MB/pod
                                                                                                
 
                                                                                                containerd: 5 MB/pod
                                                                                                
 
                                                                                                Container engine components when the number of pods increases
                                                                                                
-
                                                                                                 NOTE: 
                                                                                                When the v2 model reserves memory for a node by default, the default maximum number of pods is estimated based on the memory. For details, see Default Maximum Number of Pods on a Node.
                                                                                                
+
                                                                                                Container engine components when the number of pods increases
                                                                                                
+
                                                                                                 NOTE: 
                                                                                                When the v2 model reserves memory for a node by default, the default maximum number of pods is estimated based on the memory. For details, see Table 1.
                                                                                                
 
                                                                                                
                                                                                                 		
 
                                                                                                
 
 
                                                                                                Table 4 Node CPU reservation rules
                                                                                                Total CPU Cores (Total)
                                                                                                
+
                                                                                                
-
-
-
-
-
-
-
-
-
                                                                                                Table 4 Node CPU reservation rules
                                                                                                Total CPU Cores (Total)
                                                                                                
 
                                                                                                Reserved CPU Cores
                                                                                                
+
                                                                                                Reserved CPU Cores
                                                                                                
                                                                                                 		
 
                                                                                                
 
                                                                                                Total ≤ 1 core
                                                                                                
+
                                                                                                Total ≤ 1 core
                                                                                                
 
                                                                                                Total x 6%
                                                                                                
+
                                                                                                Total x 6%
                                                                                                
                                                                                                 		
 
                                                                                                1 core < Total ≤ 2 cores
                                                                                                
+
                                                                                                1 core < Total ≤ 2 cores
                                                                                                
 
                                                                                                1 core x 6% + (Total – 1 core) x 1%
                                                                                                
+
                                                                                                1 core x 6% + (Total – 1 core) x 1%
                                                                                                
                                                                                                 		
 
                                                                                                2 cores < Total ≤ 4 cores
                                                                                                
+
                                                                                                2 cores < Total ≤ 4 cores
                                                                                                
 
                                                                                                1 core x 6% + 1 core x 1% + (Total – 2 cores) x 0.5%
                                                                                                
+
                                                                                                1 core x 6% + 1 core x 1% + (Total – 2 cores) x 0.5%
                                                                                                
                                                                                                 		
 
                                                                                                Total > 4 cores
                                                                                                
+
                                                                                                Total > 4 cores
                                                                                                
 
                                                                                                1 core x 6% + 1 core x 1% + 2 cores x 0.5% + (Total – 4 cores) x 0.25%
                                                                                                
+
                                                                                                1 core x 6% + 1 core x 1% + 2 cores x 0.5% + (Total – 4 cores) x 0.25%
                                                                                                
                                                                                                 		
 
                                                                                                
                                                                                                 
 
                                                                                                
 
                                                                                                
 
-
                                                                                                Default Maximum Number of Pods on a Node
                                                                                                
-
                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                Table 5 Default maximum number of pods on a node
                                                                                                Memory
                                                                                                
-
                                                                                                Default Maximum Number of Pods
                                                                                                
-
                                                                                                4 GB
                                                                                                
-
                                                                                                20
                                                                                                
-
                                                                                                8 GB
                                                                                                
-
                                                                                                40
                                                                                                
-
                                                                                                16 GB
                                                                                                
-
                                                                                                60
                                                                                                
-
                                                                                                32 GB
                                                                                                
-
                                                                                                80
                                                                                                
-
                                                                                                64 GB or above
                                                                                                
-
                                                                                                110
                                                                                                
-
                                                                                                
-
                                                                                                
+
                                                                                                Rules for CCE to Reserve Data Disks on Nodes
                                                                                                CCE uses Logical Volume Manager (LVM) to manage disks. LVM creates a metadata area on a disk to store logical and physical volumes, occupying 4 MiB space. Therefore, the actual available disk space of a node is equal to the disk size minus 4 MiB.
                                                                                                
 
                                                                                                
 
                                                                                                
 
                                                                                                
 
                                                                                                
-
                                                                                                Parent topic: Node Overview
                                                                                                
+
                                                                                                Parent topic: Node O&M
                                                                                                
 
                                                                                                
 
                                                                                                
 
diff --git a/docs/cce/umn/cce_10_0180.html b/docs/cce/umn/cce_10_0180.html
index 4714e0580..ccd0150c7 100644
--- a/docs/cce/umn/cce_10_0180.html
+++ b/docs/cce/umn/cce_10_0180.html
@@ -1,23 +1,92 @@
 
 
 
                                                                                                Node Overview
                                                                                                
-
                                                                                                
-
                                                                                                
-
+
                                                                                                Introduction
                                                                                                A container cluster consists of a set of worker machines, called nodes, that run containerized applications. A node can be a virtual machine (VM) or a physical machine (PM), depending on your service requirements. The components on a node include kubelet, container runtime, and kube-proxy.
                                                                                                
+
                                                                                                 
                                                                                                A Kubernetes cluster consists of master nodes and worker nodes. The nodes described in this section refer to worker nodes, the computing nodes of a cluster that run containerized applications.
                                                                                                
+
                                                                                                
+
                                                                                                CCE uses high-performance Elastic Cloud Servers (ECSs) as nodes to build highly available Kubernetes clusters.
                                                                                                
+
                                                                                                
+
                                                                                                Supported Node Specifications
                                                                                                Different regions support different node flavors, and node flavors may be changed. Log in to the CCE console and check whether the required node flavors are supported on the page for creating nodes.
                                                                                                
+
                                                                                                
+
                                                                                                Underlying File Storage System of Docker
                                                                                                • In clusters of v1.15.6 or earlier, the underlying file storage system uses the XFS format.
                                                                                                • In clusters of v1.15.11 or later, after a node is created or reset, the underlying file storage system uses the ext4 format.
                                                                                                
+
                                                                                                For containerized applications that use the XFS format, pay attention to the impact of the underlying file storage format change. (The sequence of files in different file systems is different. For example, some Java applications reference a JAR package, but the directory contains multiple versions of the JAR package. If the version is not specified, the actual referenced package is determined by the system file.)
                                                                                                
+
                                                                                                Run the docker info | grep "Backing Filesystem" command to check the format of the Docker underlying storage file used by the current node.
                                                                                                
+
                                                                                                
+
                                                                                                Paas User and User Group
                                                                                                When you create a node in a CCE cluster, a paas user or user group is created on the node by default. CCE components and CCE add-ons on a node run as a non-root user (paas user/user group) to minimize the running permission. If the paas user or user group is modified, CCE components and pods may fail to run properly.
                                                                                                
+
                                                                                                 
                                                                                                The normal running of CCE components depends on the paas user or user group. Pay attention to the following requirements:
                                                                                                
+
                                                                                                • Do not modify the directory permission and container directory permission on a node.
                                                                                                • Do not change the GID and UID of the paas user or user group.
                                                                                                • Do not directly use the paas user or user group to set the user and group to which the service file belongs.
                                                                                                
+
                                                                                                
+
                                                                                                
+
                                                                                                Node Lifecycle
                                                                                                A lifecycle indicates the node statuses recorded from the time when the node is created through the time when the node is deleted or released.
                                                                                                
 
+
                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                Table 1 Node statuses
                                                                                                Status
                                                                                                
+
                                                                                                Status Attribute
                                                                                                
+
                                                                                                Description
                                                                                                
+
                                                                                                Running
                                                                                                
+
                                                                                                Stable state
                                                                                                
+
                                                                                                The node is running properly and is connected to the cluster.
                                                                                                
+
                                                                                                Nodes in this state can provide services.
                                                                                                
+
                                                                                                Unavailable
                                                                                                
+
                                                                                                Stable state
                                                                                                
+
                                                                                                The node is not running properly.
                                                                                                
+
                                                                                                Instances in this state no longer provide services. In this case, perform the operations in Resetting a Node.
                                                                                                
+
                                                                                                Creating
                                                                                                
+
                                                                                                Intermediate state
                                                                                                
+
                                                                                                The node has been created but is not running.
                                                                                                
+
                                                                                                Installing
                                                                                                
+
                                                                                                Intermediate state
                                                                                                
+
                                                                                                The Kubernetes software is being installed on the node.
                                                                                                
+
                                                                                                Deleting
                                                                                                
+
                                                                                                Intermediate state
                                                                                                
+
                                                                                                The node is being deleted.
                                                                                                
+
                                                                                                If this state stays for a long time, an exception occurred.
                                                                                                
+
                                                                                                Stopped
                                                                                                
+
                                                                                                Stable state
                                                                                                
+
                                                                                                The node is stopped properly.
                                                                                                
+
                                                                                                A node in this state cannot provide services. You can start the node on the ECS console.
                                                                                                
+
                                                                                                Error
                                                                                                
+
                                                                                                Stable state
                                                                                                
+
                                                                                                The node is abnormal.
                                                                                                
+
                                                                                                Instances in this state no longer provide services. In this case, perform the operations in Resetting a Node.
                                                                                                
+
                                                                                                
+
                                                                                                
+
                                                                                                
+
                                                                                                
+
                                                                                                
 
                                                                                                
 
                                                                                                Parent topic: Nodes
                                                                                                
 
                                                                                                
diff --git a/docs/cce/umn/cce_10_0182.html b/docs/cce/umn/cce_10_0182.html
index a1e81f00a..64c2ec7ea 100644
--- a/docs/cce/umn/cce_10_0182.html
+++ b/docs/cce/umn/cce_10_0182.html
@@ -3,92 +3,272 @@
 
                                                                                                Monitoring Overview
                                                                                                
 
                                                                                                CCE works with AOM to comprehensively monitor clusters. When a node is created, the ICAgent (the DaemonSet named icagent in the kube-system namespace of the cluster) of AOM is installed by default. The ICAgent collects monitoring data of underlying resources and workloads running on the cluster. It also collects monitoring data of custom metrics of the workload.
                                                                                                
 
                                                                                                • Resource metrics
                                                                                                  Basic resource monitoring includes CPU, memory, and disk monitoring. For details, see Resource Metrics. You can view these metrics of clusters, nodes, and workloads on the CCE or AOM console.
                                                                                                  
-
                                                                                                • Custom metrics
                                                                                                  The ICAgent collects custom metrics of applications and uploads them to AOM. For details, see Custom Monitoring.
                                                                                                  
+
                                                                                                • Custom metrics
                                                                                                  The ICAgent collects custom metrics of applications and uploads them to AOM. For details, see Monitoring Custom Metrics on AOM.
                                                                                                  
 
                                                                                                
 
                                                                                                Resource Metrics
                                                                                                On the CCE console, you can view the following metrics.
                                                                                                
-
-
                                                                                                
-
-
diff --git a/docs/cce/umn/cce_10_0186.html b/docs/cce/umn/cce_10_0186.html
index e761b9938..bb1f163a9 100644
--- a/docs/cce/umn/cce_10_0186.html
+++ b/docs/cce/umn/cce_10_0186.html
@@ -3,18 +3,18 @@
 
                                                                                                Deleting a Node
                                                                                                Scenario
                                                                                                When a node in a CCE cluster is deleted, services running on the node will also be deleted. Exercise caution when performing this operation.
                                                                                                
 
                                                                                                
-
                                                                                                Notes and Constraints
                                                                                                • VM nodes that are being used by CCE do not support deletion on the ECS page.
                                                                                                
+
                                                                                                Constraints
                                                                                                • VM nodes that are being used by CCE do not support deletion on the ECS page.
                                                                                                • Deleting a node will cause PVC/PV data loss for the local PVs associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled.
                                                                                                
 
                                                                                                
 
                                                                                                Precautions
                                                                                                • Deleting a node will lead to pod migration, which may affect services. Perform this operation during off-peak hours.
                                                                                                • Unexpected risks may occur during the operation. Back up related data in advance.
                                                                                                • During the operation, the backend will set the node to the unschedulable state.
                                                                                                • Only worker nodes can be deleted.
                                                                                                
 
                                                                                                
-
                                                                                                Procedure
                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster.
                                                                                                2. In the navigation pane, choose Nodes. In the same row as the node you will delete, choose More > Delete.
                                                                                                3. In the Delete Node dialog box, click Yes.
                                                                                                   
                                                                                                  • After the node is deleted, pods on it are automatically migrated to other available nodes. 
                                                                                                  • If the disks and EIPs bound to the node are important resources, unbind them first. Otherwise, they will be deleted with the node.
                                                                                                  
+
                                                                                                  Procedure
                                                                                                  1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                  2. In the navigation pane, choose Nodes. In the same row as the node you will delete, choose More > Delete.
                                                                                                  3. In the Delete Node dialog box, click Yes.
                                                                                                     
                                                                                                    • After the node is deleted, pods on it are automatically migrated to other available nodes. 
                                                                                                    • If the disks and EIPs bound to the node are important resources, unbind them first. Otherwise, they will be deleted with the node.
                                                                                                    
 
                                                                                                    
 
                                                                                                  
 
                                                                                                  
 
                                                                                                  
 
                                                                                                  
 
                                                                                                  
-
                                                                                                  Parent topic: Nodes
                                                                                                  
+
                                                                                                  Parent topic: Management Nodes
                                                                                                  
 
                                                                                                  
 
                                                                                                  
 
diff --git a/docs/cce/umn/cce_10_0187.html b/docs/cce/umn/cce_10_0187.html
index d46c4e6c8..c0c4ee7e8 100644
--- a/docs/cce/umn/cce_10_0187.html
+++ b/docs/cce/umn/cce_10_0187.html
@@ -4,13 +4,12 @@
 
                                                                                                  CCE permissions management allows you to assign permissions to IAM users and user groups under your tenant accounts. CCE combines the advantages of Identity and Access Management (IAM) and Kubernetes Role-based Access Control (RBAC) authorization to provide a variety of authorization methods, including IAM fine-grained authorization, IAM token authorization, cluster-scoped authorization, and namespace-wide authorization.
                                                                                                  
 
                                                                                                  CCE allows you to manage permissions on clusters and related resources at a finer granularity, for example, to control the access of employees in different departments to cloud resources.
                                                                                                  
 
                                                                                                  This section describes the CCE permissions management mechanism and related concepts. If your account has met your service requirements, you can skip the configurations in this chapter.
                                                                                                  
-
                                                                                                  CCE Permissions Management
                                                                                                  CCE permissions are described as follows:
                                                                                                  • Cluster-level permissions: Cluster-level permissions management evolves out of the system policy authorization feature of IAM. IAM users in the same user group have the same permissions. On IAM, you can configure system policies to describe which IAM user groups can perform which operations on cluster resources. For example, you can grant user group A to create and delete cluster X, add a node, or install an add-on, while granting user group B to view information about cluster X. 
                                                                                                    Cluster-level permissions involve CCE non-Kubernetes APIs and support fine-grained IAM policies.
                                                                                                    
+
                                                                                                    CCE Permissions Management
                                                                                                    CCE permissions are described as follows:
                                                                                                    • Cluster-level permissions: Cluster-level permissions management evolves out of the system policy authorization feature of IAM. IAM users in the same user group have the same permissions. On IAM, you can configure system policies to describe which IAM user groups can perform which operations on cluster resources. For example, you can grant user group A to create and delete cluster X, add a node, or install an add-on, while granting user group B to view information about cluster X. 
                                                                                                      Cluster-level permissions involve non-Kubernetes APIs in CCE clusters and support fine-grained IAM policies.
                                                                                                      
 
                                                                                                    • Namespace-level permissions: You can regulate users' or user groups' access to Kubernetes resources in a single namespace based on their Kubernetes RBAC roles. CCE has also been enhanced based on open-source capabilities. It supports RBAC authorization based on IAM user or user group, and RBAC authentication on access to APIs using IAM tokens.
                                                                                                      Namespace-level permissions involve CCE Kubernetes APIs and are enhanced based on the Kubernetes RBAC capabilities. Namespace-level permissions can be granted to IAM users or user groups for authentication and authorization, but are independent of fine-grained IAM policies.
                                                                                                      
-
                                                                                                      Starting from version 1.11.7-r2, CCE clusters allow you to configure namespace permissions. Clusters earlier than v1.11.7-r2 have all namespace permissions by default.
                                                                                                      
 
                                                                                                    
 
                                                                                                    
 
                                                                                                    In general, you configure CCE permissions in two scenarios. The first is creating and managing clusters and related resources, such as nodes. The second is creating and using Kubernetes resources in the cluster, such as workloads and Services.
                                                                                                    
-
                                                                                                    Figure 1 Illustration on CCE permissions
                                                                                                    
+
                                                                                                    Figure 1 Illustration on CCE permissions
                                                                                                    
 
                                                                                                    These permissions allow you to manage resource users at a finer granularity.
                                                                                                    
 
                                                                                                    
 
                                                                                                    Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based)
                                                                                                    Users with different cluster permissions (assigned using IAM) have different namespace permissions (assigned using Kubernetes RBAC). Table 1 lists the namespace permissions of different users.
                                                                                                    
@@ -51,7 +50,7 @@
 
                                                                                                    
 
                                                                                                    
 
                                                                                                    
-
                                                                                                    Parent topic: Permissions Management
                                                                                                    
+
                                                                                                    Parent topic: Permissions
                                                                                                    
 
                                                                                                    
 
                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0188.html b/docs/cce/umn/cce_10_0188.html
index be0f7bceb..b25cd5924 100644
--- a/docs/cce/umn/cce_10_0188.html
+++ b/docs/cce/umn/cce_10_0188.html
@@ -2,20 +2,20 @@
 
 
                                                                                                    Cluster Permissions (IAM-based)
                                                                                                    
 
                                                                                                    CCE cluster-level permissions are assigned based on IAM system policies and custom policies. You can use user groups to assign permissions to IAM users.
                                                                                                    
-
                                                                                                     
                                                                                                    Cluster permissions are configured only for cluster-related resources (such as clusters and nodes). You must also configure namespace permissions to operate Kubernetes resources (such as workloads and Services).
                                                                                                    
+
                                                                                                     
                                                                                                    • Cluster permissions are granted for users to operate cluster-related resources only (such as clusters and nodes). To operate Kubernetes resources like workloads and Services, you must be granted the namespace permissions at the same time.
                                                                                                    • When viewing a cluster on the CCE console, the information displayed depends on the namespace permissions. If you have no namespace permissions, you cannot view the resources in the cluster. For details, see Permission Dependency of the CCE Console.
                                                                                                    
 
                                                                                                    
 
                                                                                                    Prerequisites
                                                                                                    • A user with the Security Administrator role (for example, your account) has all IAM permissions except role switching. Only these users can view user groups and their permissions on the Permissions page on the CCE console.
                                                                                                    
 
                                                                                                    
 
                                                                                                    Configuration
                                                                                                    On the CCE console, when you choose Permissions > Cluster-Level Permissions to create a user group, you will be directed to the IAM console to complete the process. After the user group is created and its permissions are configured, you can view the information on the Cluster-Level Permissions tab page. This section describes the operations in IAM.
                                                                                                    
 
                                                                                                    
-
                                                                                                    Process Flow
                                                                                                    Figure 1 Process of assigning CCE permissions
                                                                                                    
+
                                                                                                    Process Flow
                                                                                                    Figure 1 Process of assigning CCE permissions
                                                                                                    
 
                                                                                                    
 
                                                                                                    1. Create a user group and assign permissions to it.
                                                                                                      Create a user group on the IAM console, and assign CCE permissions, for example, the CCEReadOnlyAccess policy to the group.
                                                                                                      
 
                                                                                                       
                                                                                                      CCE is deployed by region. On the IAM console, select Region-specific projects when assigning CCE permissions.
                                                                                                      
 
                                                                                                      
 
                                                                                                    2. Create a user and add it to a user group.
                                                                                                      Create a user on the IAM console and add the user to the group created in 1.
                                                                                                      
 
                                                                                                    3. Log in and verify permissions.
                                                                                                      Log in to the management console as the user you created, and verify that the user has the assigned permissions.
                                                                                                      
-
                                                                                                      • Log in to the management console, switch to the CCE console, and buy a cluster. If you fail to do so (assuming that only the CCEReadOnlyAccess permission is assigned), the permission control policy takes effect.
                                                                                                      • Switch to the console of any other service. If a message appears indicating that you do not have the required permissions to access the service, the CCEReadOnlyAccess policy takes effect.
                                                                                                      
+
                                                                                                      • Log in to the management console, switch to the CCE console, and buy a cluster. If you fail to do so (assuming that only the CCEReadOnlyAccess permission is assigned), the CCEReadOnlyAccess policy takes effect.
                                                                                                      • Switch to the console of any other service. If a message appears indicating that you do not have the required permissions for accessing the service, the CCEReadOnlyAccess policy takes effect.
                                                                                                      
 
                                                                                                    
 
                                                                                                    
 
                                                                                                    System-defined Roles
                                                                                                    Roles are a type of coarse-grained authorization mechanism that defines service-level permissions based on user responsibilities. Only a limited number of service-level roles are available for authorization. Roles are not ideal for fine-grained authorization and least privilege access.
                                                                                                    
@@ -82,7 +82,7 @@
 
                                                                                                  
 
                                                                                                  
 
                                                                                                  When RBAC and IAM policies co-exist, the backend authentication logic for open APIs or console operations on CCE is as follows:
                                                                                                  
-
                                                                                                  
+
                                                                                                  
 
                                                                                                   
                                                                                                  Certain CCE APIs involve namespace-level permissions or key operations and therefore, they require special permissions:
                                                                                                  
 
                                                                                                  Using clusterCert to obtain the cluster kubeconfig: cceadm/teadmin
                                                                                                  
 
                                                                                                  
@@ -90,7 +90,7 @@
 
                                                                                                  
 
                                                                                                  
 
                                                                                                  
-
                                                                                                  Parent topic: Permissions Management
                                                                                                  
+
                                                                                                  Parent topic: Permissions
                                                                                                  
 
                                                                                                  
 
                                                                                                  
 
diff --git a/docs/cce/umn/cce_10_0189.html b/docs/cce/umn/cce_10_0189.html
index 867197009..196f53cfb 100644
--- a/docs/cce/umn/cce_10_0189.html
+++ b/docs/cce/umn/cce_10_0189.html
@@ -4,54 +4,54 @@
 
                                                                                                  Namespace Permissions (Kubernetes RBAC-based)
                                                                                                  You can regulate users' or user groups' access to Kubernetes resources in a single namespace based on their Kubernetes RBAC roles. The RBAC API declares four kinds of Kubernetes objects: Role, ClusterRole, RoleBinding, and ClusterRoleBinding, which are described as follows:
                                                                                                  
 
                                                                                                  • Role: defines a set of rules for accessing Kubernetes resources in a namespace.
                                                                                                  • RoleBinding: defines the relationship between users and roles.
                                                                                                  • ClusterRole: defines a set of rules for accessing Kubernetes resources in a cluster (including all namespaces).
                                                                                                  • ClusterRoleBinding: defines the relationship between users and cluster roles.
                                                                                                  
 
                                                                                                  Role and ClusterRole specify actions that can be performed on specific resources. RoleBinding and ClusterRoleBinding bind roles to specific users, user groups, or ServiceAccounts. Illustration:
                                                                                                  
-
                                                                                                  Figure 1 Role binding
                                                                                                  
-
                                                                                                  On the CCE console, you can assign permissions to a user or user group to access resources in one or multiple namespaces. By default, the CCE console provides the following ClusterRoles:
                                                                                                  
-
                                                                                                  • view (read-only): read-only permission on most resources in all or selected namespaces.
                                                                                                  • edit (development): read and write permissions on most resources in all or selected namespaces. If this ClusterRole is configured for all namespaces, its capability is the same as the O&M permission.
                                                                                                  • admin (O&M): read and write permissions on most resources in all namespaces, and read-only permission on nodes, storage volumes, namespaces, and quota management.
                                                                                                  • cluster-admin (administrator): read and write permissions on all resources in all namespaces.
                                                                                                  • drainage-editor: drain a node.
                                                                                                  • drainage-viewer: view the nodal drainage status but cannot drain a node.
                                                                                                  
+
                                                                                                  Figure 1 Role binding
                                                                                                  
+
                                                                                                  On the CCE console, you can assign permissions to a user or user group to access resources in one or multiple namespaces. By default, the CCE console provides the following ClusterRoles:
                                                                                                  • view (read-only): read-only permission on most resources in all or selected namespaces.
                                                                                                  • edit (development): read and write permissions on most resources in all or selected namespaces. If this ClusterRole is configured for all namespaces, its capability is the same as the O&M permission.
                                                                                                  • admin (O&M): read and write permissions on most resources in all namespaces, and read-only permission on nodes, storage volumes, namespaces, and quota management.
                                                                                                  • cluster-admin (administrator): read and write permissions on all resources in all namespaces.
                                                                                                  • drainage-editor: drain a node.
                                                                                                  • drainage-viewer: view the nodal drainage status but cannot drain a node.
                                                                                                  
 
                                                                                                  
-
                                                                                                  Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based)
                                                                                                  Users with different cluster permissions (assigned using IAM) have different namespace permissions (assigned using Kubernetes RBAC). Table 1 lists the namespace permissions of different users.
                                                                                                  
+
                                                                                                  
+
                                                                                                  Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based)
                                                                                                  Users with different cluster permissions (assigned using IAM) have different namespace permissions (assigned using Kubernetes RBAC). Table 1 lists the namespace permissions of different users.
                                                                                                  
 
-
                                                                                                Table 1 Resource metrics
                                                                                                Metric
                                                                                                
+
+
                                                                                                On the AOM console, you can view host metrics and container metrics.
                                                                                                
+
+
                                                                                                Viewing Cluster Monitoring Data
                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                2. CCE allows you to view the monitoring data of all nodes. Choose Clusters from the navigation pane. Click the cluster name, and information like CPU Metrics and Memory of all nodes (excluding master nodes) in the last hour, the Status, AZ are displayed.
                                                                                                  
+
                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                  Table 1 Cluster monitoring metrics
                                                                                                  Metric
                                                                                                  
 
                                                                                                  Description
                                                                                                  
+
                                                                                                  Description
                                                                                                  
                                                                                                   		
 
                                                                                                  
 
                                                                                                  CPU Allocation Rate
                                                                                                  
+
                                                                                                  CPU Allocation (%)
                                                                                                  
 
                                                                                                  Indicates the percentage of CPUs allocated to workloads.
                                                                                                  
+
                                                                                                  A metric indicates the percentage of CPUs allocated to workloads.
                                                                                                  
+
                                                                                                  CPU Allocation (%) = Sum of CPU quotas requested by running pods in the cluster/Sum of CPU quotas that can be allocated from all nodes (excluding master nodes) to workloads
                                                                                                  
                                                                                                   		
 
                                                                                                  Memory Allocation Rate
                                                                                                  
+
                                                                                                  Memory Allocation (%)
                                                                                                  
 
                                                                                                  Indicates the percentage of memory allocated to workloads.
                                                                                                  
+
                                                                                                  A metric indicates the percentage of memory allocated to workloads.
                                                                                                  
+
                                                                                                  Memory Allocation (%) = Sum of memory quotas requested by running pods in the cluster/Sum of memory quotas that can be allocated from all nodes (excluding master nodes) to workloads
                                                                                                  
                                                                                                   		
 
                                                                                                  CPU Usage
                                                                                                  
+
                                                                                                  CPU Usage (%)
                                                                                                  
 
                                                                                                  Indicates the CPU usage.
                                                                                                  
+
                                                                                                  A metric indicates the CPU usage of the cluster.
                                                                                                  
+
                                                                                                  This metric is the average CPU usage of all nodes (excluding master nodes) in a cluster.
                                                                                                  
                                                                                                   		
 
                                                                                                  Memory Usage
                                                                                                  
+
                                                                                                  Memory Usage (%)
                                                                                                  
 
                                                                                                  Indicates the memory usage.
                                                                                                  
-
                                                                                                  Disk Usage
                                                                                                  
-
                                                                                                  Indicates the disk usage.
                                                                                                  
-
                                                                                                  Down
                                                                                                  
-
                                                                                                  Indicates the speed at which data is downloaded to a node. The unit is KB/s.
                                                                                                  
-
                                                                                                  Up
                                                                                                  
-
                                                                                                  Indicates the speed at which data is uploaded from a node. The unit is KB/s.
                                                                                                  
-
                                                                                                  Disk Read Rate
                                                                                                  
-
                                                                                                  Indicates the data volume read from a disk per second. The unit is KB/s.
                                                                                                  
-
                                                                                                  Disk Write Rate
                                                                                                  
-
                                                                                                  Indicates the data volume written to a disk per second. The unit is KB/s.
                                                                                                  
+
                                                                                                  A metric indicates the memory usage of your cluster.
                                                                                                  
+
                                                                                                  This metric is the average memory usage of all nodes (excluding master nodes) in a cluster.
                                                                                                  
                                                                                                   		
 
                                                                                                  
                                                                                                   
 
                                                                                                  
 
                                                                                                  
-
                                                                                                  On the AOM console, you can view host metrics and container metrics.
                                                                                                  
-
                                                                                                
-
                                                                                                Viewing Cluster Monitoring Data
                                                                                                Click the cluster name and access the cluster console. In the navigation pane, choose Cluster Information. In the right pane, you can view the CPU and memory usage of all nodes (excluding master nodes) in the cluster in the last hour.
                                                                                                
-
                                                                                                
-
                                                                                                Explanation of monitoring metrics:
                                                                                                
-
                                                                                                • CPU allocation rate = Sum of CPU quotas requested by pods in the cluster/Sum of CPU quotas that can be allocated of all nodes (excluding master nodes) in the cluster
                                                                                                • Memory allocation rate = Sum of memory quotas requested by pods in the cluster/Sum of memory quotas that can be allocated of all nodes (excluding master nodes) in the cluster
                                                                                                • CPU usage: Average CPU usage of all nodes (excluding master nodes) in a cluster
                                                                                                • Memory usage: Average memory usage of all nodes (excluding master nodes) in a cluster
                                                                                                
-
                                                                                                 
                                                                                                Allocatable node resources (CPU or memory) = Total amount – Reserved amount – Eviction thresholds. For details, see Formula for Calculating the Reserved Resources of a Node.
                                                                                                
+
                                                                                                 
                                                                                                Allocatable node resources (CPU or memory) = Total amount – Reserved amount – Eviction thresholds. For details, see Node Resource Reservation Policy.
                                                                                                
 
                                                                                                
+
                                                                                                
 
                                                                                                
-
                                                                                                CCE provides the status, availability zone (AZ), CPU usage, and memory usage of master nodes.
                                                                                                
-
                                                                                                Viewing Monitoring Data of Worker Nodes
                                                                                                In addition to viewing monitoring data of all nodes, you can also view monitoring data of a single node. Click the cluster name and access the cluster console. Choose Nodes in the navigation pane and click Monitor in the Operation column of the target node.
                                                                                                
-
                                                                                                Monitoring data comes from AOM. You can view the monitoring data of a node, including the CPU, memory, disk, network, and GPU.
                                                                                                
-
                                                                                                
+
                                                                                                Viewing Monitoring Data of Worker Nodes
                                                                                                CCE also allows you to view monitoring data of a single node.
                                                                                                
+
                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                2. Choose Nodes in the navigation pane. On the right of the page, click Monitor of the target node to view the monitoring data.
                                                                                                3. You can select statistical Dimension and choose time range to view the monitoring data. The data is provided by AOM. You can view the monitoring data of a node, including the CPU, memory, disk, networking, and GPU.
                                                                                                  
+
                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                  Table 2 Node monitoring metrics
                                                                                                  Metric
                                                                                                  
+
                                                                                                  Description
                                                                                                  
+
                                                                                                  CPU Usage (%)
                                                                                                  
+
                                                                                                  A metric indicates the CPU usage of the node.
                                                                                                  
+
                                                                                                  CPU Usage (%) = Used CPU cores/Total number of CPU cores
                                                                                                  
+
                                                                                                  Used CPU Cores (cores)
                                                                                                  
+
                                                                                                  A metric indicates the number of used CPU cores.
                                                                                                  
+
                                                                                                  Physical Memory Usage (%)
                                                                                                  
+
                                                                                                  A metric indicates the physical memory usage of the node
                                                                                                  
+
                                                                                                  Physical Memory Usage (%) = (Physical memory capacity – Available physical memory)/Physical memory capacity
                                                                                                  
+
                                                                                                  Available Physical Memory (GiB)
                                                                                                  
+
                                                                                                  A metric indicates the unused physical memory of the node.
                                                                                                  
+
                                                                                                  Disk Usage (%)
                                                                                                  
+
                                                                                                  A metric indicates the disk usage of the file system on the data disk of the node. It is calculated based on the file partition. For details, see Data Disk Space Allocation.
                                                                                                  
+
                                                                                                  Disk Usage (%) = (Disk capacity – Available disk space)/Disk capacity
                                                                                                  
+
                                                                                                  Available Disk Space (GiB)
                                                                                                  
+
                                                                                                  A metric indicates the unused disk space.
                                                                                                  
+
                                                                                                  Downlink Rate (BPS) (KB/s)
                                                                                                  
+
                                                                                                  A metric indicates the speed at which data is downloaded from the Internet to the node.
                                                                                                  
+
                                                                                                  Uplink Rate (BPS) (KB/s)
                                                                                                  
+
                                                                                                  A metric indicates the speed at which data is uploaded from the node to the Internet.
                                                                                                  
+
                                                                                                  GPU Usage (%)
                                                                                                  
+
                                                                                                  A metric indicates the GPU usage of the node.
                                                                                                  
+
                                                                                                  GPU Memory Usage (%)
                                                                                                  
+
                                                                                                  A metric indicates the percentage of the used GPU memory to the GPU memory capacity.
                                                                                                  
+
                                                                                                  GPU Memory Usage (%) = Used GPU memory/GPU memory capacity
                                                                                                  
+
                                                                                                  Used GPU Memory (GiB)
                                                                                                  
+
                                                                                                  A metric indicates the used GPU memory.
                                                                                                  
+
                                                                                                  
 
                                                                                                  
-
                                                                                                  Viewing Workload Monitoring Data
                                                                                                  You can view monitoring data of a workload on the Monitoring tab page of the workload details page. Click the cluster name and access the cluster console. Choose Workloads in the navigation pane and click Monitor in the Operation column of the target workload.
                                                                                                  
-
                                                                                                  Monitoring data comes from AOM. You can view the monitoring data of a workload, including the CPU, memory, network, and GPU, on the AOM console.
                                                                                                  
-
                                                                                                  Explanation of monitoring metrics:
                                                                                                  • Workload CPU usage = Maximum CPU usage in each pod of the workload
                                                                                                  • Workload memory usage = Maximum memory usage in each pod of the workload
                                                                                                  
+
                                                                                                
 
                                                                                                
-
                                                                                                You can also click View More to go to the AOM console and view monitoring data of the workload.
                                                                                                
+
                                                                                                Viewing Workload Monitoring Data
                                                                                                CCE allows you to view monitoring data of a single workload.
                                                                                                
+
                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                2. Choose Workloads in the navigation pane. On the right of the page, click Monitor of the target workload. In the window that slides out from the right, the workload monitoring data is displayed.
                                                                                                3. You can select statistical Dimension and choose time range to view the monitoring data. The data is provided by AOM. You can view the monitoring data of a workload, including the CPU, memory, networking, and GPU.
                                                                                                   
                                                                                                  If there are multiple pods exist in the workload, the monitoring data may vary according to the statistical Dimension. For example, if you select Maximum or Minimum for Dimension, the value of each monitoring data is the maximum or minimum value of all pods under the workload. If Average is selected, the value of each monitoring data is the average value of all pods under the workload.
                                                                                                  
+
                                                                                                  
+
+
                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                  Table 3 Workload monitoring metrics
                                                                                                  Metric
                                                                                                  
+
                                                                                                  Description
                                                                                                  
+
                                                                                                  CPU Usage (%)
                                                                                                  
+
                                                                                                  A metric indicates the CPU usage of the workload.
                                                                                                  
+
                                                                                                  CPU Usage (%) = Used CPU cores/Total number of CPU cores of all running pods (If no limit is configured, the total number of the node's CPU cores is used.)
                                                                                                  
+
                                                                                                  Used CPU Cores (cores)
                                                                                                  
+
                                                                                                  A metric indicates the number of used CPU cores.
                                                                                                  
+
                                                                                                  Physical Memory Usage (%)
                                                                                                  
+
                                                                                                  A metric indicates the physical memory usage of the workload.
                                                                                                  
+
                                                                                                  Physical Memory Usage (%) = Used physical memory/Total number of CPU cores of all running pods (If no limit is configured, the total number of the node's CPU cores is used.)
                                                                                                  
+
                                                                                                  Used Physical Memory (GiB)
                                                                                                  
+
                                                                                                  A metric indicates the amount of the used physical memory.
                                                                                                  
+
                                                                                                  Disk Read Rate
                                                                                                  
+
                                                                                                  A metric indicates the data volume read from a disk per second. The unit is KB/s.
                                                                                                  
+
                                                                                                  Disk Write Rate
                                                                                                  
+
                                                                                                  A metric indicates the data volume written to a disk per second. The unit is KB/s.
                                                                                                  
+
                                                                                                  Downlink Rate (BPS) (KB/s)
                                                                                                  
+
                                                                                                  A metric indicates the speed at which data is downloaded from the Internet.
                                                                                                  
+
                                                                                                  Uplink Rate (BPS) (KB/s)
                                                                                                  
+
                                                                                                  A metric indicates the speed at which data is uploaded from the node to the Internet
                                                                                                  
+
                                                                                                  GPU Usage (%)
                                                                                                  
+
                                                                                                  A metric indicates the GPU usage of the workload.
                                                                                                  
+
                                                                                                  GPU Memory Usage (%)
                                                                                                  
+
                                                                                                  A metric indicates the percentage of the used GPU memory to the GPU memory capacity.
                                                                                                  
+
                                                                                                  GPU Memory Usage (%) = Used GPU memory/GPU memory capacity
                                                                                                  
+
                                                                                                  Used GPU Memory (GiB)
                                                                                                  
+
                                                                                                  A metric indicates the used GPU memory.
                                                                                                  
+
                                                                                                  
 
                                                                                                  
-
                                                                                                  Viewing Pod Monitoring Data
                                                                                                  You can view monitoring data of a pod on the Pods tab page of the workload details page.
                                                                                                  
-
                                                                                                  Explanation of monitoring metrics:
                                                                                                  • Pod CPU usage = The used CPU cores/The sum of all CPU limits of the pods (If not specified, all node CPU cores are used.)
                                                                                                  • Pod memory usage = The used physical memory/The sum of all memory limits of pods (If not specified, all node memory is used.)
                                                                                                  
+
                                                                                                
 
                                                                                                
+
                                                                                                Viewing Pod Monitoring Data
                                                                                                CCE allows you to view the monitoring date of your pods.
                                                                                                
+
                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                2. Choose Workloads from the navigation pane. Then click the workload name of the target workload to list the pods.
                                                                                                3. Click Monitor of the target pod to view the monitoring data.
                                                                                                4. You can select statistical Dimension and choose time range to view the monitoring data. The data is provided by AOM. You can view the monitoring data of a pod, including the CPU, memory, disk, networking, and GPU.
                                                                                                   
                                                                                                  If multiple containers exist in a single pod, the monitoring data may vary according to the statistical Dimension. For example, if you select Maximum or Minimum for Dimension, the value of each monitoring data is the maximum or minimum value of all containers under the pod. If Average is selected, the value of each monitoring data is the average value of all containers in the pod.
                                                                                                  
+
                                                                                                  
+
+
                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                  Table 4 Pod monitoring metrics
                                                                                                  Metric
                                                                                                  
+
                                                                                                  Description
                                                                                                  
+
                                                                                                  CPU Usage (%)
                                                                                                  
+
                                                                                                  A metric indicates the CPU usage of the pod.
                                                                                                  
+
                                                                                                  CPU Usage (%) = Used CPU cores/Total number of limited CPU cores of all running containers in the pod (If the limited CPU cores of all running containers are not specified, the number of the node's CPU cores is used.)
                                                                                                  
+
                                                                                                  Used CPU Cores (cores)
                                                                                                  
+
                                                                                                  A metric indicates the number of used CPU cores.
                                                                                                  
+
                                                                                                  Physical Memory Usage (%)
                                                                                                  
+
                                                                                                  A metric indicates the physical memory usage of the pod.
                                                                                                  
+
                                                                                                  Physical Memory Usage (%) = Used physical memory/Sum of physical memory limits of all running containers in the pod (If not specified, the value of the node's physical memory is used.)
                                                                                                  
+
                                                                                                  Used Physical Memory (GiB)
                                                                                                  
+
                                                                                                  A metric indicates the amount of the used physical memory.
                                                                                                  
+
                                                                                                  Disk Read Rate
                                                                                                  
+
                                                                                                  A metric indicates the data volume read from a disk per second. The unit is KB/s.
                                                                                                  
+
                                                                                                  Disk Write Rate
                                                                                                  
+
                                                                                                  A metric indicates the data volume written to a disk per second. The unit is KB/s.
                                                                                                  
+
                                                                                                  Downlink Rate (BPS) (KB/s)
                                                                                                  
+
                                                                                                  A metric indicates the speed at which data is downloaded from the Internet.
                                                                                                  
+
                                                                                                  Uplink Rate (BPS) (KB/s)
                                                                                                  
+
                                                                                                  A metric indicates the speed at which data is uploaded from the node to the Internet.
                                                                                                  
+
                                                                                                  GPU Usage (%)
                                                                                                  
+
                                                                                                  A metric indicates the GPU usage of the pod.
                                                                                                  
+
                                                                                                  GPU Memory Usage (%)
                                                                                                  
+
                                                                                                  A metric indicates the percentage of the used GPU memory to the GPU memory capacity.
                                                                                                  
+
                                                                                                  GPU Memory Usage (%) = Used GPU memory/GPU memory capacity
                                                                                                  
+
                                                                                                  Used GPU Memory (GiB)
                                                                                                  
+
                                                                                                  A metric indicates the used GPU memory of the pod.
                                                                                                  
+
                                                                                                  
+
                                                                                                  
+
                                                                                                
 
                                                                                                
 
                                                                                                
 
                                                                                                
 
                                                                                                
-
                                                                                                Parent topic: Monitoring and Alarm
                                                                                                
+
                                                                                                Parent topic: Monitoring
                                                                                                
 
                                                                                                
 
                                                                                                
 
diff --git a/docs/cce/umn/cce_10_0183.html b/docs/cce/umn/cce_10_0183.html
index e08753048..e69366368 100644
--- a/docs/cce/umn/cce_10_0183.html
+++ b/docs/cce/umn/cce_10_0183.html
@@ -6,27 +6,17 @@
 
 
                                                                                                
diff --git a/docs/cce/umn/cce_10_0184.html b/docs/cce/umn/cce_10_0184.html
index 14a5a4113..d18765930 100644
--- a/docs/cce/umn/cce_10_0184.html
+++ b/docs/cce/umn/cce_10_0184.html
@@ -1,20 +1,19 @@
 
 
 
                                                                                                Synchronizing Data with Cloud Servers
                                                                                                
-
                                                                                                Scenario
                                                                                                Each node in a cluster is a cloud server or physical machine. After a cluster node is created, you can change the cloud server name or specifications as required.
                                                                                                
-
                                                                                                Some information about CCE nodes is maintained independently from the ECS console. After you change the name, EIP, or specifications of an ECS on the ECS console, you need to synchronize the ECS information to the corresponding node on the CCE console. After the synchronization, information on both consoles is consistent.
                                                                                                
+
                                                                                                Scenario
                                                                                                Each node in a cluster is a cloud server or physical machine. After a cluster node is created, you can change the cloud server name or specifications as required. Modifying node specifications will affect services. Perform the operation on nodes one by one.
                                                                                                
+
                                                                                                Some information of CCE nodes is maintained independently from the ECS console. After you change the name, EIP, or specifications of an ECS on the ECS console, synchronize the ECS with the target node on the CCE console. After the synchronization, information on both consoles is consistent.
                                                                                                
 
                                                                                                
-
                                                                                                Notes and Constraints
                                                                                                • Data, including the VM status, ECS names, number of CPUs, size of memory, ECS specifications, and public IP addresses, can be synchronized.
                                                                                                  If an ECS name is specified as the Kubernetes node name, the change of the ECS name cannot be synchronized to the CCE console.
                                                                                                  
-
                                                                                                • Data, such as the OS and image ID, cannot be synchronized. (Such parameters cannot be modified on the ECS console.)
                                                                                                
+
                                                                                                Constraints
                                                                                                • Data, including the VM status, ECS names, number of CPUs, size of memory, ECS specifications, and public IP addresses, can be synchronized.
                                                                                                • Data, such as the OS and image ID, cannot be synchronized. (Such parameters cannot be modified on the ECS console.)
                                                                                                
 
                                                                                                
-
                                                                                                Procedure
                                                                                                1. Log in to the CCE console.
                                                                                                2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane.
                                                                                                3. Choose More > Sync Server Data next to the node.
                                                                                                  Figure 1 Synchronizing server data
                                                                                                  
-
                                                                                                  After the synchronization is complete, the ECS data synchronization requested message is displayed in the upper right corner.
                                                                                                  
+
                                                                                                  Procedure
                                                                                                  1. Log in to the CCE console.
                                                                                                  2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane.
                                                                                                  3. Choose More > Sync Server Data next to the node.
                                                                                                    Figure 1 Synchronizing server data
                                                                                                    
+
                                                                                                    After the synchronization is complete, the ECS data synchronization requested message is displayed in the upper right corner.
                                                                                                    
 
                                                                                                  
 
                                                                                                  
 
                                                                                                
 
                                                                                                
 
                                                                                                
-
                                                                                                Parent topic: Nodes
                                                                                                
+
                                                                                                Parent topic: Management Nodes
                                                                                                
 
                                                                                                
 
                                                                                                
 
diff --git a/docs/cce/umn/cce_10_0185.html b/docs/cce/umn/cce_10_0185.html
index 8eaf698f7..7828b5809 100644
--- a/docs/cce/umn/cce_10_0185.html
+++ b/docs/cce/umn/cce_10_0185.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                Logging In to a Node
                                                                                                
-
                                                                                                Notes and Constraints
                                                                                                • If you use SSH to log in to a node (an ECS), ensure that the ECS already has an EIP (a public IP address).
                                                                                                • Only login to a running ECS is allowed.
                                                                                                • Only the user linux can log in to a Linux server.
                                                                                                
+
                                                                                                Constraints
                                                                                                • If you use SSH to log in to a node (an ECS), ensure that the ECS already has an EIP (a public IP address).
                                                                                                • Only login to a running ECS is allowed.
                                                                                                • Only the user linux can log in to a Linux server.
                                                                                                
 
                                                                                                
 
                                                                                                Login Modes
                                                                                                You can log in to an ECS in either of the following modes:
                                                                                                
 
                                                                                                • Management console (VNC)
                                                                                                  If an ECS has no EIP, log in to the ECS console and click Remote Login in the same row as the ECS.
                                                                                                  
@@ -24,8 +24,8 @@
 
 
                                                                                                Windows
                                                                                                
 
                                                                                                Use a remote login tool, such as PuTTY or XShell.
                                                                                                
-
+
                                                                                                Use a remote login tool, such as PuTTY or Xshell.
                                                                                                
+
                                                                                                 		
 
                                                                                                
 
                                                                                                Yes
                                                                                                
@@ -33,14 +33,14 @@
 
                                                                                                Linux
                                                                                                
                                                                                                 		
 
                                                                                                Run commands.
                                                                                                
-
+
                                                                                                 		
 
                                                                                                
 
                                                                                                Yes/No
                                                                                                
                                                                                                 		
 
                                                                                                Windows/Linux
                                                                                                
 
                                                                                                Remote login using the management console: Login Using VNC
                                                                                                
+
                                                                                                Remote login using the management console: Login Using VNC
                                                                                                
                                                                                                 		
 
                                                                                                
 
 
                                                                                                
-
@@ -53,7 +53,7 @@
 
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                Table 1 Differences in namespace permissions
                                                                                                User
                                                                                                
+
                                                                                                
-
-
-
-
-
-
-
-
-
                                                                                                Table 1 Differences in namespace permissions
                                                                                                User
                                                                                                
 
                                                                                                Clusters of v1.13 and Later
                                                                                                
+
                                                                                                Clusters of v1.13 and Later
                                                                                                
                                                                                                 		
 
                                                                                                
 
                                                                                                User with the Tenant Administrator permissions
                                                                                                
+
                                                                                                User with the Tenant Administrator permissions
                                                                                                
 
                                                                                                All namespace permissions
                                                                                                
+
                                                                                                All namespace permissions
                                                                                                
                                                                                                 		
 
                                                                                                IAM user with the CCE Administrator role
                                                                                                
+
                                                                                                IAM user with the CCE Administrator role
                                                                                                
 
                                                                                                All namespace permissions
                                                                                                
+
                                                                                                All namespace permissions
                                                                                                
                                                                                                 		
 
                                                                                                IAM user with the CCE FullAccess or CCE ReadOnlyAccess role
                                                                                                
+
                                                                                                IAM user with the CCE FullAccess or CCE ReadOnlyAccess role
                                                                                                
 
                                                                                                Requires Kubernetes RBAC authorization.
                                                                                                
+
                                                                                                Requires Kubernetes RBAC authorization.
                                                                                                
                                                                                                 		
 
                                                                                                IAM user with the Tenant Guest role
                                                                                                
+
                                                                                                IAM user with the Tenant Guest role
                                                                                                
 
                                                                                                Requires Kubernetes RBAC authorization.
                                                                                                
+
                                                                                                Requires Kubernetes RBAC authorization.
                                                                                                
                                                                                                 		
 
                                                                                                
                                                                                                 
 
                                                                                                
 
                                                                                                
 
-
                                                                                                Precautions
                                                                                                • Kubernetes RBAC authorization can be used for clusters of v1.11.7-r2 and later. Ensure that you have deployed a supported cluster version. For details about upgrading a cluster, see Performing Replace/Rolling Upgrade.
                                                                                                • After you create a cluster of v1.11.7-r2 or later, CCE automatically assigns the cluster-admin permission to you, which means you have full control on all resources in all namespaces in the cluster. The ID of a federated user changes upon each login and logout. Therefore, the user with the permissions is displayed as deleted. In this case, do not delete the permissions. Otherwise, the authentication fails. You are advised to grant the cluster-admin permission to a user group on CCE and add federated users to the user group.
                                                                                                • A user with the Security Administrator role has all IAM permissions except role switching. For example, an account in the admin user group has this role by default. Only these users can assign permissions on the Permissions page on the CCE console.
                                                                                                
+
                                                                                                Precautions
                                                                                                • After you create a cluster, CCE automatically assigns the cluster-admin permission to you, which means you have full control on all resources in all namespaces in the cluster. The ID of a federated user changes upon each login and logout. Therefore, the user with the permissions is displayed as deleted. In this case, do not delete the permissions. Otherwise, the authentication fails. You are advised to grant the cluster-admin permission to a user group on CCE and add federated users to the user group.
                                                                                                • A user with the Security Administrator role has all IAM permissions except role switching. For example, an account in the admin user group has this role by default. Only these users can assign permissions on the Permissions page on the CCE console.
                                                                                                
 
                                                                                                
 
                                                                                                Configuring Namespace Permissions (on the Console)
                                                                                                You can regulate users' or user groups' access to Kubernetes resources in a single namespace based on their Kubernetes RBAC roles.
                                                                                                
-
                                                                                                1. Log in to the CCE console. In the navigation pane, choose Permissions.
                                                                                                2. Select a cluster for which you want to add permissions from the drop-down list on the right.
                                                                                                3. Click Add Permissions in the upper right corner.
                                                                                                4. Confirm the cluster name and select the namespace to assign permissions for. For example, select All namespaces, the target user or user group, and select the permissions.
                                                                                                   
                                                                                                  If you do not have IAM permissions, you cannot select users or user groups when configuring permissions for other users or user groups. In this case, you can enter a user ID or user group ID. 
                                                                                                  
+
                                                                                                  1. Log in to the CCE console. In the navigation pane, choose Permissions.
                                                                                                  2. Select a cluster for which you want to add permissions from the drop-down list on the right.
                                                                                                  3. Click Add Permissions in the upper right corner.
                                                                                                  4. Confirm the cluster name and select the namespace to assign permissions for. For example, select All namespaces, the target user or user group, and select the permissions.
                                                                                                     
                                                                                                    If you do not have IAM permissions, you cannot select users or user groups when configuring permissions for other users or user groups. In this case, you can enter a user ID or user group ID. 
                                                                                                    
 
                                                                                                    
 
                                                                                                    Permissions can be customized as required. After selecting Custom for Permission Type, click Add Custom Role on the right of the Custom parameter. In the dialog box displayed, enter a name and select a rule. After the custom rule is created, you can select a value from the Custom drop-down list box.
                                                                                                    
 
                                                                                                  5. Click OK.
                                                                                                  
 
                                                                                                  
-
                                                                                                  Using kubectl to Configure Namespace Permissions
                                                                                                   
                                                                                                  When you access a cluster using kubectl, CCE uses the kubeconfig.json file generated on the cluster for authentication. This file contains user information, based on which CCE determines which Kubernetes resources can be accessed by kubectl. The permissions recorded in a kubeconfig.json file vary from user to user. The permissions that a user has are listed in Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based).
                                                                                                  
+
                                                                                                  Using kubectl to Configure Namespace Permissions
                                                                                                   
                                                                                                  When you access a cluster using kubectl, CCE uses kubeconfig.json generated on the cluster for authentication. This file contains user information, based on which CCE determines which Kubernetes resources can be accessed by kubectl. The permissions recorded in a kubeconfig.json file vary from user to user. The permissions that a user has are listed in Cluster Permissions (IAM-based) and Namespace Permissions (Kubernetes RBAC-based).
                                                                                                  
 
                                                                                                  
-
                                                                                                  In addition to cluster-admin, admin, edit, and view, you can define Roles and RoleBindings to configure the permissions to add, delete, modify, and query resources, such as pods, Deployments, and Services, in the namespace.
                                                                                                  
-
                                                                                                  The procedure for creating a Role is very simple. To be specific, specify a namespace and then define rules. The rules in the following example are to allow GET and LIST operations on pods in the default namespace.
                                                                                                  
+
                                                                                                  In addition to cluster-admin, admin, edit, and view, you can define Roles and RoleBindings to configure the permissions to add, delete, modify, and obtain resources, such as pods, Deployments, and Services, in the namespace.
                                                                                                  
+
                                                                                                  The procedure for creating a Role is very simple. To be specific, specify a namespace and then define rules. The rules in the following example are to allow GET and LIST operations on pods in the default namespace.
                                                                                                  
 
                                                                                                  kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -63,7 +63,7 @@ rules:
   verbs: ["get", "list"]                      # The GET and LIST operations can be performed.
                                                                                                  
 
                                                                                                  • apiGroups indicates the API group to which the resource belongs.
                                                                                                  • resources indicates the resources that can be operated. Pods, Deployments, ConfigMaps, and other Kubernetes resources are supported.
                                                                                                  • verbs indicates the operations that can be performed. get indicates querying a specific object, and list indicates listing all objects of a certain type. Other value options include create, update, and delete.
                                                                                                  
 
                                                                                                  For details, see Using RBAC Authorization.
                                                                                                  
-
                                                                                                  After creating a Role, you can bind the Role to a specific user, which is called RoleBinding. The following is an example.
                                                                                                  
+
                                                                                                  After creating a Role, you can bind the Role to a specific user, which is called RoleBinding. The following shows an example:
                                                                                                  
 
                                                                                                  kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -80,7 +80,7 @@ subjects:
   name: 0c97ac3cb280f4d91fa7c0096739e1f8 # User ID of the user-example
   apiGroup: rbac.authorization.k8s.io
                                                                                                  
 
                                                                                                  The subjects section binds a Role with an IAM user so that the IAM user can obtain the permissions defined in the Role, as shown in the following figure.
                                                                                                  
-
                                                                                                  Figure 2 A RoleBinding binds the Role to the user.
                                                                                                  
+
                                                                                                  Figure 2 Binding a Role to a user
                                                                                                  
 
                                                                                                  You can also specify a user group in the subjects section. In this case, all users in the user group obtain the permissions defined in the Role.
                                                                                                  
 
                                                                                                  subjects:
 - kind: Group
@@ -98,7 +98,7 @@ nginx-658dff48ff-njdhj                 1/1     Running   0          4d9h
 # kubectl get pod nginx-658dff48ff-7rkph
 NAME                     READY   STATUS    RESTARTS   AGE
 nginx-658dff48ff-7rkph   1/1     Running   0          4d9h
                                                                                                  
-
                                                                                                  Try querying Deployments and Services in the namespace. The output shows user-example does not have the required permissions. Try querying the pods in namespace kube-system. The output shows user-example does not have the required permissions, neither. This indicates that the IAM user user-example has only the GET and LIST Pod permissions in the default namespace, which is the same as expected.
                                                                                                  
+
                                                                                                  Try querying Deployments and Services in the namespace. The output shows that user-example does not have the required permissions. Try querying the pods in namespace kube-system. The output shows that user-example does not have the required permissions, either. This indicates that the IAM user user-example has only the GET and LIST Pod permissions in the default namespace, which is the same as expected.
                                                                                                  
 
                                                                                                  # kubectl get deploy
 Error from server (Forbidden): deployments.apps is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "deployments" in API group "apps" in the namespace "default"
 # kubectl get svc
@@ -106,7 +106,7 @@ Error from server (Forbidden): services is forbidden: User "0c97ac3cb280f4d91fa7
 # kubectl get pod --namespace=kube-system
 Error from server (Forbidden): pods is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "pods" in API group "" in the namespace "kube-system"
                                                                                                  
 
                                                                                                  
-
                                                                                                  Example: Assigning All Cluster Permissions (cluster-admin)
                                                                                                  You can use the cluster-admin role to assign all permissions on a cluster. This role contains the permissions for cluster resources (such as PVs and StorageClasses).
                                                                                                  
+
                                                                                                  Example: Assigning Cluster Administrator Permissions (cluster-admin)
                                                                                                  You can use the cluster-admin role to assign all permissions on a cluster. This role contains the permissions for all cluster resources.
                                                                                                  
 
                                                                                                  In the following example kubectl output, a ClusterRoleBinding has been created and binds the cluster-admin role to the user group cce-role-group.
                                                                                                  
 
                                                                                                  # kubectl get clusterrolebinding
 NAME                                                              ROLE                           AGE
@@ -141,14 +141,50 @@ csi-disk-topology   everest-csi-provisioner         Delete          WaitForFirst
 csi-nas             everest-csi-provisioner         Delete          Immediate              true                   75d
 csi-obs             everest-csi-provisioner         Delete          Immediate              false                  75d
                                                                                                  
 
                                                                                                  
-
                                                                                                  Example: Assigning All Namespace Permissions (admin)
                                                                                                  admin has all permissions on namespaces. You can grant this role to a user or user group to manage one or all namespaces.
                                                                                                  
-
                                                                                                  In the following example kubectl output, a RoleBinding has been created, the admin role is bound to the user group cce-role-group, and the target namespace is the default namespace.
                                                                                                  
+
                                                                                                  Example: Assigning Namespace O&M Permissions (admin)
                                                                                                  The admin role has the read and write permissions on most namespace resources. You can grant the admin permission on all namespaces to a user or user group.
                                                                                                  
+
                                                                                                  In the following example kubectl output, a RoleBinding has been created and binds the admin role to the user group cce-role-group.
                                                                                                  
 
                                                                                                  # kubectl get rolebinding
 NAME                                                      ROLE                AGE
 clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7   ClusterRole/admin   18s
 # kubectl get rolebinding clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7 -oyaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
+metadata:
+  annotations:
+    CCE.com/IAM: "true"
+  creationTimestamp: "2021-06-24T01:30:08Z"
+  name: clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7
+  resourceVersion: "36963685"
+  selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/default/rolebindings/clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7
+  uid: 6c6f46a6-8584-47da-83f5-9eef1f7b75d6
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: admin
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: 0c96fad22880f32a3f84c009862af6f7
                                                                                                  
+
                                                                                                  Connect to the cluster as an authorized user. If the PVs and StorageClasses can be queried but a namespace cannot be created, the permission configuration takes effect.
                                                                                                  
+
                                                                                                  # kubectl get pv
+No resources found
+# kubectl get sc
+NAME                PROVISIONER                     RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
+csi-disk            everest-csi-provisioner         Delete          Immediate              true                   75d
+csi-disk-topology   everest-csi-provisioner         Delete          WaitForFirstConsumer   true                   75d
+csi-nas             everest-csi-provisioner         Delete          Immediate              true                   75d
+csi-obs             everest-csi-provisioner         Delete          Immediate              false                  75d
+# kubectl apply -f namespaces.yaml
+Error from server (Forbidden): namespaces is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot create resource "namespaces" in API group "" at the cluster scope
                                                                                                  
+
                                                                                                  
+
                                                                                                  Example: Assigning Namespace Developer Permissions (edit)
                                                                                                  The edit role has the read and write permissions on most namespace resources. You can grant the edit permission on all namespaces to a user or user group.
                                                                                                  
+
                                                                                                  In the following example kubectl output, a RoleBinding has been created, the edit role is bound to the user group cce-role-group, and the target namespace is the default namespace.
                                                                                                  
+
                                                                                                  # kubectl get rolebinding
+NAME                                                      ROLE                AGE
+clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7   ClusterRole/admin   18s
+# kubectl get rolebinding clusterrole_admin_group0c96fad22880f32a3f84c009862af6f7 -oyaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
 metadata:
   annotations:
     CCE.com/IAM: "true"
@@ -161,13 +197,13 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: admin
+  name: edit
 subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: Group
   name: 0c96fad22880f32a3f84c009862af6f7
                                                                                                  
-
                                                                                                  Connect to a cluster as an authorized user. In this example, you can create and query resources in the default namespace, but cannot query resources in the kube-system namespace or cluster resources.
                                                                                                  
-
                                                                                                  # kubectl get pod
+
                                                                                                  Connect to the cluster as an authorized user. In this example, you can create and obtain resources in the default namespace, but cannot query resources in the kube-system namespace or cluster resources.
                                                                                                  
+
                                                                                                  # kubectl get pod
 NAME                    READY   STATUS    RESTARTS   AGE
 test-568d96f4f8-brdrp   1/1     Running   0          33m
 test-568d96f4f8-cgjqp   1/1     Running   0          33m
@@ -215,7 +251,7 @@ Error from server (Forbidden): pods is forbidden: User "0c97ac3cb280f4d91fa7c009
 
                                                                                                  
 
                                                                                                  
 
                                                                                                  
-
                                                                                                  Parent topic: Permissions Management
                                                                                                  
+
                                                                                                  Parent topic: Permissions
                                                                                                  
 
                                                                                                  
 
                                                                                                  
 
diff --git a/docs/cce/umn/cce_10_0190.html b/docs/cce/umn/cce_10_0190.html
index ba88a18fd..15130577a 100644
--- a/docs/cce/umn/cce_10_0190.html
+++ b/docs/cce/umn/cce_10_0190.html
@@ -1,8 +1,8 @@
 
 
 
                                                                                                  Permission Dependency of the CCE Console
                                                                                                  
-
                                                                                                  Some CCE permissions policies depend on the policies of other cloud services. To view or use other cloud resources on the CCE console, you need to enable the system policy access control feature of IAM and assign dependency policies for the other cloud services.
                                                                                                  
-
                                                                                                  • Dependency policies are assigned based on the CCE FullAccess or CCE ReadOnlyAccess policy you configure.
                                                                                                  • Only users and user groups with namespace permissions can gain the view access to resources in clusters of v1.11.7-r2 and later.
                                                                                                    • If a user is granted the view access to all namespaces of a cluster, the user can view all namespaced resources (except secrets) in the cluster. To view secrets in the cluster, the user must gain the admin or edit role in all namespaces of the cluster.
                                                                                                    • HPA policies take effect only after the cluster-admin permissions are configured for the namespace.
                                                                                                    • The view role within a single namespace allows users to view resources only in the specified namespace.
                                                                                                    
+
                                                                                                    Some CCE permissions policies depend on the policies of other cloud services. To view or use other cloud resources on the CCE console, enable the system policy access control feature of IAM and assign dependency policies for the other cloud services.
                                                                                                    
+
                                                                                                    • Dependency policies are assigned based on the CCE FullAccess or CCE ReadOnlyAccess policy you configure.
                                                                                                    • Only users and user groups with namespace permissions can gain the view access to resources in clusters.
                                                                                                      • If a user is granted the view access to all namespaces of a cluster, the user can view all namespace resources (except secrets) in the cluster. To view secrets in the cluster, the user must gain the admin or edit role in all namespaces of the cluster.
                                                                                                      • HPA policies take effect only after the cluster-admin permissions are configured for the namespace.
                                                                                                      • The view role within a single namespace allows users to view resources only in the specified namespace.
                                                                                                      
 
                                                                                                    
 
                                                                                                    Dependency Policy Configuration
                                                                                                    To grant an IAM user the permissions to view or use resources of other cloud services on the CCE console, you must first grant the CCE Administrator, CCE FullAccess, or CCE ReadOnlyAccess policy to the user group to which the user belongs and then grant the dependency policies listed in Table 1 to the user. These dependency policies will allow the IAM user to access resources of other cloud services.
                                                                                                    
 
                                                                                                     
                                                                                                    CCE supports fine-grained permissions configuration, but has the following restrictions:
                                                                                                    
@@ -17,7 +17,7 @@
 
                                                                                                		
 
                                                                                                
 
                                                                                                Dashboard
                                                                                                
+
                                                                                                Cluster overview
                                                                                                
                                                                                                 		
 
                                                                                                Application Operations Management (AOM)
                                                                                                
 
                                                                                                If the permission assigned to an IAM user is CCE Administrator, creating or deleting a node requires the ECS FullAccess or ECS Administrator policy and the VPC Administrator policy.
                                                                                                
                                                                                                 		
 
                                                                                                Network management
                                                                                                
+
                                                                                                Networking
                                                                                                
                                                                                                 		
 
                                                                                                Elastic Load Balance (ELB)
                                                                                                
 
                                                                                                NAT Gateway
                                                                                                
@@ -62,57 +62,58 @@
 
                                                                                                • To create a Service using ELB, you must have ELB FullAccess or ELB Administrator plus VPC Administrator assigned.
                                                                                                • To create a Service using NAT Gateway, you must have NAT Administrator assigned.
                                                                                                
                                                                                                 		
 
                                                                                                Storage management
                                                                                                
+
                                                                                                Container storage
                                                                                                
                                                                                                 		
 
                                                                                                Object Storage Service (OBS)
                                                                                                
 
                                                                                                Scalable File Service (SFS)
                                                                                                
+
                                                                                                SFS Turbo
                                                                                                
                                                                                                 		
 
                                                                                                • To use OBS, you must have OBS Administrator globally assigned.
                                                                                                   NOTE: 
                                                                                                  Because of the cache, it takes about 13 minutes for the RBAC policy to take effect after being granted to users, enterprise projects, and user groups. After an OBS-related system policy is granted, it takes about 5 minutes for the policy to take effect.
                                                                                                  
 
                                                                                                  
-
                                                                                                • To use SFS, you must have SFS FullAccess assigned.
                                                                                                
+
                                                                                              • To use SFS, you must have SFS FullAccess assigned.
                                                                                              • Using SFS Turbo requires the SFS Turbo Admin role.
                                                                                                • 
 
                                                                                                The CCE Administrator role is required for importing storage devices.
                                                                                                
                                                                                                 		
 
                                                                                                
 
                                                                                                Namespace management
                                                                                                
 
                                                                                                /
                                                                                                
+
                                                                                                None
                                                                                                
 
                                                                                                /
                                                                                                
+
                                                                                                None
                                                                                                
                                                                                                 		
 
                                                                                                
 
                                                                                                Chart management
                                                                                                
 
                                                                                                /
                                                                                                
+
                                                                                                None
                                                                                                
                                                                                                 		
 
                                                                                                Cloud accounts and the IAM users with CCE Administrator assigned can use this function.
                                                                                                
                                                                                                 		
 
                                                                                                
 
                                                                                                Add-on management
                                                                                                
 
                                                                                                /
                                                                                                
+
                                                                                                None
                                                                                                
                                                                                                 		
 
                                                                                                Cloud accounts and the IAM users with CCE Administrator, CCE FullAccess, or CCE ReadOnlyAccess assigned can use this function.
                                                                                                
                                                                                                 		
 
                                                                                                
 
                                                                                                Permissions management
                                                                                                
 
                                                                                                /
                                                                                                
+
                                                                                                None
                                                                                                
 
                                                                                                • For cloud accounts, no additional policy/role is required.
                                                                                                • IAM users with CCE Administrator or global Security Administrator assigned can use this function.
                                                                                                • IAM users with CCE FullAccess or CCE ReadOnlyAccess assigned can use this function.
                                                                                                
+
                                                                                                • For cloud accounts, no additional policy/role is required.
                                                                                                • IAM users with CCE Administrator or global Security Administrator assigned can use this function.
                                                                                                • IAM users with the CCE FullAccess or CCE ReadOnlyAccess permission can access the namespace. In addition, the IAM users must have the administrator permissions (cluster-admin) on the namespace.
                                                                                                
                                                                                                 		
 
                                                                                                Configuration center
                                                                                                
+
                                                                                                ConfigMaps and Secrets
                                                                                                
 
                                                                                                /
                                                                                                
+
                                                                                                None
                                                                                                
                                                                                                 		
 
                                                                                                • Creating ConfigMaps does not require any additional policy.
                                                                                                • Viewing secrets requires that the cluster-admin, admin, or edit permission be configured for the namespace. The DEW KeypairFullAccess or DEW KeypairReadOnlyAccess policy must be assigned for dependent services.
                                                                                                
                                                                                                 		
 
                                                                                                
 
                                                                                                Help center
                                                                                                
 
                                                                                                /
                                                                                                
+
                                                                                                None
                                                                                                
 
                                                                                                /
                                                                                                
+
                                                                                                None
                                                                                                
                                                                                                 		
 
                                                                                                
 
                                                                                                Switching to other related services
                                                                                                
@@ -130,7 +131,7 @@
 
 
                                                                                                
 
                                                                                                
-
                                                                                                Parent topic: Permissions Management
                                                                                                
+
                                                                                                Parent topic: Permissions
                                                                                                
 
                                                                                                
 
                                                                                                
 
diff --git a/docs/cce/umn/cce_10_0191.html b/docs/cce/umn/cce_10_0191.html
index e3f23d0ae..44d33e7d4 100644
--- a/docs/cce/umn/cce_10_0191.html
+++ b/docs/cce/umn/cce_10_0191.html
@@ -6,14 +6,14 @@
 
                                                                                                The relationship between Helm and Kubernetes is as follows:
                                                                                                
 
                                                                                                • Helm <–> Kubernetes
                                                                                                • Apt <–> Ubuntu
                                                                                                • Yum <–> CentOS
                                                                                                • Pip <–> Python
                                                                                                
 
                                                                                                The following figure shows the solution architecture:
                                                                                                
-
                                                                                                
+
                                                                                                
 
                                                                                                Helm can help application orchestration for Kubernetes:
                                                                                                
 
                                                                                                • Manages, edits, and updates a large number of Kubernetes configuration files.
                                                                                                • Deploys a complex Kubernetes application that contains a large number of configuration files.
                                                                                                • Shares and reuses Kubernetes configurations and applications.
                                                                                                • Supports multiple environments with parameter-based configuration templates.
                                                                                                • Manages the release of applications, including rolling back the application, finding differences (using the diff command), and viewing the release history.
                                                                                                • Controls phases in a deployment cycle.
                                                                                                • Tests and verifies the released version.
                                                                                                
 
 
 
                                                                                                
 
                                                                                                
-
                                                                                                Parent topic: Charts
                                                                                                
+
                                                                                                Parent topic: Helm Chart
                                                                                                
 
                                                                                                
 
                                                                                                
 
diff --git a/docs/cce/umn/cce_10_0193.html b/docs/cce/umn/cce_10_0193.html
index c294de2d8..a175dbbdb 100644
--- a/docs/cce/umn/cce_10_0193.html
+++ b/docs/cce/umn/cce_10_0193.html
@@ -1,87 +1,159 @@
 
 
 
                                                                                                volcano
                                                                                                
-
                                                                                                Introduction
                                                                                                Volcano is a batch processing platform based on Kubernetes. It provides a series of features required by machine learning, deep learning, bioinformatics, genomics, and other big data applications, as a powerful supplement to Kubernetes capabilities.
                                                                                                
-
                                                                                                Volcano provides general-purpose, high-performance computing capabilities, such as job scheduling engine, heterogeneous chip management, and job running management, serving end users through computing frameworks for different industries, such as AI, big data, gene sequencing, and rendering. (Volcano has been open-sourced in GitHub.)
                                                                                                
+
                                                                                                Introduction
                                                                                                Volcano is a batch processing platform based on Kubernetes. It provides a series of features required by machine learning, deep learning, bioinformatics, genomics, and other big data applications, as a powerful supplement to Kubernetes capabilities.
                                                                                                
+
                                                                                                Volcano provides general-purpose, high-performance computing capabilities, such as job scheduling, heterogeneous chip management, and job running management, serving end users through computing frameworks for different industries, such as AI, big data, gene sequencing, and rendering.
                                                                                                
 
                                                                                                Volcano provides job scheduling, job management, and queue management for computing applications. Its main features are as follows:
                                                                                                
 
                                                                                                • Diverse computing frameworks, such as TensorFlow, MPI, and Spark, can run on Kubernetes in containers. Common APIs for batch computing jobs through CRD, various plug-ins, and advanced job lifecycle management are provided.
                                                                                                • Advanced scheduling capabilities are provided for batch computing and high-performance computing scenarios, including group scheduling, preemptive priority scheduling, packing, resource reservation, and task topology.
                                                                                                • Queues can be effectively managed for scheduling jobs. Complex job scheduling capabilities such as queue priority and multi-level queues are supported.
                                                                                                
-
                                                                                                Open source community: https://github.com/volcano-sh/volcano
                                                                                                
+
                                                                                                Volcano has been open-sourced in GitHub at https://github.com/volcano-sh/volcano.
                                                                                                
+
                                                                                                Install and configure the Volcano add-on in CCE clusters. For details, see Volcano Scheduling.
                                                                                                
+
                                                                                                 
                                                                                                When using Volcano as a scheduler, use it to schedule all workloads in the cluster. This prevents resource scheduling conflicts caused by simultaneous working of multiple schedulers.
                                                                                                
+
                                                                                                
 
                                                                                                
-
                                                                                                Installing the Add-on
                                                                                                1. Log in to the CCE console, click the cluster name, and access the cluster console. Choose Add-ons in the navigation pane, locate volcano on the right, and click Install.
                                                                                                2. Select Standalone, Custom, or HA for Add-on Specifications.
                                                                                                  If you select Custom, the recommended values of volcano-controller and volcano-scheduler are as follows:
                                                                                                  
-
                                                                                                  • If the number of nodes is less than 100, retain the default configuration. That is, the CPU request value is 500m, and the limit value is 2000m. The memory request value is 500Mi, and the limit value is 2000Mi.
                                                                                                  • If the number of nodes is greater than 100, increase the CPU request value by 500m and the memory request value by 1000Mi each time 100 nodes (10000 pods) are added. You are advised to increase the CPU limit value by 1500m and the memory limit by 1000Mi.
-
                                                                                                    Table 1 Recommended values for volcano-controller and volcano-scheduler
                                                                                                    Number of Node/Pod
                                                                                                    
+
                                                                                                    Installing the Add-on
                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate volcano on the right, and click Install.
                                                                                                    2. On the Install Add-on page, configure the specifications.
                                                                                                      
+
                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                      Table 1 Add-on configuration
                                                                                                      Parameter
                                                                                                      
 
                                                                                                      CPU Request(m)
                                                                                                      
-
                                                                                                      CPU Limit(m)
                                                                                                      
-
                                                                                                      Memory Request(Mi)
                                                                                                      
-
                                                                                                      Memory Limit(Mi)
                                                                                                      
+
                                                                                                      Description
                                                                                                      
                                                                                                       		
 
                                                                                                      
 
                                                                                                      50/5k
                                                                                                      
+
                                                                                                      Add-on Specifications
                                                                                                      
 
                                                                                                      500
                                                                                                      
-
                                                                                                      2000
                                                                                                      
-
                                                                                                      500
                                                                                                      
-
                                                                                                      2000
                                                                                                      
+
                                                                                                      Select Single, Custom, or HA for Add-on Specifications.
                                                                                                      
                                                                                                       		
 
                                                                                                      100/1w
                                                                                                      
+
                                                                                                      Pods
                                                                                                      
 
                                                                                                      1000
                                                                                                      
-
                                                                                                      2500
                                                                                                      
-
                                                                                                      1500
                                                                                                      
-
                                                                                                      2500
                                                                                                      
+
                                                                                                      Number of pods that will be created to match the selected add-on specifications.
                                                                                                      
+
                                                                                                      If you select Custom, you can adjust the number of pods as required.
                                                                                                      
                                                                                                       		
 
                                                                                                      200/2w
                                                                                                      
+
                                                                                                      Multi-AZ
                                                                                                      
 
                                                                                                      1500
                                                                                                      
-
                                                                                                      3000
                                                                                                      
-
                                                                                                      2500
                                                                                                      
-
                                                                                                      3500
                                                                                                      
+
                                                                                                      • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ.
                                                                                                      • Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.
                                                                                                      
                                                                                                       		
 
                                                                                                      300/3w
                                                                                                      
+
                                                                                                      Containers
                                                                                                      
 
                                                                                                      2000
                                                                                                      
-
                                                                                                      3500
                                                                                                      
-
                                                                                                      3500
                                                                                                      
-
                                                                                                      4500
                                                                                                      
-
                                                                                                      400/4w
                                                                                                      
-
                                                                                                      2500
                                                                                                      
-
                                                                                                      4000
                                                                                                      
-
                                                                                                      4500
                                                                                                      
-
                                                                                                      5500
                                                                                                      
+
                                                                                                      CPU and memory quotas of the container allowed for the selected add-on specifications.
                                                                                                      
+
                                                                                                      If you select Custom, the recommended values for volcano-controller and volcano-scheduler are as follows:
                                                                                                      
+
                                                                                                      • If the number of nodes is less than 100, retain the default configuration. The requested CPU is 500 m, and the limit is 2000 m. The requested memory is 500 MiB, and the limit is 2000 MiB.
                                                                                                      • If the number of nodes is greater than 100, increase the requested CPU by 500 m and the requested memory by 1000 MiB each time 100 nodes (10,000 pods) are added. Increase the CPU limit by 1500 m and the memory limit by 1000 MiB.
                                                                                                         NOTE: 
                                                                                                        Recommended formula for calculating the request value:
                                                                                                        
+
                                                                                                        • CPU request value: Calculate the number of target nodes multiplied by the number of target pods, perform interpolation search based on the number of nodes in the cluster multiplied by the number of target pods in Table 2, and round up the request value and limit value that are closest to the specifications.
                                                                                                          For example, for 2000 nodes and 20,000 pods, Number of target nodes x Number of target pods = 40 million, which is close to the specification of 700/70000 (Number of cluster nodes x Number of pods = 49 million). According to the following table, you are advised to set the CPU request value to 4000 m and the limit value to 5500 m.
                                                                                                          
+
                                                                                                        • Memory request value: It is recommended that 2.4 GiB memory be allocated to every 1000 nodes and 1 GiB memory be allocated to every 10,000 pods. The memory request value is the sum of these two values. (The obtained value may be different from the recommended value in Table 2. You can use either of them.)
                                                                                                          Memory request = Number of target nodes/1000 x 2.4 GiB + Number of target pods/10000 x 1 GiB
                                                                                                          
+
                                                                                                          For example, for 2000 nodes and 20,000 pods, the memory request value is 6.8 GiB, that is, 2000/1000 x 2.4 GiB + 20000/10000 x 1 GiB.
                                                                                                          
+
                                                                                                        
+
                                                                                                        
+
                                                                                                      
                                                                                                       		
 
                                                                                                      
                                                                                                       
 
                                                                                                      
 
                                                                                                      
-
                                                                                                      3. 
-
                                                                                                    3. Select whether to deploy the add-on pods across multiple AZs.
                                                                                                      • Preferred: Deployment pods of the add-on are preferentially scheduled to nodes in different AZs. If the nodes in the cluster do not meet the requirements of multiple AZs, the pods are scheduled to a single AZ.
                                                                                                      • Required: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. If the nodes in the cluster do not meet the requirements of multiple AZs, not all pods can run.
                                                                                                      
-
                                                                                                    4. Parameters of the volcano default scheduler. For details, see Table 2.
                                                                                                      colocation_enable: ''
+
+
                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                      Table 2 Recommended values for volcano-controller and volcano-scheduler
                                                                                                      Nodes/Pods in a Cluster
                                                                                                      
+
                                                                                                      CPU Request (m)
                                                                                                      
+
                                                                                                      CPU Limit (m)
                                                                                                      
+
                                                                                                      Memory Request (MiB)
                                                                                                      
+
                                                                                                      Memory Limit (MiB)
                                                                                                      
+
                                                                                                      50/5,000
                                                                                                      
+
                                                                                                      500
                                                                                                      
+
                                                                                                      2000
                                                                                                      
+
                                                                                                      500
                                                                                                      
+
                                                                                                      2000
                                                                                                      
+
                                                                                                      100/10,000
                                                                                                      
+
                                                                                                      1000
                                                                                                      
+
                                                                                                      2500
                                                                                                      
+
                                                                                                      1500
                                                                                                      
+
                                                                                                      2500
                                                                                                      
+
                                                                                                      200/20,000
                                                                                                      
+
                                                                                                      1500
                                                                                                      
+
                                                                                                      3000
                                                                                                      
+
                                                                                                      2500
                                                                                                      
+
                                                                                                      3500
                                                                                                      
+
                                                                                                      300/30,000
                                                                                                      
+
                                                                                                      2000
                                                                                                      
+
                                                                                                      3500
                                                                                                      
+
                                                                                                      3500
                                                                                                      
+
                                                                                                      4500
                                                                                                      
+
                                                                                                      400/40,000
                                                                                                      
+
                                                                                                      2500
                                                                                                      
+
                                                                                                      4000
                                                                                                      
+
                                                                                                      4500
                                                                                                      
+
                                                                                                      5500
                                                                                                      
+
                                                                                                      500/50,000
                                                                                                      
+
                                                                                                      3000
                                                                                                      
+
                                                                                                      4500
                                                                                                      
+
                                                                                                      5500
                                                                                                      
+
                                                                                                      6500
                                                                                                      
+
                                                                                                      600/60,000
                                                                                                      
+
                                                                                                      3500
                                                                                                      
+
                                                                                                      5000
                                                                                                      
+
                                                                                                      6500
                                                                                                      
+
                                                                                                      7500
                                                                                                      
+
                                                                                                      700/70,000
                                                                                                      
+
                                                                                                      4000
                                                                                                      
+
                                                                                                      5500
                                                                                                      
+
                                                                                                      7500
                                                                                                      
+
                                                                                                      8500
                                                                                                      
+
                                                                                                      
+
                                                                                                      
+
                                                                                                    5. Configure the add-on parameters.
                                                                                                      Configure parameters of the default volcano scheduler. For details, see Table 4.
                                                                                                      colocation_enable: ''
 default_scheduler_conf:
   actions: 'allocate, backfill'
   tiers:
@@ -101,26 +173,99 @@ default_scheduler_conf:
         - name: 'nodelocalvolume'
         - name: 'nodeemptydirvolume'
         - name: 'nodeCSIscheduling'
-        - name: 'networkresource'
                                                                                                      
+        - name: 'networkresource'
+tolerations:
+  - effect: NoExecute
+    key: node.kubernetes.io/not-ready
+    operator: Exists
+    tolerationSeconds: 60
+  - effect: NoExecute
+    key: node.kubernetes.io/unreachable
+    operator: Exists
+    tolerationSeconds: 60
 
-
                                                                                                      Table 2 Volcano Plugins
                                                                                                      Add-on
                                                                                                      
+
                                                                                                      
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                      Table 3 Advanced Volcano configuration parameters
                                                                                                      Plug-in
                                                                                                      
 
                                                                                                      Function
                                                                                                      
+
                                                                                                      Function
                                                                                                      
 
                                                                                                      Description
                                                                                                      
+
                                                                                                      Description
                                                                                                      
 
                                                                                                      Demonstration
                                                                                                      
+
                                                                                                      Demonstration
                                                                                                      
                                                                                                       		
 
                                                                                                      
 
                                                                                                      binpack
                                                                                                      
+
                                                                                                      default_scheduler_conf
                                                                                                      
 
                                                                                                      Schedules pods to nodes with high resource utilization to reduce resource fragments.
                                                                                                      
+
                                                                                                      Used to schedule pods. It consists of a series of actions and plug-ins and features high scalability. You can specify and implement actions and plug-ins based on your requirements.
                                                                                                      
 
                                                                                                      • binpack.weight: Weight of the binpack plugin.
                                                                                                      • binpack.cpu: ratio of CPU resources to all resources. Defaults to 1.
                                                                                                      • binpack.memory: Ratio of memory resources to all resources. Defaults to 1.
                                                                                                      • binpack.resources: resource type.
                                                                                                      
+
                                                                                                      It consists of actions and tiers.
                                                                                                      
+
                                                                                                      • actions: defines the types and sequence of actions to be executed by the scheduler.
                                                                                                      • tiers: configures the plug-in list.
                                                                                                      
 
                                                                                                      - plugins:
-  - name: binpack
+
                                                                                                      None
                                                                                                      
+
                                                                                                      actions
                                                                                                      
+
                                                                                                      Actions to be executed in each scheduling phase. The configured action sequence is the scheduler execution sequence. For details, see Actions.
                                                                                                      
+
                                                                                                      The scheduler traverses all jobs to be scheduled and performs actions such as enqueue, allocate, preempt, reclaim, and backfill in the configured sequence to find the most appropriate node for each job.
                                                                                                      
+
                                                                                                      The following options are supported:
                                                                                                      
+
                                                                                                      • enqueue: uses a series of filtering algorithms to filter out tasks to be scheduled and sends them to the queue to wait for scheduling. After this action, the task status changes from pending to inqueue.
                                                                                                      • allocate: selects the most suitable node based on a series of pre-selection and selection algorithms.
                                                                                                      • preempt: performs preemption scheduling for tasks with higher priorities in the same queue based on priority rules.
                                                                                                      • backfill: schedules pending tasks as much as possible to maximize the utilization of node resources.
                                                                                                      
+
                                                                                                      actions: 'allocate, backfill'
                                                                                                      
+
                                                                                                       NOTE: 
                                                                                                      When configuring actions, use either preempt or enqueue.
                                                                                                      
+
                                                                                                      
+
                                                                                                      plugins
                                                                                                      
+
                                                                                                      Implementation details of algorithms in actions based on different scenarios. For details, see Plugins.
                                                                                                      
+
                                                                                                      For details, see Table 4.
                                                                                                      
+
                                                                                                      None
                                                                                                      
+
                                                                                                      tolerations
                                                                                                      
+
                                                                                                      Tolerance of the add-on to node taints.
                                                                                                      
+
                                                                                                      By default, the add-on can run on nodes with the node.kubernetes.io/not-ready or node.kubernetes.io/unreachable taint and the taint effect value is NoExecute, but it'll be evicted in 60 seconds.
                                                                                                      
+
                                                                                                      tolerations:
+  - effect: NoExecute
+    key: node.kubernetes.io/not-ready
+    operator: Exists
+    tolerationSeconds: 60
+  - effect: NoExecute
+    key: node.kubernetes.io/unreachable
+    operator: Exists
+    tolerationSeconds: 60
                                                                                                      
+
                                                                                                      
+
                                                                                                      
+
+
                                                                                                      
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                      Table 4 Supported plug-ins
                                                                                                      Plug-in
                                                                                                      
+
                                                                                                      Function
                                                                                                      
+
                                                                                                      Description
                                                                                                      
+
                                                                                                      Demonstration
                                                                                                      
+
                                                                                                      binpack
                                                                                                      
+
                                                                                                      Schedule pods to nodes with high resource usage (not allocating pods to light-loaded nodes) to reduce resource fragments.
                                                                                                      
+
                                                                                                      arguments:
                                                                                                      
+
                                                                                                      • binpack.weight: weight of the binpack plug-in.
                                                                                                      • binpack.cpu: ratio of CPUs to all resources. The parameter value defaults to 1.
                                                                                                      • binpack.memory: ratio of memory resources to all resources. The parameter value defaults to 1.
                                                                                                      • binpack.resources: other custom resource types requested by the pod, for example, nvidia.com/gpu. Multiple types can be configured and be separated by commas (,).
                                                                                                      • binpack.resources.<your_resource>: weight of your custom resource in all resources. Multiple types of resources can be added. <your_resource> indicates the resource type defined in binpack.resources, for example, binpack.resources.nvidia.com/gpu.
                                                                                                      
+
                                                                                                      - plugins:
+  - name: binpack
     arguments:
       binpack.weight: 10
       binpack.cpu: 1
@@ -130,71 +275,96 @@ default_scheduler_conf:
       binpack.resources.example.com/foo: 3
                                                                                                      
                                                                                                       		
 
                                                                                                      conformance
                                                                                                      
+
                                                                                                      conformance
                                                                                                      
 
                                                                                                      The conformance plugin considers that the tasks in namespace kube-system have a higher priority. These tasks will not be preempted.
                                                                                                      
+
                                                                                                      Prevent key pods, such as the pods in the kube-system namespace from being preempted.
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      None
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      - plugins:
+  - name: 'priority'
+  - name: 'gang'
+    enablePreemptable: false
+  - name: 'conformance'
                                                                                                      
                                                                                                       		
 
                                                                                                      gang
                                                                                                      
+
                                                                                                      gang
                                                                                                      
 
                                                                                                      The gang plugin considers a group of pods as a whole to allocate resources.
                                                                                                      
+
                                                                                                      Consider a group of pods as a whole for resource allocation. This plug-in checks whether the number of scheduled pods in a job meets the minimum requirements for running the job. If yes, all pods in the job will be scheduled. If no, the pods will not be scheduled.
                                                                                                      
+
                                                                                                       NOTE: 
                                                                                                      If a gang scheduling policy is used, if the remaining resources in the cluster are greater than or equal to half of the minimum number of resources for running a job but less than the minimum of resources for running the job, autoscaler scale-outs will not be triggered.
                                                                                                      
+
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      enablePreemptable:
                                                                                                      
+
                                                                                                      • true: Preemption enabled
                                                                                                      • false: Preemption not enabled
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      - plugins:
+  - name: priority
+  - name: gang
+    enablePreemptable: false
+  - name: conformance
                                                                                                      
                                                                                                       		
 
                                                                                                      priority
                                                                                                      
+
                                                                                                      priority
                                                                                                      
 
                                                                                                      The priority plugin schedules pods based on the custom workload priority.
                                                                                                      
+
                                                                                                      Schedule based on custom load priorities.
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      None
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      - plugins:
+  - name: priority
+  - name: gang
+    enablePreemptable: false
+  - name: conformance
                                                                                                      
                                                                                                       		
 
                                                                                                      overcommit
                                                                                                      
+
                                                                                                      overcommit
                                                                                                      
 
                                                                                                      Resources in a cluster are scheduled after being accumulated in a certain multiple to improve the workload enqueuing efficiency. If all workloads are Deployments, remove this plugin or set the raising factor to 2.0.
                                                                                                      
+
                                                                                                      Resources in a cluster are scheduled after being accumulated in a certain multiple to improve the workload enqueuing efficiency. If all workloads are Deployments, remove this plugin or set the raising factor to 2.0.
                                                                                                      
+
                                                                                                       NOTE: 
                                                                                                      This plug-in is supported in Volcano 1.6.5 and later versions.
                                                                                                      
+
                                                                                                      
 
                                                                                                      overcommit-factor: Raising factor. Defaults to 1.2.
                                                                                                      
+
                                                                                                      arguments:
                                                                                                      
+
                                                                                                      • overcommit-factor: inflation factor, which defaults to 1.2.
                                                                                                      
 
                                                                                                      - plugins:
-  - name: overcommit
+
                                                                                                      - plugins:
+  - name: overcommit
     arguments:
       overcommit-factor: 2.0
                                                                                                      
                                                                                                       		
 
                                                                                                      drf
                                                                                                      
+
                                                                                                      drf
                                                                                                      
 
                                                                                                      The DRF plugin schedules resources based on the container group Domaint Resource. The smallest Domaint Resource would be selected for priority scheduling.
                                                                                                      
+
                                                                                                      The Dominant Resource Fairness (DRF) scheduling algorithm, which schedules jobs based on their dominant resource share. Jobs with a smaller resource share will be scheduled with a higher priority.
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      None
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      - plugins:
+  - name: 'drf'
+  - name: 'predicates'
+  - name: 'nodeorder'
                                                                                                      
                                                                                                       		
 
                                                                                                      predicates
                                                                                                      
+
                                                                                                      predicates
                                                                                                      
 
                                                                                                      Determines whether a task is bound to a node by using a series of evaluation algorithms, such as node/pod affinity, taint tolerance, node port repetition, volume limits, and volume zone matching.
                                                                                                      
+
                                                                                                      Determine whether a task is bound to a node by using a series of evaluation algorithms, such as node/pod affinity, taint tolerance, node repetition, volume limits, and volume zone matching.
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      None
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      - plugins:
+  - name: 'drf'
+  - name: 'predicates'
+  - name: 'nodeorder'
                                                                                                      
                                                                                                       		
 
                                                                                                      nodeorder
                                                                                                      
+
                                                                                                      nodeorder
                                                                                                      
 
                                                                                                      The nodeorder plugin scores all nodes for a task by using a series of scoring algorithms.
                                                                                                      
+
                                                                                                      A common algorithm for selecting nodes. Nodes are scored in simulated resource allocation to find the most suitable node for the current job.
                                                                                                      
 
                                                                                                      • nodeaffinity.weight: Pods are scheduled based on the node affinity. Defaults to 1.
                                                                                                      • podaffinity.weight: Pods are scheduled based on the pod affinity. Defaults to 1.
                                                                                                      • leastrequested.weight: Pods are scheduled to the node with the least resources. Defaults to 1.
                                                                                                      • balancedresource.weight: Pods are scheduled to the node with balanced resource. Defaults to 1.
                                                                                                      • mostrequested.weight: Pods are scheduled to the node with the most requested resources. Defaults to 0.
                                                                                                      • tainttoleration.weight: Pods are scheduled to the node with a high taint tolerance. Defaults to 1.
                                                                                                      • imagelocality.weight: Pods are scheduled to the node where the required images exist. Defaults to 1.
                                                                                                      • selectorspread.weight: Pods are evenly scheduled to different nodes. Defaults to 0.
                                                                                                      • volumebinding.weight: Pods are scheduled to the node with the local PV delayed binding policy. Defaults to 1.
                                                                                                      • podtopologyspread.weight: Pods are scheduled based on the pod topology. Defaults to 2.
                                                                                                      
+
                                                                                                      Scoring parameters:
                                                                                                      
+
                                                                                                      • nodeaffinity.weight: Pods are scheduled based on node affinity. This parameter defaults to 1.
                                                                                                      • podaffinity.weight: Pods are scheduled based on pod affinity. This parameter defaults to 1.
                                                                                                      • leastrequested.weight: Pods are scheduled to the node with the least requested resources. This parameter defaults to 1.
                                                                                                      • balancedresource.weight: Pods are scheduled to the node with balanced resource allocation. This parameter defaults to 1.
                                                                                                      • mostrequested.weight: Pods are scheduled to the node with the most requested resources. This parameter defaults to 0.
                                                                                                      • tainttoleration.weight: Pods are scheduled to the node with a high taint tolerance. This parameter defaults to 1.
                                                                                                      • imagelocality.weight: Pods are scheduled to the node where the required images exist. This parameter defaults to 1.
                                                                                                      • selectorspread.weight: Pods are evenly scheduled to different nodes. This parameter defaults to 0.
                                                                                                      • volumebinding.weight: Pods are scheduled to the node with the local PV delayed binding policy. This parameter defaults to 1.
                                                                                                      • podtopologyspread.weight: Pods are scheduled based on the pod topology. This parameter defaults to 2.
                                                                                                      
 
                                                                                                      - plugins:
-  - name: nodeorder
+
                                                                                                      - plugins:
+  - name: nodeorder
     arguments:
       leastrequested.weight: 1
       mostrequested.weight: 0
@@ -207,88 +377,176 @@ default_scheduler_conf:
       podtopologyspread.weight: 2
                                                                                                      
                                                                                                       		
 
                                                                                                      cce-gpu-topology-predicate
                                                                                                      
+
                                                                                                      cce-gpu-topology-predicate
                                                                                                      
 
                                                                                                      GPU-topology scheduling preselection algorithm
                                                                                                      
+
                                                                                                      GPU-topology scheduling preselection algorithm
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      None
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      - plugins:
+  - name: 'cce-gpu-topology-predicate'
+  - name: 'cce-gpu-topology-priority'
+  - name: 'cce-gpu'
                                                                                                      
                                                                                                       		
 
                                                                                                      cce-gpu-topology-priority
                                                                                                      
+
                                                                                                      cce-gpu-topology-priority
                                                                                                      
 
                                                                                                      GPU-topology scheduling priority algorithm
                                                                                                      
+
                                                                                                      GPU-topology scheduling priority algorithm
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      None
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      - plugins:
+  - name: 'cce-gpu-topology-predicate'
+  - name: 'cce-gpu-topology-priority'
+  - name: 'cce-gpu'
                                                                                                      
                                                                                                       		
 
                                                                                                      cce-gpu
                                                                                                      
+
                                                                                                      cce-gpu
                                                                                                      
 
                                                                                                      Works with the gpu add-on of CCE to support GPU resource allocation and decimal GPU configuration.
                                                                                                      
+
                                                                                                      GPU resource allocation that supports decimal GPU configurations by working with the gpu add-on.
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      None
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      - plugins:
+  - name: 'cce-gpu-topology-predicate'
+  - name: 'cce-gpu-topology-priority'
+  - name: 'cce-gpu'
                                                                                                      
                                                                                                       		
 
                                                                                                      numaaware
                                                                                                      
+
                                                                                                      numa-aware
                                                                                                      
 
                                                                                                      NUMA topology scheduling
                                                                                                      
+
                                                                                                      NUMA affinity scheduling. 
                                                                                                      
 
                                                                                                      weight: Weight of the numa-aware plugin.
                                                                                                      
+
                                                                                                      arguments:
                                                                                                      
+
                                                                                                      • weight: weight of the numa-aware plug-in
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      - plugins:
+  - name: 'nodelocalvolume'
+  - name: 'nodeemptydirvolume'
+  - name: 'nodeCSIscheduling'
+  - name: 'networkresource'
+    arguments:
+      NetworkType: vpc-router
+  - name: numa-aware
+    arguments:
+      weight: 10
                                                                                                      
                                                                                                       		
 
                                                                                                      networkresource
                                                                                                      
+
                                                                                                      networkresource
                                                                                                      
 
                                                                                                      The ENI requirement node can be preselected and filtered. The parameters are transferred by CCE and do not need to be manually configured.
                                                                                                      
+
                                                                                                      The ENI requirement node can be preselected and filtered. The parameters are transferred by CCE and do not need to be manually configured.
                                                                                                      
 
                                                                                                      NetworkType: Network type (eni or vpc-router).
                                                                                                      
+
                                                                                                      arguments:
                                                                                                      
+
                                                                                                      • NetworkType: network type (eni or vpc-router)
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      - plugins:
+  - name: 'nodelocalvolume'
+  - name: 'nodeemptydirvolume'
+  - name: 'nodeCSIscheduling'
+  - name: 'networkresource'
+    arguments:
+      NetworkType: vpc-router
                                                                                                      
                                                                                                       		
 
                                                                                                      nodelocalvolume
                                                                                                      
+
                                                                                                      nodelocalvolume
                                                                                                      
 
                                                                                                      The nodelocalvolume plugin filters out nodes that do not meet local volume requirements can be filtered out.
                                                                                                      
+
                                                                                                      Filter out nodes that do not meet local volume requirements.
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      None
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      - plugins:
+  - name: 'nodelocalvolume'
+  - name: 'nodeemptydirvolume'
+  - name: 'nodeCSIscheduling'
+  - name: 'networkresource'
                                                                                                      
                                                                                                       		
 
                                                                                                      nodeemptydirvolume
                                                                                                      
+
                                                                                                      nodeemptydirvolume
                                                                                                      
 
                                                                                                      The nodeemptydirvolume plugin filters out nodes that do not meet the emptyDir requirements.
                                                                                                      
+
                                                                                                      Filter out nodes that do not meet the emptyDir requirements.
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      None
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      - plugins:
+  - name: 'nodelocalvolume'
+  - name: 'nodeemptydirvolume'
+  - name: 'nodeCSIscheduling'
+  - name: 'networkresource'
                                                                                                      
                                                                                                       		
 
                                                                                                      nodeCSIscheduling
                                                                                                      
+
                                                                                                      nodeCSIscheduling
                                                                                                      
 
                                                                                                      The nodeCSIscheduling plugin filters out nodes that have the everest component exception.
                                                                                                      
+
                                                                                                      Filter out nodes with malfunctional everest.
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      None
                                                                                                      
 
                                                                                                      -
                                                                                                      
+
                                                                                                      - plugins:
+  - name: 'nodelocalvolume'
+  - name: 'nodeemptydirvolume'
+  - name: 'nodeCSIscheduling'
+  - name: 'networkresource'
                                                                                                      
                                                                                                       		
 
                                                                                                      
                                                                                                       
 
                                                                                                      
 
                                                                                                      
+
 
                                                                                                    6. Click Install.
                                                                                                      7. 
 
-
                                                                                                      Modifying the volcano-scheduler Configuration Using the Console
                                                                                                      Volcano allows you to configure the scheduler during installation, upgrade, and editing. The configuration will be synchronized to volcano-scheduler-configmap.
                                                                                                      
-
                                                                                                      This section describes how to configure the volcano scheduler.
                                                                                                      
-
                                                                                                       
                                                                                                      Only Volcano of v1.7.1 and later support this function. On the new plug-in page, options such as plugins.eas_service and resource_exporter_enable are replaced by default_scheduler_conf.
                                                                                                      
+
                                                                                                      Components
                                                                                                      
+
                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                      Table 5 Volcano components
                                                                                                      Container Component
                                                                                                      
+
                                                                                                      Description
                                                                                                      
+
                                                                                                      Resource Type
                                                                                                      
+
                                                                                                      volcano-scheduler
                                                                                                      
+
                                                                                                      Schedule pods.
                                                                                                      
+
                                                                                                      Deployment
                                                                                                      
+
                                                                                                      volcano-controller
                                                                                                      
+
                                                                                                      Synchronize CRDs.
                                                                                                      
+
                                                                                                      Deployment
                                                                                                      
+
                                                                                                      volcano-admission
                                                                                                      
+
                                                                                                      Webhook server, which verifies and modifies resources such as pods and jobs
                                                                                                      
+
                                                                                                      Deployment
                                                                                                      
+
                                                                                                      volcano-agent
                                                                                                      
+
                                                                                                      Cloud native hybrid agent, which is used for node QoS assurance, CPU burst, and dynamic resource oversubscription
                                                                                                      
+
                                                                                                      DaemonSet
                                                                                                      
+
                                                                                                      resource-exporter
                                                                                                      
+
                                                                                                      Report the NUMA topology information of nodes.
                                                                                                      
+
                                                                                                      DaemonSet
                                                                                                      
+
                                                                                                      
+
                                                                                                      
+
                                                                                                      
+
                                                                                                      Modifying the volcano-scheduler Configurations Using the Console
                                                                                                      Volcano scheduler is the component responsible for pod scheduling. It consists of a series of actions and plug-ins. Actions should be executed in every step. Plugins provide the action algorithm details in different scenarios. volcano-scheduler is highly scalable. You can specify and implement actions and plug-ins based on your requirements.
                                                                                                      
+
                                                                                                      Volcano allows you to configure the scheduler during installation, upgrade, and editing. The configuration will be synchronized to volcano-scheduler-configmap.
                                                                                                      
+
                                                                                                      This section describes how to configure volcano-scheduler.
                                                                                                      
+
                                                                                                       
                                                                                                      Only Volcano of v1.7.1 and later support this function. On the new plugin page, options such as plugins.eas_service and resource_exporter_enable are replaced by default_scheduler_conf.
                                                                                                      
 
                                                                                                      
-
                                                                                                      Log in to the CCE console and access the cluster console. Choose Add-ons in the navigation pane. On the right of the page, locate volcano and click Install or Upgrade. In the Parameters area, configure the volcano scheduler parameters.
                                                                                                      
+
                                                                                                      Log in to the CCE console and access the cluster console. Choose Add-ons in the navigation pane. On the right of the page, locate volcano and click Install or Upgrade. In the Parameters area, configure the volcano-scheduler parameters.
                                                                                                      
 
                                                                                                      • Using resource_exporter:
                                                                                                        {
     "ca_cert": "",
     "default_scheduler_conf": {
@@ -357,7 +615,7 @@ default_scheduler_conf:
     "server_cert": "",
     "server_key": ""
 }
                                                                                                        
-
                                                                                                        After this function is enabled, you can use the functions of the numa-aware plug-in and resource_exporter at the same time.
                                                                                                        
+
                                                                                                        After this function is enabled, you can use the functions of the numa-aware plugin and resource_exporter at the same time.
                                                                                                        
 
                                                                                                      
 
                                                                                                      • Using eas_service:
                                                                                                        {
     "ca_cert": "",
@@ -509,7 +767,7 @@ default_scheduler_conf:
 }
                                                                                                        
 
                                                                                                      
 
                                                                                                      
-
                                                                                                      Retaining the Original volcano-scheduler-configmap Configuration
                                                                                                      If you want to use the original configuration after the plug-in is upgraded, perform the following steps:
                                                                                                      
+
                                                                                                      Retaining the Original volcano-scheduler-configmap Configurations
                                                                                                      If you want to use the original configuration after the plug-in is upgraded, perform the following steps:
                                                                                                      
 
                                                                                                      1. Check and back up the original volcano-scheduler-configmap configuration.
                                                                                                        Example:
                                                                                                        # kubectl edit cm volcano-scheduler-configmap -n kube-system
 apiVersion: v1
 data:
@@ -540,7 +798,7 @@ data:
       - name: nodeCSIscheduling
       - name: networkresource
                                                                                                        
 
                                                                                                        
-
                                                                                                      2. Enter the customized content in the Parameters on the console.
                                                                                                        {
+
                                                                                                      3. Enter the customized content in the Parameters area on the console.
                                                                                                        {
     "ca_cert": "",
     "default_scheduler_conf": {
         "actions": "enqueue, allocate, backfill",
@@ -618,6 +876,67 @@ data:
 
                                                                                                      
 
                                                                                                      
 
                                                                                                      
+
                                                                                                      Uninstalling the Volcano Add-on
                                                                                                      After the add-on is uninstalled, all custom Volcano resources (Table 6) will be deleted, including the created resources. Reinstalling the add-on will not inherit or restore the tasks before the uninstallation. It is a good practice to uninstall the Volcano add-on only when no custom Volcano resources are being used in the cluster.
                                                                                                      
+
+
                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                      Table 6 Custom Volcano resources
                                                                                                      Item
                                                                                                      
+
                                                                                                      API Group
                                                                                                      
+
                                                                                                      API Version
                                                                                                      
+
                                                                                                      Resource Level
                                                                                                      
+
                                                                                                      Command
                                                                                                      
+
                                                                                                      bus.volcano.sh
                                                                                                      
+
                                                                                                      v1alpha1
                                                                                                      
+
                                                                                                      Namespaced
                                                                                                      
+
                                                                                                      Job
                                                                                                      
+
                                                                                                      batch.volcano.sh
                                                                                                      
+
                                                                                                      v1alpha1
                                                                                                      
+
                                                                                                      Namespaced
                                                                                                      
+
                                                                                                      Numatopology
                                                                                                      
+
                                                                                                      nodeinfo.volcano.sh
                                                                                                      
+
                                                                                                      v1alpha1
                                                                                                      
+
                                                                                                      Cluster
                                                                                                      
+
                                                                                                      PodGroup
                                                                                                      
+
                                                                                                      scheduling.volcano.sh
                                                                                                      
+
                                                                                                      v1beta1
                                                                                                      
+
                                                                                                      Namespaced
                                                                                                      
+
                                                                                                      Queue
                                                                                                      
+
                                                                                                      scheduling.volcano.sh
                                                                                                      
+
                                                                                                      v1beta1
                                                                                                      
+
                                                                                                      Cluster
                                                                                                      
+
                                                                                                      
+
                                                                                                      
+
                                                                                                      
 
                                                                                                      
 
                                                                                                      
 
                                                                                                      
diff --git a/docs/cce/umn/cce_10_0197.html b/docs/cce/umn/cce_10_0197.html
index f0b34d822..c415861e0 100644
--- a/docs/cce/umn/cce_10_0197.html
+++ b/docs/cce/umn/cce_10_0197.html
@@ -4,104 +4,108 @@
 
                                                                                                      To enable interoperability from one Kubernetes installation to the next, you must upgrade your Kubernetes clusters before the maintenance period ends.
                                                                                                      
 
                                                                                                      After the latest Kubernetes version is available in CCE, CCE will describe the changes in this version.
                                                                                                      
 
                                                                                                      You can use the CCE console to upgrade the Kubernetes version of a cluster.
                                                                                                      
-
                                                                                                      An upgrade flag will be displayed on the cluster card view if there is a new version for the cluster to upgrade.
                                                                                                      
+
                                                                                                      An upgrade tag will be displayed on the cluster card view if there is a new version for the cluster to upgrade.
                                                                                                      
 
                                                                                                      How to check:
                                                                                                      
-
                                                                                                      Log in to the CCE console and check whether the message "New version available" is displayed in the lower left corner of the cluster. If yes, the cluster can be upgraded. If no, the cluster cannot be upgraded.
                                                                                                      
-
                                                                                                      Figure 1 Cluster with the upgrade flag
                                                                                                      
-
                                                                                                      Cluster Upgrade
                                                                                                      The following table describes the target version to which each cluster version can be upgraded, the supported upgrade modes, and upgrade impacts.
                                                                                                      
+
                                                                                                      Log in to the CCE console and check whether the message "New version available" is displayed in the lower left corner of the cluster. If yes, the cluster can be upgraded. View the release notes for the latest version. For details, see Release Notes for CCE Cluster Versions. If no such a message is displayed, the cluster is of the latest version.
                                                                                                      
+
                                                                                                      Figure 1 Cluster with the upgrade tag
                                                                                                      
+
                                                                                                      Cluster Upgrade Process
                                                                                                      The cluster upgrade process involves pre-upgrade check, backup, upgrade, and post-upgrade verification.
                                                                                                      
+
                                                                                                      Figure 2 Process of upgrading a cluster
                                                                                                      
+
                                                                                                      After determining the target version of the cluster, read the precautions carefully and prevent function incompatibility during the upgrade.
                                                                                                      
+
                                                                                                      1. Pre-upgrade check
                                                                                                        Before a cluster upgrade, CCE checks the compatibility of nodes, add-ons, and workloads in the cluster to reduce the probability of upgrade failures to the best extend. If any exception is detected, rectify the fault as prompted on the console.
                                                                                                        
+
                                                                                                      2. Backup
                                                                                                        During the upgrade, cluster data is backed up by default. You can also back up the entire master nodes as needed. Cloud Backup and Recovery (CBR) will be used for full-node backup. It takes about 20 minutes to back up one node.
                                                                                                        
+
                                                                                                      3. Upgrade
                                                                                                        During the upgrade, configure upgrade parameters, such as the step for add-on upgrade or node rolling upgrade. After the upgrade parameters are configured, the add-ons and nodes will be upgraded one by one.
                                                                                                        
+
                                                                                                      4. Post-upgrade verification
                                                                                                        After the upgrade, manually check services and ensure that services are not interrupted by the upgrade.
                                                                                                        
+
                                                                                                      
+
                                                                                                      
+
                                                                                                      Cluster Upgrade
                                                                                                      The following table describes the target version to which each cluster version can be upgraded and the supported upgrade modes.
                                                                                                      
 
-
                                                                                                      Table 1 Cluster upgrade paths and impacts
                                                                                                      Source Version
                                                                                                      
+
                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
                                                                                                      Table 1 Cluster upgrade
                                                                                                      Source Version
                                                                                                      
 
                                                                                                      Target Version
                                                                                                      
+
                                                                                                      Target Version
                                                                                                      
 
                                                                                                      Upgrade Modes
                                                                                                      
+
                                                                                                      Upgrade Mode
                                                                                                      
                                                                                                       		
 
                                                                                                      
 
                                                                                                      v1.23
                                                                                                      
+
                                                                                                      v1.23
                                                                                                      
 
                                                                                                      v1.25
                                                                                                      
+
                                                                                                      v1.25
                                                                                                      
 
                                                                                                      In-place upgrade
                                                                                                      
+
                                                                                                      In-place upgrade
                                                                                                      
                                                                                                       		
 
                                                                                                      v1.21
                                                                                                      
+
                                                                                                      v1.21
                                                                                                      
 
                                                                                                      v1.25
                                                                                                      
+
                                                                                                      v1.25
                                                                                                      
 
                                                                                                      v1.23
                                                                                                      
 
                                                                                                      In-place upgrade
                                                                                                      
+
                                                                                                      In-place upgrade
                                                                                                      
                                                                                                       		
 
                                                                                                      v1.19
                                                                                                      
+
                                                                                                      v1.19
                                                                                                      
 
                                                                                                      v1.23
                                                                                                      
-
                                                                                                      v1.21
                                                                                                      
-
                                                                                                      
+
                                                                                                      v1.23
                                                                                                      
+
                                                                                                      v1.21
                                                                                                      
 
                                                                                                      In-place upgrade
                                                                                                      
+
                                                                                                      In-place upgrade
                                                                                                      
                                                                                                       		
 
                                                                                                      v1.17
                                                                                                      
-
                                                                                                      v1.15
                                                                                                      
+
                                                                                                      v1.17
                                                                                                      
 
                                                                                                      v1.19
                                                                                                      
+
                                                                                                      v1.19
                                                                                                      
 
                                                                                                      In-place upgrade
                                                                                                      
+
                                                                                                      In-place upgrade
                                                                                                      
                                                                                                       		
 
                                                                                                      v1.13
                                                                                                      
+
                                                                                                      v1.15
                                                                                                      
 
                                                                                                      v1.15
                                                                                                      
+
                                                                                                      v1.19
                                                                                                      
 
                                                                                                      Rolling upgrade
                                                                                                      
-
                                                                                                      Replace upgrade
                                                                                                      
+
                                                                                                      In-place upgrade
                                                                                                      
+
                                                                                                      v1.13
                                                                                                      
+
                                                                                                      v1.15
                                                                                                      
+
                                                                                                      Rolling upgrade
                                                                                                      
                                                                                                       		
 
                                                                                                      
                                                                                                       
 
                                                                                                      
 
                                                                                                      
 
-
                                                                                                      Upgrade Modes
                                                                                                      The upgrade processes are the same for master nodes. The differences between the upgrade modes of worker nodes are described as follows:
                                                                                                      
+
                                                                                                      Upgrade Modes
                                                                                                      Different upgrade modes have different advantages and disadvantages.
                                                                                                      
 
-
                                                                                                      Table 2 Differences between upgrade modes and their advantages and disadvantages
                                                                                                      Upgrade Mode
                                                                                                      
+
                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0198.html b/docs/cce/umn/cce_10_0198.html
index 7e57d1afa..faf96db14 100644
--- a/docs/cce/umn/cce_10_0198.html
+++ b/docs/cce/umn/cce_10_0198.html
@@ -1,16 +1,16 @@
 
                                                                                                      Adding Nodes for Management
                                                                                                      
-
                                                                                                      Scenario
                                                                                                      In CCE, you can Creating a Node or add existing nodes (ECSs) into your cluster.
                                                                                                      
-
                                                                                                       
                                                                                                      • While an ECS is being accepted into a cluster, the operating system of the ECS will be reset to the standard OS image provided by CCE to ensure node stability. The CCE console prompts you to select the operating system and the login mode during the reset.
                                                                                                      • The system disk and data disk of an ECS will be formatted while the ECS is being accepted into a cluster. Ensure that information in the disks has been backed up.
                                                                                                      • While an ECS is being accepted into a cluster, do not perform any operation on the ECS through the ECS console.
                                                                                                      
+
                                                                                                      Scenario
                                                                                                      In CCE, you can create a node (Creating a Node) or add existing nodes (ECSs or) to your cluster.
                                                                                                      
+
                                                                                                       
                                                                                                      • While an ECS is being accepted into a cluster, the operating system of the ECS will be reset to the standard OS image provided by CCE to ensure node stability. The CCE console prompts you to select the operating system and the login mode during the reset.
                                                                                                      • LVM information, including volume groups (VGs), logical volumes (LVs), and physical volumes (PVs), will be deleted from the system disks and data disks attached to the selected ECSs during management. Ensure that the information has been backed up.
                                                                                                      • While an ECS is being accepted into a cluster, do not perform any operation on the ECS through the ECS console.
                                                                                                      
 
                                                                                                      
 
                                                                                                      
-
                                                                                                      Notes and Constraints
                                                                                                      • The cluster version must be 1.15 or later.
                                                                                                      • If the password or key has been set when a VM node is created, the VM node can be accepted into a cluster 10 minutes after it is available. During the management, the original password or key will become invalid. You need to reset the password or key.
                                                                                                      • Nodes in a CCE Turbo cluster must support sub-ENIs or be bound to at least 16 ENIs. For details about the node specifications, see the nodes that can be selected on the console when you create a node.
                                                                                                      
+
                                                                                                      Constraints
                                                                                                      • The cluster version must be 1.15 or later.
                                                                                                      • If a password or key has been set when the original VM node was created, reset the password or key during management. The original password or key will become invalid.
                                                                                                      • Nodes in a CCE Turbo cluster must support sub-ENIs or be bound to at least 16 ENIs. For details about the node specifications, see the nodes that can be selected on the console when you create a node.
                                                                                                      • Data disks that have been partitioned will be ignored during node management. Ensure that there is at least one unpartitioned data disk meeting the specifications is attached to the node.
                                                                                                      
 
                                                                                                      
 
                                                                                                      Prerequisites
                                                                                                      A cloud server that meets the following conditions can be accepted:
                                                                                                      
-
                                                                                                      • The node to be accepted must be in the Running state and not used by other clusters. In addition, the node to be accepted does not carry the CCE-Dynamic-Provisioning-Node tag.
                                                                                                      • The node to be accepted and the cluster must be in the same VPC. (If the cluster version is earlier than v1.13.10, the node to be accepted and the CCE cluster must be in the same subnet.)
                                                                                                      • At least one data disk is attached to the node to be accepted. The data disk capacity is greater than or equal to 100 GB. 
                                                                                                      • The node to be accepted has 2-core or higher CPU, 4 GB or larger memory, and only one NIC.
                                                                                                      • Only cloud servers with the same specifications, AZ, and data disk configuration can be added in batches.
                                                                                                      
+
                                                                                                      • The node to be accepted must be in the Running state and not used by other clusters. In addition, the node to be accepted does not carry the CCE-Dynamic-Provisioning-Node tag.
                                                                                                      • The node to be accepted and the cluster must be in the same VPC. (If the cluster version is earlier than v1.13.10, the node to be accepted and the CCE cluster must be in the same subnet.)
                                                                                                      • Data disks must be attached to the nodes to be managed. A local disk (disk-intensive disk) or a data disk of at least 20 GiB can be attached to the node, and any data disks already attached cannot be smaller than 10 GiB. 
                                                                                                      • The node to be accepted has 2-core or higher CPU, 4 GiB or larger memory, and only one NIC.
                                                                                                      • Only cloud servers with the same specifications, AZ, and data disk configuration can be added in batches.
                                                                                                      
 
                                                                                                      
-
                                                                                                      Procedure
                                                                                                      1. Log in to the CCE console and go to the cluster where the node to be managed resides.
                                                                                                      2. In the navigation pane, choose Nodes. On the displayed page, click Accept Node in the upper right corner.
                                                                                                      3. Specify node parameters.
                                                                                                        Compute Settings
                                                                                                        
+
                                                                                                        Procedure
                                                                                                        1. Log in to the CCE console and go to the cluster where the node to be accepted resides.
                                                                                                        2. In the navigation pane, choose Nodes. On the displayed page, click Accept Node in the upper right corner.
                                                                                                        3. Specify node parameters.
                                                                                                          Compute Settings
                                                                                                          
 
 
                                                                                                      Table 2 Differences between upgrade modes and their advantages and disadvantages
                                                                                                      Upgrade Mode
                                                                                                      
 
                                                                                                      Method
                                                                                                      
+
                                                                                                      Method
                                                                                                      
 
                                                                                                      Advantage
                                                                                                      
+
                                                                                                      Advantage
                                                                                                      
 
                                                                                                      Disadvantage
                                                                                                      
+
                                                                                                      Disadvantage
                                                                                                      
                                                                                                       		
 
                                                                                                      
 
                                                                                                      In-place upgrade
                                                                                                      
+
                                                                                                      In-place upgrade
                                                                                                      
 
                                                                                                      Kubernetes components, network components, and CCE management components are upgraded on the node. During the upgrade, service pods and networks are not affected. The SchedulingDisabled label will be added to all existing nodes. After the upgrade is complete, you can properly use existing nodes.
                                                                                                      
+
                                                                                                      Kubernetes components, network components, and CCE management components are upgraded on the node. During the upgrade, service pods and networks are not affected. The SchedulingDisabled label will be added to all existing nodes. After the upgrade is complete, you can properly use existing nodes.
                                                                                                      
 
                                                                                                      You do not need to migrate services, ensuring service continuity.
                                                                                                      
+
                                                                                                      You do not need to migrate services, ensuring service continuity.
                                                                                                      
 
                                                                                                      In-place upgrade does not upgrade the OS of a node. If you want to upgrade the OS, clear the corresponding node data after the node upgrade is complete and reset the node to upgrade the OS to a new version.
                                                                                                      
+
                                                                                                      In-place upgrade does not upgrade the OS of a node. If you want to upgrade the OS, clear the corresponding node data after the node upgrade is complete and reset the node to upgrade the OS to a new version.
                                                                                                      
                                                                                                       		
 
                                                                                                      Rolling upgrade
                                                                                                      
+
                                                                                                      Rolling upgrade
                                                                                                      
 
                                                                                                      Only the Kubernetes components and certain network components are upgraded on the node. The SchedulingDisabled label will be added to all existing nodes to ensure that the running applications are not affected.
                                                                                                      
-
                                                                                                       NOTICE: 
                                                                                                      • After the upgrade is complete, you need to manually create nodes and gradually release the old nodes, thereby migrating your applications to the new nodes. In this mode, you can control the upgrade process.
                                                                                                      
+
                                                                                                      Only the Kubernetes components and certain network components are upgraded on the node. The SchedulingDisabled label will be added to all existing nodes to ensure that the running applications are not affected.
                                                                                                      
+
                                                                                                       NOTICE: 
                                                                                                      • After the upgrade is complete, manually create nodes and gradually release the old nodes, thereby migrating your applications to the new nodes. In this mode, you can control the upgrade process.
                                                                                                      
 
                                                                                                      
 
                                                                                                      Services are not interrupted.
                                                                                                      
+
                                                                                                      Services are not interrupted.
                                                                                                      
 
                                                                                                      • After the upgrade is complete, you need to manually create nodes and gradually release the old nodes. The new nodes are billed additionally. After services are migrated to the new nodes, the old nodes can be deleted.
                                                                                                      
-
                                                                                                      • After the rolling upgrade is complete, if you want to continue the upgrade to a later version, you need to reset the old nodes first. Otherwise, the pre-upgrade check cannot be passed. Services may be interrupted during the upgrade.
                                                                                                      
-
                                                                                                      Replace upgrade
                                                                                                      
-
                                                                                                      The latest worker node image is used to reset the node OS.
                                                                                                      
-
                                                                                                      This is the fastest upgrade mode and requires few manual interventions.
                                                                                                      
-
                                                                                                      Data or configurations on the node will be lost, and services will be interrupted for a period of time.
                                                                                                      
+
                                                                                                      • After the upgrade is complete, manually create nodes and gradually release the old nodes. The new nodes are billed additionally. After services are migrated to the new nodes, the old nodes can be deleted.
                                                                                                      
+
                                                                                                      • After the rolling upgrade is complete, if you want to continue the upgrade to a later version, reset the old nodes first. Otherwise, the pre-upgrade check cannot be passed. Services may be interrupted during the upgrade.
                                                                                                      
                                                                                                       		
 
                                                                                                      
                                                                                                       
 
 
                                                                                                      
@@ -27,20 +27,20 @@
 
-
-
@@ -81,20 +81,20 @@
 
-
-
-
                                                                                                      Table 1 Configuration parameters
                                                                                                      Parameter
                                                                                                      
 
                                                                                                      
 
                                                                                                      Container Engine
                                                                                                      
 
                                                                                                      CCE clusters support Docker and containerd in some scenarios.
                                                                                                      • VPC network clusters of v1.23 and later versions support containerd. Container tunnel network clusters of v1.23.2-r0 and later versions support containerd.
                                                                                                      • For a CCE Turbo cluster, both Docker and containerd are supported. For details, see Mapping between Node OSs and Container Engines.
                                                                                                      
+
                                                                                                      CCE clusters support Docker and containerd in some scenarios.
                                                                                                      • VPC network clusters of v1.23 and later versions support containerd. Tunnel network clusters of v1.23.2-r0 and later versions support containerd.
                                                                                                      • For a CCE Turbo cluster, both Docker and containerd are supported. For details, see Mapping between Node OSs and Container Engines.
                                                                                                      
 
                                                                                                      
                                                                                                       		
 
                                                                                                      
 
                                                                                                      OS
                                                                                                      
                                                                                                       		
 
                                                                                                      Public image: Select an OS for the node.
                                                                                                      
-
                                                                                                      Private image: You can use private images.
                                                                                                      
+
                                                                                                      Private image: You can use private images. 
                                                                                                      
                                                                                                       		
 
                                                                                                      
 
                                                                                                      Login Mode
                                                                                                      
 
                                                                                                      • Key Pair
                                                                                                        Select the key pair used to log in to the node. You can select a shared key.
                                                                                                        
-
                                                                                                        A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
                                                                                                        
+
                                                                                                      • Key Pair
                                                                                                        Select the key pair used to log in to the node. You can select a shared key.
                                                                                                        
+
                                                                                                        A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
                                                                                                        
 
                                                                                                      
                                                                                                       		
 
                                                                                                      
 
                                                                                                      Kubernetes Label
                                                                                                      
 
                                                                                                      Click Add Label to set the key-value pair attached to the Kubernetes objects (such as pods). A maximum of 20 labels can be added.
                                                                                                      
+
                                                                                                      Click Add to set the key-value pair attached to the Kubernetes objects (such as pods). A maximum of 20 labels can be added.
                                                                                                      
 
                                                                                                      Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.
                                                                                                      
                                                                                                       		
 
                                                                                                      
 
                                                                                                      Resource Tag
                                                                                                      
 
                                                                                                      You can add resource tags to classify resources.
                                                                                                      
-
                                                                                                      You can create predefined tags in Tag Management Service (TMS). Predefined tags are visible to all service resources that support the tagging function. You can use these tags to improve tagging and resource migration efficiency. 
                                                                                                      
-
                                                                                                      CCE will automatically create the "CCE-Dynamic-Provisioning-Node=node id" tag.
                                                                                                      
+
                                                                                                      You can add resource tags to classify resources.
                                                                                                      
+
                                                                                                      You can create predefined tags in Tag Management Service (TMS). Predefined tags are available to all service resources that support tags. You can use these tags to improve tagging and resource migration efficiency. 
                                                                                                      
+
                                                                                                      CCE will automatically create the "CCE-Dynamic-Provisioning-Node=node id" tag.
                                                                                                      
                                                                                                       		
 
                                                                                                      
 
                                                                                                      Taint
                                                                                                      
 
                                                                                                      This field is left blank by default. You can add taints to set anti-affinity for the node. A maximum of 10 taints are allowed for each node. Each taint contains the following parameters:
                                                                                                      • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                                                                                                      • Value: A value must start with a letter or digit and can contain a maximum of 63 characters, including letters, digits, hyphens (-), underscores (_), and periods (.).
                                                                                                      • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                                                                                                      
+
                                                                                                      This field is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
                                                                                                      • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                                                                                                      • Value: A value must start with a letter or digit and can contain a maximum of 63 characters, including letters, digits, hyphens (-), underscores (_), and periods (.).
                                                                                                      • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                                                                                                      
 
                                                                                                       NOTICE: 
                                                                                                      • If taints are used, you must configure tolerations in the YAML files of pods. Otherwise, scale-up may fail or pods cannot be scheduled onto the added nodes.
                                                                                                      • After a node pool is created, you can click Edit to modify its configuration. The modification will be synchronized to all nodes in the node pool.
                                                                                                      
 
                                                                                                      
 
                                                                                                      
@@ -121,7 +121,7 @@
 
                                                                                                      
 
                                                                                                      
 
                                                                                                      
-
                                                                                                    7. Click Next: Confirm. Click Submit.
                                                                                                      8. 
+
                                                                                                    8. Click Next: Confirm. Click Submit.
                                                                                                      9. 
 
 
 
                                                                                                      
diff --git a/docs/cce/umn/cce_10_0201.html b/docs/cce/umn/cce_10_0201.html
index d2f00e077..0f178f70a 100644
--- a/docs/cce/umn/cce_10_0201.html
+++ b/docs/cce/umn/cce_10_0201.html
@@ -1,20 +1,25 @@
 
 
-
                                                                                                      Custom Monitoring
                                                                                                      
+
                                                                                                      Monitoring Custom Metrics on AOM
                                                                                                      
 
                                                                                                      CCE allows you to upload custom metrics to AOM. The ICAgent on a node periodically calls the metric monitoring API configured on a workload to read monitoring data and then uploads the data to AOM.
                                                                                                      
-
                                                                                                      
-
                                                                                                      The custom metric API of a workload can be configured when the workload is created. This section uses an Nginx application as an example to describe how to report custom metrics to AOM.
                                                                                                      
-
                                                                                                      Notes and Constraints
                                                                                                      • The ICAgent is compatible with the monitoring data specifications of Prometheus. The custom metrics provided by pods can be collected by the ICAgent only when they meet the monitoring data specifications of Prometheus.
                                                                                                      • The ICAgent supports only Gauge metrics.
                                                                                                      • The interval for the ICAgent to call the custom metric API is 1 minute, which cannot be changed.
                                                                                                      
+
                                                                                                      Figure 1 Using ICAgent to collect monitoring metrics
                                                                                                      
+
                                                                                                      The custom metric API of a workload can be configured when the workload is created. The following procedure uses an Nginx application as an example to describe how to report custom metrics to AOM.
                                                                                                      
+
                                                                                                      1. Preparing an Application
                                                                                                        Prepare an application image. The application must provide a metric monitoring API for ICAgent to collect data, and the monitoring data must comply with the prometheus specifications.
                                                                                                        
+
                                                                                                      2. Deploying Applications and Converting Nginx Metrics
                                                                                                        Use the application image to deploy a workload in a cluster. Custom monitoring metrics are automatically reported.
                                                                                                        
+
                                                                                                      3. Verification
                                                                                                        Go to AOM to check whether the custom metrics are successfully collected.
                                                                                                        
+
                                                                                                      
+
                                                                                                      Constraints
                                                                                                      • The ICAgent is compatible with the monitoring data specifications of Prometheus. The custom metrics provided by pods can be collected by the ICAgent only when they meet the monitoring data specifications of Prometheus. For details, see Prometheus Monitoring Data Collection.
                                                                                                      • The ICAgent supports only Gauge metrics.
                                                                                                      • The interval for the ICAgent to call the custom metric API is 1 minute, which cannot be changed.
                                                                                                      
 
                                                                                                      
-
                                                                                                      Prometheus Monitoring Data Collection
                                                                                                      Prometheus periodically calls the metric monitoring API (/metrics by default) of an application to obtain monitoring data. The application needs to provide the metric monitoring API for Prometheus to call, and the monitoring data must meet the following specifications of Prometheus:
                                                                                                      
+
                                                                                                      Prometheus Monitoring Data Collection
                                                                                                      Prometheus periodically calls the metric monitoring API (/metrics by default) of an application to obtain monitoring data. The application needs to provide the metric monitoring API for Prometheus to call, and the monitoring data must meet the following specifications of Prometheus:
                                                                                                      
 
                                                                                                      # TYPE nginx_connections_active gauge
 nginx_connections_active 2
 # TYPE nginx_connections_reading gauge
 nginx_connections_reading 0
                                                                                                      
 
                                                                                                      Prometheus provides clients in various languages. For details about the clients, see Prometheus CLIENT LIBRARIES. For details about how to develop an exporter, see WRITING EXPORTERS. The Prometheus community provides various third-party exporters that can be directly used. For details, see EXPORTERS AND INTEGRATIONS.
                                                                                                      
 
                                                                                                      
-
                                                                                                      Preparing an Application
                                                                                                      Nginx has a module named ngx_http_stub_status_module, which provides basic monitoring functions. You can configure the nginx.conf file to provide an API for external systems to access Nginx monitoring data. As shown in the following figure, after the server configuration is added to http, Nginx can provide an API for external systems to access Nginx monitoring data.
                                                                                                      
-
                                                                                                      user  nginx;
+
                                                                                                      Preparing an Application
                                                                                                      User-developed applications must provide a metric monitoring API for ICAgent to collect data, and the monitoring data must comply with the Prometheus specifications. For details, see Prometheus Monitoring Data Collection.
                                                                                                      
+
                                                                                                      This document uses Nginx as an example to describe how to collect monitoring data. There is a module named ngx_http_stub_status_module in Nginx, which provides basic monitoring functions. You can configure the nginx.conf file to provide an interface for external systems to access Nginx monitoring data.
                                                                                                      
+
                                                                                                      1. Log in to a Linux VM that can access to the Internet and run Docker commands.
                                                                                                      2. Create an nginx.conf file. Add the server configuration under http to enable Nginx to provide an interface for the external systems to access the monitoring data.
                                                                                                        user  nginx;
 worker_processes  auto;
 
 error_log  /var/log/nginx/error.log warn;
@@ -47,24 +52,26 @@ http {
       }
     }
 }
                                                                                                        
-
                                                                                                        Save the preceding configuration to the nginx.conf file and use the configuration to create a new image. The Dockerfile file is as follows:
                                                                                                        
-
                                                                                                        FROM nginx:1.21.5-alpine
+
                                                                                                      3. Use this configuration to create an image and a Dockerfile file.
                                                                                                        vi Dockerfile
                                                                                                        
+
                                                                                                        The content of Dockerfile is as follows:
                                                                                                        FROM nginx:1.21.5-alpine
 ADD nginx.conf /etc/nginx/nginx.conf
 EXPOSE 80
 CMD ["nginx", "-g", "daemon off;"]
                                                                                                        
-
                                                                                                        Use the preceding Dockerfile file to build an image and upload it to SWR. The image name is nginx:exporter. 
                                                                                                        
-
                                                                                                        docker build -t nginx:exporter .
                                                                                                        
-
                                                                                                        docker tag nginx:exporter  {swr-address}/{group}/nginx:exporter
                                                                                                        
-
                                                                                                        docker push  {swr-address}/{group}/nginx:exporter
                                                                                                        
-
                                                                                                        After running a container with image nginx:exporter, you can obtain Nginx monitoring data by calling http://<ip_address>:8080/stub_status. < ip_address > indicates the IP address of the container. The monitoring data is as follows:
                                                                                                        
-
                                                                                                        # curl http://127.0.0.1:8080/stub_status
+
                                                                                                        
+
                                                                                                      4. Use this Dockerfile to build an image and upload it to SWR. The image name is nginx:exporter. 
                                                                                                        1. In the navigation pane, choose My Images and then click Upload Through Clientin the upper right corner. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                                        2. Run the login command copied in the previous step on the node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                        3. Run the following command to build an image named nginx. The image version is exporter.
                                                                                                          docker build -t nginx:exporter .
                                                                                                          
+
                                                                                                        4. Tag the image and upload it to the image repository. Change the image repository address and organization name based on your requirements.
                                                                                                          docker tag nginx:exporter {swr-address}/{group}/nginx:exporter
+docker push {swr-address}/{group}/nginx:exporter
                                                                                                          
+
                                                                                                        
+
                                                                                                      5. View application metrics.
                                                                                                        1. Use nginx:exporter to create a workload.
                                                                                                        2. Access the container and use http://<ip_address>:8080/stub_status to obtain nginx monitoring data. <ip_address> indicates the IP address of the container. Information similar to the following is displayed.
                                                                                                          # curl http://127.0.0.1:8080/stub_status
 Active connections: 3 
 server accepts handled requests
  146269 146269 212 
 Reading: 0 Writing: 1 Waiting: 2
                                                                                                          
+
                                                                                                        
+
                                                                                                      
 
                                                                                                      
-
                                                                                                      Deploying an Application
                                                                                                      The data format of the monitoring data provided by nginx:exporter does not meet the requirements of Prometheus. You need to convert the data format to the format required by Prometheus. To convert the format of Nginx metrics, use nginx-prometheus-exporter, as shown in the following figure.
                                                                                                      
-
                                                                                                      
+
                                                                                                      Deploying Applications and Converting Nginx Metrics
                                                                                                      The data format of the monitoring data provided by nginx:exporter does not meet the requirements of Prometheus. Convert the data format to the format required by Prometheus. To convert the format of Nginx metrics, use nginx-prometheus-exporter, as shown in the following figure.
                                                                                                      
+
                                                                                                      Figure 2 Using exporter to convert the data format
                                                                                                      
 
                                                                                                      Deploy nginx:exporter and nginx-prometheus-exporter in the same pod.
                                                                                                      
 
                                                                                                      kind: Deployment
 apiVersion: apps/v1
@@ -101,16 +108,16 @@ spec:
             - '-nginx.scrape-uri=http://127.0.0.1:8080/stub_status'
       imagePullSecrets:
         - name: default-secret
                                                                                                      
-
                                                                                                       
                                                                                                      The nginx/nginx-prometheus-exporter:0.9.0 image needs to be pulled from the public network. Therefore, each node in the cluster must have a public IP address.
                                                                                                      
+
                                                                                                       
                                                                                                      The nginx/nginx-prometheus-exporter:0.9.0 image needs to be pulled from the public network. Therefore, a public IP address needs to be bound to each node in the cluster.
                                                                                                      
 
                                                                                                      
 
                                                                                                      nginx-prometheus-exporter requires a startup command. nginx-prometheus-exporter -nginx.scrape-uri=http://127.0.0.1:8080/stub_status is used to obtain Nginx monitoring data.
                                                                                                      
-
                                                                                                      In addition, you need to add an annotation metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"prometheus","path":"/metrics","port":"9113","names":""}]' to the pod.
                                                                                                      
+
                                                                                                      In addition, add an annotation metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"prometheus","path":"/metrics","port":"9113","names":""}]' to the pod.
                                                                                                      
 
                                                                                                      
-
                                                                                                      Verification
                                                                                                      After an application is deployed, you can access Nginx to construct some access data and check whether the corresponding monitoring data can be obtained in AOM.
                                                                                                      
-
                                                                                                      $ kubectl get pod
+
                                                                                                      Verification
                                                                                                      After an application is deployed, you can access Nginx to construct some access data and check whether the corresponding monitoring data can be obtained in AOM.
                                                                                                      
+
                                                                                                      1. Obtain the pod name of Nginx.
                                                                                                        $ kubectl get pod
 NAME                              READY   STATUS    RESTARTS   AGE
-nginx-exporter-78859765db-6j8sw   2/2     Running   0          4m
-$ kubectl exec -it nginx-exporter-78859765db-6j8sw -- /bin/sh
+nginx-exporter-78859765db-6j8sw   2/2     Running   0          4m
                                                                                                        
+
                                                                                                      2. Log in to the container and run commands to access Nginx.
                                                                                                        $ kubectl exec -it nginx-exporter-78859765db-6j8sw -- /bin/sh
 Defaulting container name to container-0.
 Use 'kubectl describe pod/nginx-exporter-78859765db-6j8sw -n default' to see all of the containers in this pod.
 / # curl http://localhost
@@ -138,14 +145,12 @@ Commercial support is available at
 </body>
 </html>
 / #
                                                                                                        
-
                                                                                                        You can see that Nginx has been accessed once.
                                                                                                        
-
                                                                                                        Log in to AOM. In the navigation pane, choose Monitoring > Metric Monitoring. You can view Nginx-related metrics, for example, nginx_connections_active.
                                                                                                        
-
                                                                                                        
+
                                                                                                      3. Log in to AOM. In the navigation pane, choose Monitoring > Metric Monitoring to view Nginx-related metrics, for example, nginx_connections_active.
                                                                                                      
 
                                                                                                      
 
                                                                                                      
 
                                                                                                      
 
                                                                                                      
-
                                                                                                      Parent topic: Monitoring and Alarm
                                                                                                      
+
                                                                                                      Parent topic: Monitoring
                                                                                                      
 
                                                                                                      
 
                                                                                                      
 
diff --git a/docs/cce/umn/cce_10_0205.html b/docs/cce/umn/cce_10_0205.html
index e6897fad1..9b2a197ce 100644
--- a/docs/cce/umn/cce_10_0205.html
+++ b/docs/cce/umn/cce_10_0205.html
@@ -3,11 +3,61 @@
 
                                                                                                      metrics-server
                                                                                                      
 
                                                                                                      From version 1.8 onwards, Kubernetes provides resource usage metrics, such as the container CPU and memory usage, through the Metrics API. These metrics can be directly accessed by users (for example, by using the kubectl top command) or used by controllers (for example, Horizontal Pod Autoscaler) in a cluster for decision-making. The specific component is metrics-server, which is used to substitute for heapster for providing the similar functions. heapster has been gradually abandoned since v1.11.
                                                                                                      
 
                                                                                                      metrics-server is an aggregator for monitoring data of core cluster resources. You can quickly install this add-on on the CCE console.
                                                                                                      
-
                                                                                                      After metrics-server is installed, you can create an HPA policy on the Workload Scaling tab page of the Auto Scaling page. For details, see Creating an HPA Policy for Workload Auto Scaling.
                                                                                                      
+
                                                                                                      After metrics-server is installed, you can create an HPA policy on the Workload Scaling tab page of the Auto Scaling page. For details, see HPA.
                                                                                                      
 
                                                                                                      The official community project and documentation are available at https://github.com/kubernetes-sigs/metrics-server.
                                                                                                      
-
                                                                                                      Installing the Add-on
                                                                                                      1. Log in to the CCE console and access the cluster console. Choose Add-ons in the navigation pane, locate metrics-server on the right, and click Install.
                                                                                                      2. Select Single, Custom, or HA for Add-on Specifications.
                                                                                                        • Pods: Set the number of pods based on service requirements.
                                                                                                        • Multi AZ:
                                                                                                          • Preferred: Deployment pods of the add-on are preferentially scheduled to nodes in different AZs. If the nodes in the cluster do not meet the requirements of multiple AZs, the pods are scheduled to a single AZ.
                                                                                                          • Required: Deployment pods of the add-on are forcibly scheduled to nodes in different AZs. If the nodes in the cluster do not meet the requirements of multiple AZs, not all pods can run.
                                                                                                          
-
                                                                                                        • Containers: Set a proper container quota based on service requirements.
                                                                                                        
-
                                                                                                      3. Click Install.
                                                                                                      
+
                                                                                                      Installing the Add-on
                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate metrics-server on the right, and click Install.
                                                                                                      2. On the Install Add-on page, configure the specifications.
                                                                                                        
+
                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                        Table 1 Add-on configuration
                                                                                                        Parameter
                                                                                                        
+
                                                                                                        Description
                                                                                                        
+
                                                                                                        Add-on Specifications
                                                                                                        
+
                                                                                                        Select Single, Custom, or HA for Add-on Specifications.
                                                                                                        
+
                                                                                                        Pods
                                                                                                        
+
                                                                                                        Number of pods that will be created to match the selected add-on specifications.
                                                                                                        
+
                                                                                                        If you select Custom, you can adjust the number of pods as required.
                                                                                                        
+
                                                                                                        Multi-AZ
                                                                                                        
+
                                                                                                        • Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ.
                                                                                                        • Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.
                                                                                                        
+
                                                                                                        Containers
                                                                                                        
+
                                                                                                        CPU and memory quotas of the container allowed for the selected add-on specifications.
                                                                                                        
+
                                                                                                        If you select Custom, you can adjust the container specifications as required.
                                                                                                        
+
                                                                                                        
+
                                                                                                        
+
                                                                                                      3. Click Install.
                                                                                                      
+
                                                                                                      
+
                                                                                                      Components
                                                                                                      
+
                                                                                                      
+
+
+
+
+
+
+
+
+
+
                                                                                                      Table 2 metrics-server components
                                                                                                      Container Component
                                                                                                      
+
                                                                                                      Description
                                                                                                      
+
                                                                                                      Resource Type
                                                                                                      
+
                                                                                                      metrics-server
                                                                                                      
+
                                                                                                      Aggregator for the monitored data of cluster core resources, which is used to collect and aggregate resource usage metrics obtained through the Metrics API in the cluster
                                                                                                      
+
                                                                                                      Deployment
                                                                                                      
+
                                                                                                      
+
                                                                                                      
 
                                                                                                      
 
                                                                                                      
 
                                                                                                      
diff --git a/docs/cce/umn/cce_10_0208.html b/docs/cce/umn/cce_10_0208.html
index e381c6ae9..3d5abe1b8 100644
--- a/docs/cce/umn/cce_10_0208.html
+++ b/docs/cce/umn/cce_10_0208.html
@@ -1,13 +1,14 @@
 
 
-
                                                                                                      Creating an HPA Policy for Workload Auto Scaling
                                                                                                      
-
                                                                                                      Horizontal Pod Autoscaling (HPA) in Kubernetes implements horizontal scaling of pods. In a CCE HPA policy, you can configure different cooldown time windows and scaling thresholds for different applications based on the Kubernetes HPA.
                                                                                                      
-
                                                                                                      Prerequisites
                                                                                                      To use HPA policies, you need to install an add-on that can provide the metrics API, such as metrics-server and prometheus. 
                                                                                                      
+
                                                                                                      HPA
                                                                                                      
+
                                                                                                      Horizontal Pod Autoscaling (HPA) in Kubernetes implements horizontal scaling of pods. In a CCE HPA policy, you can configure different cooldown time windows and scaling thresholds for different applications based on the Kubernetes HPA.
                                                                                                      
+
                                                                                                      Prerequisites
                                                                                                      To use HPA, install an add-on that provides metrics APIs. Select one of the following add-ons based on your cluster version and actual requirements.
                                                                                                      • metrics-server: provides basic resource usage metrics, such as container CPU and memory usage. It is supported by all cluster versions.
                                                                                                      
 
                                                                                                      
-
                                                                                                      Notes and Constraints
                                                                                                      • HPA policies can be created only for clusters of v1.13 or later.
                                                                                                      • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                        For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volume mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                        
+
                                                                                                      
+
                                                                                                      Constraints
                                                                                                      • HPA policies can be created only for clusters of v1.13 or later.
                                                                                                      • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                        For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volume mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                        
 
                                                                                                      
 
                                                                                                      
-
                                                                                                      Procedure
                                                                                                      1. Log in to the CCE console and access the cluster console.
                                                                                                      2. In the navigation pane, choose Workload Scaling. Then click Create HPA Policy in the upper right corner.
                                                                                                      3. Set policy parameters.
                                                                                                        
+
                                                                                                        Creating an HPA Policy
                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                        2. In the navigation pane, choose Workload Scaling. Then click Create HPA Policy in the upper right corner.
                                                                                                        3. Configure the parameters.
                                                                                                          
 
                                                                                                          
@@ -62,10 +63,9 @@
 
-
diff --git a/docs/cce/umn/cce_10_0209.html b/docs/cce/umn/cce_10_0209.html
index 431a120fb..b6d705529 100644
--- a/docs/cce/umn/cce_10_0209.html
+++ b/docs/cce/umn/cce_10_0209.html
@@ -2,18 +2,19 @@
 
 
                                                                                                          Creating a Node Scaling Policy
                                                                                                          CCE provides auto scaling through the autoscaler add-on. Nodes with different specifications can be automatically added across AZs on demand.
                                                                                                          
-
                                                                                                          If a node scaling policy and the configuration in the autoscaler add-on take effect at the same time, for example, there are pods that cannot be scheduled and the value of a metric reaches the threshold at the same time, scale-out is performed first for the unschedulable pods.
                                                                                                          
+
                                                                                                          If a node scaling policy and the configuration in the autoscaler add-on take effect at the same time, for example, there are pods that cannot be scheduled and the value of a metric reaches the threshold at the same time, scale-out is performed first for the unschedulable pods.
                                                                                                          
 
                                                                                                          • If the scale-out succeeds for the unschedulable pods, the system skips the metric-based rule logic and enters the next loop.
                                                                                                          • If the scale-out fails for the unschedulable pods, the metric-based rule is executed.
                                                                                                          
 
                                                                                                          Prerequisites
                                                                                                          Before using the node scaling function, you must install the autoscaler add-on of v1.13.8 or later in the cluster.
                                                                                                          
 
                                                                                                          
-
                                                                                                          Notes and Constraints
                                                                                                          • Auto scaling policies apply to node pools. When the number of nodes in a node pool is 0 and the scaling policy is based on CPU or memory usage, node scaling is not triggered.
                                                                                                          
+
                                                                                                          Constraints
                                                                                                          • Auto scaling policies apply to node pools. When the number of nodes in a node pool is 0 and the scaling policy is based on CPU or memory usage, node scaling is not triggered.
                                                                                                          • Node scale-in will cause PVC/PV data loss for the local PVs associated with the node. These PVCs and PVs cannot be restored or used again. In a node scale-in, the pod that uses the local PV is evicted from the node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled.
                                                                                                          • When autoscaler is used, some taints or annotations may affect auto scaling. Therefore, do not use the following taints or annotations in clusters:
                                                                                                            • ignore-taint.cluster-autoscaler.kubernetes.io: The taint works on nodes. Kubernetes-native autoscaler supports protection against abnormal scale outs and periodically evaluates the proportion of available nodes in the cluster. When the proportion of non-ready nodes exceeds 45%, protection will be triggered. In this case, all nodes with the ignore-taint.cluster-autoscaler.kubernetes.io taint in the cluster are filtered out from the autoscaler template and recorded as non-ready nodes, which affects cluster scaling.
                                                                                                            • cluster-autoscaler.kubernetes.io/enable-ds-eviction: The annotation works on pods, which determines whether DaemonSet pods can be evicted by autoscaler. For details, see Well-Known Labels, Annotations and Taints.
                                                                                                            
+
                                                                                                          
 
                                                                                                          
-
                                                                                                          Procedure
                                                                                                          1. Log in to the CCE console and access the cluster console.
                                                                                                          2. Choose Node Scaling in the navigation pane.
                                                                                                            • If Uninstalled is displayed next to the add-on name, click Install, set add-on parameters as required, and click Install to install the add-on.
                                                                                                            • If Installed is displayed next to the add-on name, the add-on has been installed.
                                                                                                            
+
                                                                                                            Procedure
                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                            2. Choose Node Scaling in the navigation pane.
                                                                                                              • If Uninstalled is displayed next to the add-on name, click Install, set add-on parameters as required, and click Install to install the add-on.
                                                                                                              • If Installed is displayed next to the add-on name, the add-on has been installed.
                                                                                                              
 
                                                                                                            3. Click Create Node Scaling Policy in the upper right corner and set the parameters as follows:
                                                                                                              • Policy Name: name of the policy to be created, which can be customized.
                                                                                                              • Associated Node Pools: Select the node pool to be associated. You can associate multiple node pools to use the same scaling policy.
                                                                                                              • Rules: Click Add Rule. In the dialog box displayed, set the following parameters:
                                                                                                                Rule Name: Enter a rule name.
                                                                                                                
 
                                                                                                                Rule Type: You can select Metric-based or Periodic. The differences between the two types are as follows:
                                                                                                                
-
                                                                                                                • Metric-based:
                                                                                                                  Condition: Select CPU allocation rate or Memory allocation rate and enter a value. The value must be greater than the scale-in percentage configured in the autoscaler add-on.
                                                                                                                   
                                                                                                                  • Resource allocation (%) = Resources requested by pods in the node pool/Resources allocatable to pods in the node pool
                                                                                                                  • If multiple rules meet the conditions, the rules are executed in either of the following modes:
                                                                                                                    If rules based on the CPU allocation rate and memory allocation rate are configured and two or more rules meet the scale-out conditions, the rule that will add the most nodes will be executed.
                                                                                                                    
-
                                                                                                                    If a rule based on the CPU allocation rate and a periodic rule are configured and they both meet the scale-out conditions, one of them will be executed randomly. The rule executed first (rule A) changes the node pool to the scaling state. As a result, the other rule (rule B) cannot be executed. After rule A is executed and the node pool status becomes normal, rule B will not be executed.
                                                                                                                    
-
                                                                                                                  • If rules based on the CPU allocation rate and memory allocation rate are configured, the policy detection period varies with the processing logic of each loop of the autoscaler add-on. Scale-out is triggered once the conditions are met, but it is constrained by other factors such as the cool-down interval and node pool status.
                                                                                                                  
+
                                                                                                                  • Metric-based:
                                                                                                                    Condition: Select CPU allocation rate or Memory allocation rate and enter a value. The value must be greater than the scale-in percentage configured in the autoscaler add-on.
                                                                                                                     
                                                                                                                    • Resource allocation (%) = Resources requested by pods in the node pool/Resources allocatable to pods in the node pool
                                                                                                                    • If multiple rules meet the conditions, the rules are executed in either of the following modes:
                                                                                                                      If rules based on the CPU allocation rate and memory allocation rate are configured and two or more rules meet the scale-out conditions, the rule that will add the most nodes will be executed.
                                                                                                                      
+
                                                                                                                      If a rule based on the CPU allocation rate and a periodic rule are configured and they both meet the scale-out conditions, one of them will be executed randomly. The rule executed first (rule A) changes the node pool to the scaling state. As a result, the other rule (rule B) cannot be executed. After rule A is executed and the node pool status becomes normal, rule B will not be executed.
                                                                                                                      
+
                                                                                                                    • If rules based on the CPU allocation rate and memory allocation rate are configured, the policy detection period varies with the processing logic of each loop of the autoscaler add-on. Scale-out is triggered once the conditions are met, but it is constrained by other factors such as the cool-down interval and node pool status.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                  • Periodic:
                                                                                                                    Trigger Time: You can select a specific time point every day, every week, every month, or every year.
                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0210.html b/docs/cce/umn/cce_10_0210.html
index 741d00b33..b6697efd4 100644
--- a/docs/cce/umn/cce_10_0210.html
+++ b/docs/cce/umn/cce_10_0210.html
@@ -28,7 +28,7 @@
 
                                                                                                          
-
                                                                                                          Table 1 HPA policy parameters
                                                                                                          Parameter
                                                                                                          
                                                                                                           		
 
                                                                                                          Description
                                                                                                          
@@ -38,7 +39,7 @@
 
                                                                                                          Cooldown Period
                                                                                                          
                                                                                                           		
 
                                                                                                          Interval between a scale-in and a scale-out. The unit is minute. The interval cannot be shorter than 1 minute.
                                                                                                          
-
                                                                                                          This parameter is supported only from clusters of v1.15 to v1.23.
                                                                                                          
+
                                                                                                          This parameter is supported only in clusters of v1.15 to v1.23.
                                                                                                          
 
                                                                                                          This parameter indicates the interval between consecutive scaling operations. The cooldown period ensures that a scaling operation is initiated only when the previous one is completed and the system is running stably.
                                                                                                          
                                                                                                           		
 
                                                                                                          
 
                                                                                                          Custom Policy (supported only in clusters of v1.15 or later)
                                                                                                          
 
                                                                                                           NOTE: 
                                                                                                          Before setting a custom policy, you need to install an add-on that supports custom metric collection in the cluster, for example, prometheus add-on.
                                                                                                          
+
                                                                                                           NOTE: 
                                                                                                          Before creating a custom policy, install an add-on that supports custom metric collection (for example, prometheus) in the cluster. Ensure that the add-on can collect and report the custom metrics of the workloads.
                                                                                                          
 
                                                                                                          
-
                                                                                                          • Metric Name: name of the custom metric. You can select a name as prompted.
                                                                                                            For details, see Custom Monitoring.
                                                                                                            
-
                                                                                                          • Metric Source: Select an object type from the drop-down list. You can select Pod.
                                                                                                          • Desired Value: the average metric value of all pods. Number of pods to be scaled (rounded up) = (Current metric value/Desired value) x Number of current pods
                                                                                                             NOTE: 
                                                                                                            When calculating the number of pods to be added or reduced, the HPA policy uses the maximum number of pods in the last 5 minutes.
                                                                                                            
+
                                                                                                            • Metric Name: name of the custom metric. You can select a name as prompted.
                                                                                                            • Metric Source: Select an object type from the drop-down list. You can select Pod.
                                                                                                            • Desired Value: the average metric value of all pods. Number of pods to be scaled (rounded up) = (Current metric value/Desired value) x Number of current pods
                                                                                                               NOTE: 
                                                                                                              When calculating the number of pods to be added or reduced, the HPA policy uses the maximum number of pods in the last 5 minutes.
                                                                                                              
 
                                                                                                              
 
                                                                                                            • Tolerance Range: Scaling is not triggered when the metric value is within the tolerance range. The desired value must be within the tolerance range.
                                                                                                            
 
                                                                                                          		
 
                                                                                                          
 
                                                                                                          Network
                                                                                                          
 
                                                                                                          1. Pay special attention to the ELB and ingress.
                                                                                                          2. Clusters of an earlier version support only the classic load balancer. To migrate services to a new cluster, you need to change load balancer type to shared load balancer. Then, the corresponding ELB service will be re-established.
                                                                                                          
+
                                                                                                          1. Pay special attention to the ELB and ingress.
                                                                                                          2. Clusters of an earlier version support only the classic load balancer. To migrate services to a new cluster, change load balancer type to shared load balancer. Then, the corresponding ELB service will be re-established.
                                                                                                          
                                                                                                           		
 
                                                                                                          
 
                                                                                                          O&M
                                                                                                          
@@ -40,13 +40,14 @@
 
                                                                                                          
 
                                                                                                          
 
                                                                                                        
-
                                                                                                        Procedure
                                                                                                        1. Create a CCE cluster.
                                                                                                          Create a cluster with the same specifications and configurations as the cluster of the earlier version. For details, see Creating a CCE Cluster.
                                                                                                          
+
                                                                                                          Procedure
                                                                                                          1. Create a CCE cluster.
                                                                                                            Create a cluster with the same specifications and configurations as the cluster of the earlier version. For details, see Creating a Cluster.
                                                                                                            
 
                                                                                                          2. Add a node.
                                                                                                            Add nodes with the same specifications and manual configuration items. For details, see Creating a Node.
                                                                                                            
-
                                                                                                          3. Create a storage volume in the new cluster.
                                                                                                            Use an existing storage volume to create a PVC in the new cluster. The PVC name remains unchanged. For details, see PersistentVolumeClaims (PVCs).
                                                                                                            
-
                                                                                                             
                                                                                                            Storage switching supports only OBS buckets, SFS file systems, and shared EVS disks. If a non-shared EVS disk is used, you need to suspend the workloads in the old cluster to switch the storage resources. As a result, services will be interrupted.
                                                                                                            
+
                                                                                                          4. Create a storage volume in the new cluster.
                                                                                                            Use an existing storage volume to create a PVC in the new cluster. The PVC name remains unchanged. For details, see Using an Existing OBS Bucket Through a Static PV or Using an Existing SFS Turbo File System Through a Static PV.
                                                                                                            
+
                                                                                                             
                                                                                                            Storage switching supports only OBS buckets and SFS Turbo file systems. If non-shared storage is used, suspend the workloads in the old cluster to switch the storage resources. As a result, services will be unavailable.
                                                                                                            
 
                                                                                                            
-
                                                                                                          5. Create a workload in the new cluster.
                                                                                                            The workload name and specifications remain unchanged. For details about how to create a workload, see Creating a Deployment or Creating a StatefulSet. For details about how to attach a storage volume to the workload, see Creating a Deployment Mounted with an EVS Volume.
                                                                                                            
-
                                                                                                          6. Create a Service in the new cluster.
                                                                                                            The Service name and specifications remain unchanged. For details about how to create a Service, see Services.
                                                                                                            
+
                                                                                                          7. Create a workload in the new cluster.
                                                                                                            The workload name and specifications remain unchanged. For details about how to create a workload, see Creating a Deployment or Creating a StatefulSet.
                                                                                                            
+
                                                                                                          8. Mount the storage again.
                                                                                                            Mount the existing storage in the workload again. For details, see Using an Existing OBS Bucket Through a Static PV or Using an Existing SFS Turbo File System Through a Static PV.
                                                                                                            
+
                                                                                                          9. Create a Service in the new cluster.
                                                                                                            The Service name and specifications remain unchanged. For details about how to create a Service, see Service.
                                                                                                            
 
                                                                                                          10. Commission services.
                                                                                                            After all resources are created, commission the containerized services. If the commissioning is successful, migrate the services to the new cluster.
                                                                                                            
 
                                                                                                          11. Delete the old cluster.
                                                                                                            When all functions of the new cluster are stable, delete the old cluster. For details about how to delete a cluster, see Deleting a Cluster.
                                                                                                            
 
                                                                                                          
diff --git a/docs/cce/umn/cce_10_0212.html b/docs/cce/umn/cce_10_0212.html
index bb2be494d..bf9aa8164 100644
--- a/docs/cce/umn/cce_10_0212.html
+++ b/docs/cce/umn/cce_10_0212.html
@@ -1,16 +1,16 @@
 
 
 
                                                                                                          Deleting a Cluster
                                                                                                          
-
                                                                                                          Scenario
                                                                                                          This section describes how to delete a cluster.
                                                                                                          
+
                                                                                                          Precautions
                                                                                                          • Deleting a cluster will delete the nodes in the cluster (excluding accepted nodes), data disks attached to the nodes, workloads, and Services. Related services cannot be restored. Before performing this operation, ensure that data has been backed up or migrated. Deleted data cannot be restored.
                                                                                                            Resources that are not created in CCE will not be deleted:
                                                                                                            • Accepted nodes (only the nodes created in CCE are deleted);
                                                                                                            • ELB load balancers associated with Services and ingresses (only the automatically created load balancers are deleted);
                                                                                                            • Manually created cloud storage resources associated with PVs or imported cloud storage resources (only the cloud storage resources automatically created by PVCs are deleted)
                                                                                                            
 
                                                                                                            
-
                                                                                                            Precautions
                                                                                                            • Deleting a cluster will delete the nodes in the cluster (excluding accepted nodes), data disks attached to the nodes, workloads, and Services. Related services cannot be restored. Before performing this operation, ensure that data has been backed up or migrated. Deleted data cannot be restored.
                                                                                                              Resources that are not created in CCE will not be deleted:
                                                                                                              • Accepted nodes (only the nodes created in CCE are deleted);
                                                                                                              • ELB load balancers associated with Services and ingresses (only the automatically created load balancers are deleted);
                                                                                                              • Manually created cloud storage resources associated with PVs or imported cloud storage resources (only the cloud storage resources automatically created by PVCs are deleted)
                                                                                                              
+
                                                                                                            • If you delete a cluster that is not running (for example, unavailable), associated resources, such as storage and networking resources, will remain.
                                                                                                            
 
                                                                                                            
-
                                                                                                          • A hibernated cluster cannot be deleted. Wake up the cluster and try again.
                                                                                                          • If a cluster whose status is Unavailable is deleted, some storage resources of the cluster may need to be manually deleted.
                                                                                                          
-
                                                                                                          
-
                                                                                                          Procedure
                                                                                                          1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                          2. Click  next to the cluster to be deleted.
                                                                                                          3. In the displayed Delete Cluster dialog box, select the resources to be released.
                                                                                                            • Delete cloud storage resources attached to workloads in the cluster.
                                                                                                               
                                                                                                              Before you delete the PVCs and volumes, pay attention to the following rules:
                                                                                                              
-
                                                                                                              • The underlying storage resources are deleted according to the reclaim policy you defined.
                                                                                                              • If there are a large number of files (more than 1,000) in the OBS bucket, manually clear the files and then delete the cluster. 
                                                                                                              
+
                                                                                                              Deleting a Cluster
                                                                                                               
                                                                                                              A hibernated cluster cannot be deleted. Wake up the cluster and try again.
                                                                                                              
 
                                                                                                              
-
                                                                                                            • Delete networking resources, such as load balancers in a cluster. (Only automatically created load balancers can be deleted.)
                                                                                                            
+
                                                                                                            1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                            2. Click  next to the cluster to be deleted.
                                                                                                            3. In the displayed Delete Cluster dialog box, select the resources to be released.
                                                                                                              • Delete cloud storage resources associated with workloads in the cluster.
                                                                                                                 
                                                                                                                When deleting underlying cloud storage resources bound to storage volumes in a cluster, pay attention to following constraints:
                                                                                                                
+
                                                                                                                • The underlying storage resources are deleted according to the reclamation policy you defined for the storage volumes. For example, if the reclamation policy of storage volumes is Retain, the underlying storage resources will be retained after the cluster is deleted.
                                                                                                                • If there are more than 1,000 files in the OBS bucket, manually clear the files and then delete the cluster.
                                                                                                                
+
                                                                                                                
+
                                                                                                              • Delete network resources such as load balancers in a cluster. (Only automatically created load balancers will be deleted).
                                                                                                              
 
                                                                                                            4. Click Yes to start deleting the cluster.
                                                                                                              The delete operation takes 1 to 3 minutes to complete.
                                                                                                              
 
                                                                                                            
 
                                                                                                          
diff --git a/docs/cce/umn/cce_10_0213.html b/docs/cce/umn/cce_10_0213.html
index e4d391ee9..6ec2e6aeb 100644
--- a/docs/cce/umn/cce_10_0213.html
+++ b/docs/cce/umn/cce_10_0213.html
@@ -1,292 +1,285 @@
 
 
 
                                                                                                          Cluster Configuration Management
                                                                                                          
-
                                                                                                          Scenario
                                                                                                          CCE allows you to manage cluster parameters, through which you can let core components work under your very requirements.
                                                                                                          
+
                                                                                                          Scenario
                                                                                                          CCE allows you to manage cluster parameters, through which you can let core components work under your very requirements.
                                                                                                          
 
                                                                                                          
-
                                                                                                          Notes and Constraints
                                                                                                          This function is supported only in clusters of v1.15 and later. It is not displayed for versions earlier than v1.15.
                                                                                                          
+
                                                                                                          Constraints
                                                                                                          This function is supported only in clusters of v1.15 and later. It is not displayed for versions earlier than v1.15.
                                                                                                          
 
                                                                                                          
-
                                                                                                          Procedure
                                                                                                          1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                          2. Click  next to the target cluster.
                                                                                                          3. On the Manage Component page on the right, change the values of the following Kubernetes parameters:
                                                                                                            
-
                                                                                                            Table 1 Extended controller parameters
                                                                                                            Parameter
                                                                                                            
+
                                                                                                            Procedure
                                                                                                            1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                            2. Click  next to the target cluster.
                                                                                                            3. On the Manage Components page on the right, change the values of the Kubernetes parameters listed in the following table.
                                                                                                              
+
                                                                                                              
-
-
-
-
-
-
-
                                                                                                              Table 1 kube-apiserver parameters
                                                                                                              Parameter
                                                                                                              
 
                                                                                                              Description
                                                                                                              
+
                                                                                                              Description
                                                                                                              
 
                                                                                                              Value
                                                                                                              
+
                                                                                                              Value
                                                                                                              
                                                                                                               		
 
                                                                                                              
 
                                                                                                              enable-resource-quota
                                                                                                              
+
                                                                                                              default-not-ready-toleration-seconds
                                                                                                              
 
                                                                                                              Whether to automatically create a resource quota object when creating a namespace.
                                                                                                              
-
                                                                                                              • false: no auto creation
                                                                                                              • true: auto creation enabled For details about the resource quota defaults, see Setting a Resource Quota.
                                                                                                              
+
                                                                                                              Tolerance time when a node is in the NotReady state.
                                                                                                              
+
                                                                                                              By default, this tolerance is added to each pod. 
                                                                                                              
 
                                                                                                              Default: false
                                                                                                              
+
                                                                                                              Default: 300s
                                                                                                              
                                                                                                               		
 
                                                                                                              
-
                                                                                                              
-
-
                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                              Table 2 kube-apiserver parameters
                                                                                                              Parameter
                                                                                                              
-
                                                                                                              Description
                                                                                                              
-
                                                                                                              Value
                                                                                                              
-
                                                                                                              default-not-ready-toleration-seconds
                                                                                                              
+
                                                                                                              default-unreachable-toleration-seconds
                                                                                                              
 
                                                                                                              notReady tolerance time, in seconds. NoExecute that is added by default to every pod that does not already have such a toleration.
                                                                                                              
+
                                                                                                              Tolerance time when a node is in the unreachable state.
                                                                                                              
+
                                                                                                              By default, this tolerance is added to each pod. 
                                                                                                              
 
                                                                                                              Default: 300s
                                                                                                              
+
                                                                                                              Default: 300s
                                                                                                              
                                                                                                               		
 
                                                                                                              default-unreachable-toleration-seconds
                                                                                                              
+
                                                                                                              max-mutating-requests-inflight
                                                                                                              
 
                                                                                                              unreachable tolerance time, in seconds. NoExecute that is added by default to every pod that does not already have such a toleration.
                                                                                                              
+
                                                                                                              Maximum number of concurrent mutating requests. When the value of this parameter is exceeded, the server rejects requests.
                                                                                                              
+
                                                                                                              The value 0 indicates no limitation. This parameter is related to the cluster scale. You are advised not to change the value.
                                                                                                              
 
                                                                                                              Default: 300s
                                                                                                              
+
                                                                                                              Manual configuration is no longer supported since cluster v1.21. The value is automatically specified based on the cluster scale.
                                                                                                              
+
                                                                                                              • 200 for clusters with 50 or 200 nodes
                                                                                                              • 500 for clusters with 1,000 nodes
                                                                                                              • 1000 for clusters with 2,000 nodes
                                                                                                              
                                                                                                               		
 
                                                                                                              max-mutating-requests-inflight
                                                                                                              
+
                                                                                                              max-requests-inflight
                                                                                                              
 
                                                                                                              Maximum number of concurrent mutating requests. When the value of this parameter is exceeded, the server rejects requests.
                                                                                                              
-
                                                                                                              The value 0 indicates no limitation.
                                                                                                              
+
                                                                                                              Maximum number of concurrent non-mutating requests. When the value of this parameter is exceeded, the server rejects requests.
                                                                                                              
+
                                                                                                              The value 0 indicates no limitation. This parameter is related to the cluster scale. You are advised not to change the value.
                                                                                                              
 
                                                                                                              Manual configuration is no longer supported since cluster v1.21. The value is automatically specified based on the cluster scale.
                                                                                                              
-
                                                                                                              • 200 for clusters with 50 or 200 nodes
                                                                                                              • 500 for clusters with 1,000 nodes
                                                                                                              • 1000 for clusters with 2,000 nodes
                                                                                                              
+
                                                                                                              Manual configuration is no longer supported since cluster v1.21. The value is automatically specified based on the cluster scale.
                                                                                                              
+
                                                                                                              • 400 for clusters with 50 or 200 nodes
                                                                                                              • 1000 for clusters with 1,000 nodes
                                                                                                              • 2000 for clusters with 2,000 nodes
                                                                                                              
                                                                                                               		
 
                                                                                                              max-requests-inflight
                                                                                                              
+
                                                                                                              service-node-port-range
                                                                                                              
 
                                                                                                              Maximum number of concurrent non-mutating requests. When the value of this parameter is exceeded, the server rejects requests.
                                                                                                              
-
                                                                                                              The value 0 indicates no limitation.
                                                                                                              
+
                                                                                                              NodePort port range. After changing the value, go to the security group page and change the TCP/UDP port range of node security groups 30000 to 32767. Otherwise, ports other than the default port cannot be accessed externally.
                                                                                                              
 
                                                                                                              Manual configuration is no longer supported since cluster v1.21. The value is automatically specified based on the cluster scale.
                                                                                                              
-
                                                                                                              • 400 for clusters with 50 or 200 nodes
                                                                                                              • 1000 for clusters with 1,000 nodes
                                                                                                              • 2000 for clusters with 2,000 nodes
                                                                                                              
-
                                                                                                              service-node-port-range
                                                                                                              
-
                                                                                                              NodePort port range. After changing the value, you need to go to the security group page to change the TCP/UDP port range of node security groups 30000 to 32767. Otherwise, ports other than the default port cannot be accessed externally.
                                                                                                              
-
                                                                                                              Default:
                                                                                                              
+
                                                                                                              Default:
                                                                                                              
 
                                                                                                              30000-32767
                                                                                                              
-
                                                                                                              Options:
                                                                                                              
-
                                                                                                              min>20105
                                                                                                              
-
                                                                                                              max<32768
                                                                                                              
+
                                                                                                              Value range:
                                                                                                              
+
                                                                                                              Min > 20105
                                                                                                              
+
                                                                                                              Max < 32768
                                                                                                              
                                                                                                               		
 
                                                                                                              support-overload
                                                                                                              
+
                                                                                                              support-overload
                                                                                                              
 
                                                                                                              Cluster overload control. If enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.
                                                                                                              
+
                                                                                                              Cluster overload control. If enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.
                                                                                                              
+
                                                                                                              This parameter is supported only by clusters of v1.23 or later.
                                                                                                              
 
                                                                                                              • false: Overload control is disabled.
                                                                                                              • true: Overload control is enabled.
                                                                                                              
+
                                                                                                              • false: Overload control is disabled.
                                                                                                              • true: Overload control is enabled.
                                                                                                              
                                                                                                               		
 
                                                                                                              
                                                                                                               
 
                                                                                                              
 
                                                                                                              
-
                                                                                                            
 
-
                                                                                                            Table 3 kube-controller-manager parameters
                                                                                                            Parameter
                                                                                                            
+
                                                                                                            
-
-
-
-
-
-
-
-
-
+
                                                                                                            Table 2 kube-scheduler parameters
                                                                                                            Parameter
                                                                                                            
 
                                                                                                            Description
                                                                                                            
+
                                                                                                            Description
                                                                                                            
 
                                                                                                            Value
                                                                                                            
+
                                                                                                            Value
                                                                                                            
                                                                                                             		
 
                                                                                                            
 
                                                                                                            concurrent-deployment-syncs
                                                                                                            
+
                                                                                                            kube-api-qps
                                                                                                            
 
                                                                                                            Number of Deployments that are allowed to synchronize concurrently.
                                                                                                            
+
                                                                                                            Query per second (QPS) to use while talking with kube-apiserver.
                                                                                                            
 
                                                                                                            Default: 5
                                                                                                            
+
                                                                                                            • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                                                                            • If a cluster contains 1000 or more nodes, the default value is 200.
                                                                                                            
                                                                                                             		
 
                                                                                                            concurrent-endpoint-syncs
                                                                                                            
+
                                                                                                            kube-api-burst
                                                                                                            
 
                                                                                                            Number of endpoints that are allowed to synchronize concurrently.
                                                                                                            
+
                                                                                                            Burst to use while talking with kube-apiserver.
                                                                                                            
 
                                                                                                            Default: 5
                                                                                                            
+
                                                                                                            • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                                                                            • If a cluster contains 1000 or more nodes, the default value is 200.
                                                                                                            
                                                                                                             		
 
                                                                                                            concurrent-gc-syncs
                                                                                                            
+
                                                                                                            
+
                                                                                                            
+
+
                                                                                                            
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                            Table 3 kube-controller-manager parameters
                                                                                                            Parameter
                                                                                                            
+
                                                                                                            Description
                                                                                                            
+
                                                                                                            Value
                                                                                                            
+
                                                                                                            concurrent-deployment-syncs
                                                                                                            
 
                                                                                                            Number of garbage collector workers that are allowed to synchronize concurrently.
                                                                                                            
+
                                                                                                            Number of Deployments that are allowed to synchronize concurrently.
                                                                                                            
 
                                                                                                            Default: 20
                                                                                                            
+
                                                                                                            Default: 5
                                                                                                            
                                                                                                             		
 
                                                                                                            concurrent-job-syncs
                                                                                                            
+
                                                                                                            concurrent-endpoint-syncs
                                                                                                            
 
                                                                                                            Number of jobs that can be synchronized at the same time.
                                                                                                            
+
                                                                                                            Number of endpoints that are allowed to synchronize concurrently.
                                                                                                            
 
                                                                                                            Default: 5
                                                                                                            
+
                                                                                                            Default: 5
                                                                                                            
                                                                                                             		
 
                                                                                                            concurrent-namespace-syncs
                                                                                                            
+
                                                                                                            concurrent-gc-syncs
                                                                                                            
 
                                                                                                            Number of namespaces that are allowed to synchronize concurrently.
                                                                                                            
+
                                                                                                            Number of garbage collector workers that are allowed to synchronize concurrently.
                                                                                                            
 
                                                                                                            Default: 10 
                                                                                                            
+
                                                                                                            Default: 20
                                                                                                            
                                                                                                             		
 
                                                                                                            concurrent-replicaset-syncs
                                                                                                            
+
                                                                                                            concurrent-job-syncs
                                                                                                            
 
                                                                                                            Number of ReplicaSets that are allowed to synchronize concurrently.
                                                                                                            
+
                                                                                                            Number of jobs that can be synchronized at the same time.
                                                                                                            
 
                                                                                                            Default: 5
                                                                                                            
+
                                                                                                            Default: 5
                                                                                                            
                                                                                                             		
 
                                                                                                            concurrent-resource-quota-syncs
                                                                                                            
+
                                                                                                            concurrent-namespace-syncs
                                                                                                            
 
                                                                                                            Number of resource quotas that are allowed to synchronize concurrently.
                                                                                                            
+
                                                                                                            Number of namespaces that are allowed to synchronize concurrently.
                                                                                                            
 
                                                                                                            Default: 5
                                                                                                            
+
                                                                                                            Default: 10 
                                                                                                            
                                                                                                             		
 
                                                                                                            concurrent-service-syncs
                                                                                                            
+
                                                                                                            concurrent-replicaset-syncs
                                                                                                            
 
                                                                                                            Number of Services that are allowed to synchronize concurrently.
                                                                                                            
+
                                                                                                            Number of ReplicaSets that are allowed to synchronize concurrently.
                                                                                                            
 
                                                                                                            Default: 10 
                                                                                                            
+
                                                                                                            Default: 5
                                                                                                            
                                                                                                             		
 
                                                                                                            concurrent-serviceaccount-token-syncs
                                                                                                            
+
                                                                                                            concurrent-resource-quota-syncs
                                                                                                            
 
                                                                                                            Number of service account tokens that are allowed to synchronize concurrently.
                                                                                                            
+
                                                                                                            Number of resource quotas that are allowed to synchronize concurrently.
                                                                                                            
 
                                                                                                            Default: 5
                                                                                                            
+
                                                                                                            Default: 5
                                                                                                            
                                                                                                             		
 
                                                                                                            concurrent-ttl-after-finished-syncs
                                                                                                            
+
                                                                                                            concurrent-service-syncs
                                                                                                            
 
                                                                                                            Number of TTL-after-finished controller workers that are allowed to synchronize concurrently.
                                                                                                            
+
                                                                                                            Number of Services that are allowed to synchronize concurrently.
                                                                                                            
 
                                                                                                            Default: 5
                                                                                                            
+
                                                                                                            Default: 10 
                                                                                                            
                                                                                                             		
 
                                                                                                            concurrent_rc_syncs
                                                                                                            
+
                                                                                                            concurrent-serviceaccount-token-syncs
                                                                                                            
 
                                                                                                            Number of replication controllers that are allowed to synchronize concurrently.
                                                                                                            
-
                                                                                                             NOTE: 
                                                                                                            This parameter is used only in clusters of v1.19 or earlier.
                                                                                                            
-
                                                                                                            
+
                                                                                                            Number of service account tokens that are allowed to synchronize concurrently.
                                                                                                            
 
                                                                                                            Default: 5
                                                                                                            
+
                                                                                                            Default: 5
                                                                                                            
                                                                                                             		
 
                                                                                                            concurrent-rc-syncs
                                                                                                            
+
                                                                                                            concurrent-ttl-after-finished-syncs
                                                                                                            
 
                                                                                                            Number of replication controllers that are allowed to synchronize concurrently.
                                                                                                            
+
                                                                                                            Number of TTL-after-finished controller workers that are allowed to synchronize concurrently.
                                                                                                            
+
                                                                                                            Default: 5
                                                                                                            
+
                                                                                                            concurrent-rc-syncs
                                                                                                            
+
                                                                                                            Number of replication controllers that are allowed to synchronize concurrently.
                                                                                                            
 
                                                                                                             NOTE: 
                                                                                                            This parameter is used only in clusters of v1.21 to v1.23. In clusters of v1.25 and later, this parameter is deprecated (officially deprecated from v1.25.3-r0 on).
                                                                                                            
 
                                                                                                            
 
                                                                                                            Default: 5
                                                                                                            
+
                                                                                                            Default: 5
                                                                                                            
                                                                                                             		
 
                                                                                                            horizontal-pod-autoscaler-sync-period
                                                                                                            
+
                                                                                                            horizontal-pod-autoscaler-sync-period
                                                                                                            
 
                                                                                                            How often HPA audits metrics in a cluster.
                                                                                                            
+
                                                                                                            How often HPA audits metrics in a cluster.
                                                                                                            
 
                                                                                                            Default: 15 seconds
                                                                                                            
+
                                                                                                            Default: 15 seconds
                                                                                                            
                                                                                                             		
 
                                                                                                            kube-api-qps
                                                                                                            
+
                                                                                                            kube-api-qps
                                                                                                            
 
                                                                                                            Query per second (QPS) to use while talking with kube-apiserver.
                                                                                                            
+
                                                                                                            Query per second (QPS) to use while talking with kube-apiserver.
                                                                                                            
 
                                                                                                            Default: 100
                                                                                                            
+
                                                                                                            • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                                                                            • If a cluster contains 1000 or more nodes, the default value is 200.
                                                                                                            
                                                                                                             		
 
                                                                                                            kube-api-burst
                                                                                                            
+
                                                                                                            kube-api-burst
                                                                                                            
 
                                                                                                            Burst to use while talking with kube-apiserver.
                                                                                                            
+
                                                                                                            Burst to use while talking with kube-apiserver.
                                                                                                            
 
                                                                                                            Default: 100
                                                                                                            
+
                                                                                                            • If the number of nodes in a cluster is less than 1000, the default value is 100.
                                                                                                            • If a cluster contains 1000 or more nodes, the default value is 200.
                                                                                                            
                                                                                                             		
 
                                                                                                            terminated-pod-gc-threshold
                                                                                                            
+
                                                                                                            terminated-pod-gc-threshold
                                                                                                            
 
                                                                                                            Number of terminated pods that can exist before the terminated pod garbage collector starts deleting terminated pods.
                                                                                                            
+
                                                                                                            Number of terminated pods that can exist before the terminated pod garbage collector starts deleting terminated pods.
                                                                                                            
 
                                                                                                            If <= 0, the terminated pod garbage collector is disabled.
                                                                                                            
 
                                                                                                            Default: 1000
                                                                                                            
+
                                                                                                            Default: 1000
                                                                                                            
                                                                                                             		
 
                                                                                                            
                                                                                                             
 
                                                                                                            
 
                                                                                                            
 
-
                                                                                                            Table 4 kube-scheduler parameters
                                                                                                            Parameter
                                                                                                            
+
                                                                                                            
-
-
-
-
-
-
-
-
-
-
                                                                                                            Table 4 eni parameters (supported only by CCE Turbo clusters)
                                                                                                            Parameter
                                                                                                            
 
                                                                                                            Description
                                                                                                            
+
                                                                                                            Description
                                                                                                            
 
                                                                                                            Value
                                                                                                            
+
                                                                                                            Value
                                                                                                            
                                                                                                             		
 
                                                                                                            
 
                                                                                                            kube-api-qps
                                                                                                            
+
                                                                                                            nic-minimum-target
                                                                                                            
 
                                                                                                            Query per second (QPS) to use while talking with kube-apiserver.
                                                                                                            
+
                                                                                                            Minimum number of ENIs bound to a node at the cluster level
                                                                                                            
 
                                                                                                            Default: 100
                                                                                                            
+
                                                                                                            Default: 10
                                                                                                            
                                                                                                             		
 
                                                                                                            kube-api-burst
                                                                                                            
+
                                                                                                            nic-maximum-target
                                                                                                            
 
                                                                                                            Burst to use while talking with kube-apiserver.
                                                                                                            
+
                                                                                                            Maximum number of ENIs pre-bound to a node at the cluster level
                                                                                                            
 
                                                                                                            Default: 100
                                                                                                            
+
                                                                                                            Default: 0
                                                                                                            
                                                                                                             		
 
                                                                                                            
-
                                                                                                            
-
-
                                                                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
                                                                                                            Table 5 eni parameters (supported only by CCE Turbo clusters)
                                                                                                            Parameter
                                                                                                            
-
                                                                                                            Description
                                                                                                            
-
                                                                                                            Value
                                                                                                            
-
                                                                                                            nic-minimum-target
                                                                                                            
+
                                                                                                            nic-warm-target
                                                                                                            
 
                                                                                                            Minimum number of ENIs bound to a node at the cluster level
                                                                                                            
+
                                                                                                            Number of ENIs pre-bound to a node at the cluster level
                                                                                                            
 
                                                                                                            Default: 10
                                                                                                            
+
                                                                                                            Default: 2
                                                                                                            
                                                                                                             		
 
                                                                                                            nic-maximum-target
                                                                                                            
+
                                                                                                            nic-max-above-warm-target
                                                                                                            
 
                                                                                                            Maximum number of ENIs pre-bound to a node at the cluster level
                                                                                                            
+
                                                                                                            Reclaim number of ENIs pre-bound to a node at the cluster level
                                                                                                            
 
                                                                                                            Default: 0
                                                                                                            
+
                                                                                                            Default: 2
                                                                                                            
                                                                                                             		
 
                                                                                                            nic-warm-target
                                                                                                            
+
                                                                                                            prebound-subeni-percentage
                                                                                                            
 
                                                                                                            Number of ENIs pre-bound to a node at the cluster level
                                                                                                            
-
                                                                                                            Default: 2
                                                                                                            
-
                                                                                                            nic-max-above-warm-target
                                                                                                            
-
                                                                                                            Reclaim number of ENIs pre-bound to a node at the cluster level
                                                                                                            
-
                                                                                                            Default: 2
                                                                                                            
-
                                                                                                            prebound-subeni-percentage
                                                                                                            
-
                                                                                                            Low threshold of the number of bound ENIs : High threshold of the number of bound ENIs
                                                                                                            
-
                                                                                                             NOTE: 
                                                                                                            This parameter is discarded. Use the other four dynamic preheating parameters of the ENI.
                                                                                                            
+
                                                                                                            Low threshold of the number of bound ENIs: High threshold of the number of bound ENIs
                                                                                                            
+
                                                                                                             NOTE: 
                                                                                                            This parameter is being discarded. Use the dynamic pre-binding parameters of the other four ENIs.
                                                                                                            
 
                                                                                                            
 
                                                                                                            Default: 0:0
                                                                                                            
+
                                                                                                            Default: 0:0
                                                                                                            
+
                                                                                                            
+
                                                                                                            
+
+
                                                                                                            
+
+
+
+
+
+
+
diff --git a/docs/cce/umn/cce_10_0214.html b/docs/cce/umn/cce_10_0214.html
index c4ae67c39..3eb8509c3 100644
--- a/docs/cce/umn/cce_10_0214.html
+++ b/docs/cce/umn/cce_10_0214.html
@@ -5,11 +5,11 @@
 
                                                                                                            After a cluster is hibernated, resources such as workloads cannot be created or managed in the cluster.
                                                                                                            A hibernated cluster can be quickly woken up and used normally.
                                                                                                            
-
                                                                                                            Notes and Constraints
                                                                                                            During cluster wakeup, the master node may fail to be started due to insufficient resources. As a result, the cluster fails to be woken up. Wait for a while and wake up the cluster again.
                                                                                                            
+
                                                                                                            Constraints
                                                                                                            During cluster wakeup, the master node may fail to be started due to insufficient resources. As a result, the cluster fails to be woken up. Wait for a while and wake up the cluster again.
                                                                                                            
 
                                                                                                            
-
                                                                                                            Hibernating a Cluster
                                                                                                            1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                            2. Click  next to the cluster to be hibernated.
                                                                                                            3. In the dialog box displayed, check the precautions and click Yes. Wait until the cluster is hibernated.
                                                                                                            
+
                                                                                                            Hibernating a Cluster
                                                                                                            1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                            2. Click  next to the cluster to be hibernated.
                                                                                                            3. In the dialog box displayed, check the precautions and click Yes. Wait until the cluster is hibernated.
                                                                                                            
 
                                                                                                            
-
                                                                                                            Waking Up a Cluster
                                                                                                            1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                            2. Click  next to the cluster to be woken up.
                                                                                                            3. When the cluster status changes from Waking to Running, the cluster is woken up. It takes about 3 to 5 minutes to wake up the cluster.
                                                                                                            
+
                                                                                                            Waking Up a Cluster
                                                                                                            1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                            2. Click  next to the cluster to be woken up.
                                                                                                            3. When the cluster status changes from Waking up to Running, the cluster is woken up. It takes about 3 to 5 minutes to wake up the cluster.
                                                                                                            
 
                                                                                                            
 
                                                                                                            
 
                                                                                                            
diff --git a/docs/cce/umn/cce_10_0215.html b/docs/cce/umn/cce_10_0215.html
index 213539a70..4908681ea 100644
--- a/docs/cce/umn/cce_10_0215.html
+++ b/docs/cce/umn/cce_10_0215.html
@@ -8,12 +8,10 @@
 
 
                                                                                                          4. Before You Start
                                                                                                            
 
                                                                                                            5. 
-
                                                                                                          5. Post-Upgrade Verification
                                                                                                            
-
                                                                                                            6. 
-
                                                                                                          6. Performing Replace/Rolling Upgrade
                                                                                                            
-
                                                                                                            7. 
 
                                                                                                          7. Performing In-place Upgrade
                                                                                                            
 
                                                                                                            8. 
+
                                                                                                          8. Performing Post-Upgrade Verification
                                                                                                            
+
                                                                                                            9. 
 
                                                                                                          9. Migrating Services Across Clusters of Different Versions
                                                                                                            
 
                                                                                                            10. 
 
                                                                                                          10. Troubleshooting for Pre-upgrade Check Exceptions
                                                                                                            
diff --git a/docs/cce/umn/cce_10_0216.html b/docs/cce/umn/cce_10_0216.html
index 242320e70..2a2ffcf1a 100644
--- a/docs/cce/umn/cce_10_0216.html
+++ b/docs/cce/umn/cce_10_0216.html
@@ -7,20 +7,85 @@
 
                                                                                                            • Run the cluster storage daemon, such as glusterd or Ceph, on each node.
                                                                                                            • Run the log collection daemon, such as Fluentd or Logstash, on each node.
                                                                                                            • Run the monitoring daemon, such as Prometheus Node Exporter, collectd, Datadog agent, New Relic agent, or Ganglia (gmond), on each node.
                                                                                                            
 
                                                                                                            You can deploy a DaemonSet for each type of daemons on all nodes, or deploy multiple DaemonSets for the same type of daemons. In the second case, DaemonSets have different flags and different requirements on memory and CPU for different hardware types.
                                                                                                            
 
                                                                                                            11. 
-
                                                                                                            Prerequisites
                                                                                                            You must have one cluster available before creating a DaemonSet. For details on how to create a cluster, see Creating a CCE Cluster.
                                                                                                            
+
                                                                                                            Prerequisites
                                                                                                            You must have one cluster available before creating a DaemonSet. For details on how to create a cluster, see Creating a Cluster.
                                                                                                            
 
                                                                                                            
-
                                                                                                            Using the CCE Console
                                                                                                            1. Log in to the CCE console.
                                                                                                            2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                                                                            3. Set basic information about the workload. 
                                                                                                              Basic Info
                                                                                                              • Workload Type: Select DaemonSet. For details about workload types, see Overview.
                                                                                                              • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                                              • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                                                                              • Container Runtime: A CCE cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences between runC and Kata, see Kata Containers and Common Containers.
                                                                                                              • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                                                                                                              
+
                                                                                                              Using the CCE Console
                                                                                                              1. Log in to the CCE console.
                                                                                                              2. Click the cluster name to go to the cluster console, choose Workloads in the navigation pane, and click the Create Workload in the upper right corner.
                                                                                                              3. Set basic information about the workload.
                                                                                                                Basic Info
                                                                                                                • Workload Type: Select DaemonSet. For details about workload types, see Overview.
                                                                                                                • Workload Name: Enter the name of the workload. Enter 1 to 63 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                                                • Namespace: Select the namespace of the workload. The default value is default. You can also click Create Namespace to create one. For details, see Creating a Namespace.
                                                                                                                • Container Runtime: A CCE cluster uses runC by default, whereas a CCE Turbo cluster supports both runC and Kata. For details about the differences, see Kata Runtime and Common Runtime.
                                                                                                                • Time Zone Synchronization: Specify whether to enable time zone synchronization. After time zone synchronization is enabled, the container and node use the same time zone. The time zone synchronization function depends on the local disk mounted to the container. Do not modify or delete the time zone. For details, see Configuring Time Zone Synchronization.
                                                                                                                
 
                                                                                                                
-
                                                                                                                Container Settings
                                                                                                                • Container Information
                                                                                                                  Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
+
                                                                                                                  Container Settings
                                                                                                                  • Container Information
                                                                                                                    Multiple containers can be configured in a pod. You can click Add Container on the right to configure multiple containers for the pod.
                                                                                                                    • Basic Info: Configure basic information about the container.
+
                                                                                                            Table 5 Extended controller configuration parameters (supported only by clusters of v1.21 and later)
                                                                                                            Parameter
                                                                                                            
+
                                                                                                            Description
                                                                                                            
+
                                                                                                            Value
                                                                                                            
+
                                                                                                            enable-resource-quota
                                                                                                            
+
                                                                                                            Whether to automatically create a resource quota object when creating a namespace.
                                                                                                            
+
                                                                                                            • false: no auto creation
                                                                                                            • true: auto creation enabled For details about the resource quota defaults, see Setting a Resource Quota.
                                                                                                            
+
                                                                                                            Default: false
                                                                                                            
                                                                                                             		
 
                                                                                                            
                                                                                                             
 
 
                                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                            Parameter
                                                                                                            
+
                                                                                                            Description
                                                                                                            
+
                                                                                                            Container Name
                                                                                                            
+
                                                                                                            Name the container.
                                                                                                            
+
                                                                                                            Pull Policy
                                                                                                            
+
                                                                                                            Image update or pull policy. If you select Always, the image is pulled from the image repository each time. If you do not select Always, the existing image of the node is preferentially used. If the image does not exist, the image is pulled from the image repository.
                                                                                                            
+
                                                                                                            Image Name
                                                                                                            
+
                                                                                                            Click Select Image and select the image used by the container.
                                                                                                            
+
                                                                                                            To use a third-party image, see Using Third-Party Images.
                                                                                                            
+
                                                                                                            Image Tag
                                                                                                            
+
                                                                                                            Select the image tag to be deployed.
                                                                                                            
+
                                                                                                            CPU Quota
                                                                                                            
+
                                                                                                            • Request: minimum number of CPU cores required by a container. The default value is 0.25 cores.
                                                                                                            • Limit: maximum number of CPU cores available for a container. Do not leave Limit unspecified. Otherwise, intensive use of container resources will occur and your workload may exhibit unexpected behavior.
                                                                                                            
+
                                                                                                            If Request and Limit are not specified, the quota is not limited. For more information and suggestions about Request and Limit, see Setting Container Specifications.
                                                                                                            
+
                                                                                                            Memory Quota
                                                                                                            
+
                                                                                                            • Request: minimum amount of memory required by a container. The default value is 512 MiB.
                                                                                                            • Limit: maximum amount of memory available for a container. When memory usage exceeds the specified memory limit, the container will be terminated.
                                                                                                            
+
                                                                                                            If Request and Limit are not specified, the quota is not limited. For more information and suggestions about Request and Limit, see Setting Container Specifications.
                                                                                                            
+
                                                                                                            (Optional) GPU Quota
                                                                                                            
+
                                                                                                            Configurable only when the cluster contains GPU nodes and the gpu-beta add-on is installed.
                                                                                                            
+
                                                                                                            • All: The GPU is not used.
                                                                                                            • Dedicated: GPU resources are exclusively used by the container.
                                                                                                            • Shared: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container uses 10% of GPU resources.
                                                                                                            
+
                                                                                                            For details about how to use GPU in the cluster, see Default GPU Scheduling in Kubernetes.
                                                                                                            
+
                                                                                                            (Optional) Privileged Container
                                                                                                            
+
                                                                                                            Programs in a privileged container have certain privileges.
                                                                                                            
+
                                                                                                            If Privileged Container is enabled, the container is assigned privileges. For example, privileged containers can manipulate network devices on the host machine and modify kernel parameters.
                                                                                                            
+
                                                                                                            (Optional) Init Container
                                                                                                            
+
                                                                                                            Indicates whether to use the container as an init container. The init container does not support health check.
                                                                                                            
+
                                                                                                            An init container is a special container that runs before other app containers in a pod are started. Each pod can contain multiple containers. In addition, a pod can contain one or more Init containers. Application containers in a pod are started and run only after the running of all Init containers completes. For details, see Init Container.
                                                                                                            
+
                                                                                                            
 
                                                                                                            
-
                                                                                                          11. Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                                                                                                          12. GPU graphics card: All is selected by default. The workload instance will be scheduled to the node with the specified GPU graphics card type.
                                                                                                            13. 
+
+
                                                                                                            • (Optional) Lifecycle: Configure operations to be performed in a specific phase of the container lifecycle, such as Startup Command, Post-Start, and Pre-Stop. For details, see Setting Container Lifecycle Parameters.
                                                                                                            • (Optional) Health Check: Set the liveness probe, ready probe, and startup probe as required. For details, see Setting Health Check for a Container.
                                                                                                            • (Optional) Environment Variables: Set variables for the container running environment using key-value pairs. These variables transfer external information to containers running in pods and can be flexibly modified after application deployment. For details, see Setting an Environment Variable.
                                                                                                            • (Optional) Data Storage: Mount local storage or cloud storage to the container. The application scenarios and mounting modes vary with the storage type. For details, see Storage.
                                                                                                            • (Optional) Security Context: Set container permissions to protect the system and other containers from being affected. Enter the user ID to set container permissions and prevent systems and other containers from being affected.
                                                                                                            • (Optional) Logging: Report container stdout streams to AOM by default and require no manual settings. You can manually configure the log collection path. For details, see Using ICAgent to Collect Container Logs.
                                                                                                              To disable the standard output of the current workload, add the annotation kubernetes.AOM.log.stdout: [] in Labels and Annotations. For details about how to use this annotation, see Table 1.
                                                                                                              
+
                                                                                                            
 
-
                                                                                                            Service Settings
                                                                                                            
-
                                                                                                            A Service is used for pod access. With a fixed IP address, a Service forwards access traffic to pods and performs load balancing for these pods.
                                                                                                            
-
                                                                                                            You can also create a Service after creating a workload. For details about the Service, see Service Overview.
                                                                                                            
-
                                                                                                            Advanced Settings
+
                                                                                                          13. Image Access Credential: Select the credential used for accessing the image repository. The default value is default-secret. You can use default-secret to access images in SWR. For details about default-secret, see default-secret.
                                                                                                          14. (Optional) GPU: All is selected by default. The workload instance will be scheduled to the node with the specified GPU graphics card type.
                                                                                                            15. 
+
                                                                                                            
+
                                                                                                            (Optional) Service Settings
                                                                                                            
+
                                                                                                            A Service provides external access for pods. With a static IP address, a Service forwards access traffic to pods and performs automatic load balancing for these pods.
                                                                                                            
+
                                                                                                            You can also create a Service after creating a workload. For details about Services of different types, see Overview.
                                                                                                            
+
                                                                                                            (Optional) Advanced Settings
+
                                                                                                            • Scheduling: Configure affinity and anti-affinity policies for flexible workload scheduling. Node affinity, pod affinity, and pod anti-affinity are supported. For details, see Scheduling Policy (Affinity/Anti-affinity).
                                                                                                            
+
                                                                                                            • Toleration: Using both taints and tolerations allows (not forcibly) the pod to be scheduled to a node with the matching taints, and controls the pod eviction policies after the node where the pod is located is tainted. For details, see Taints and Tolerations.
                                                                                                            • Labels and Annotations: Add labels or annotations for pods using key-value pairs. After entering the key and value, click Confirm. For details about how to use and configure labels and annotations, see Labels and Annotations.
                                                                                                            • DNS: Configure a separate DNS policy for the workload. For details, see DNS Configuration.
                                                                                                            • Network configuration:
+
                                                                                                            
 
                                                                                                            
 
                                                                                                          15. Click Create Workload in the lower right corner.
                                                                                                            16. 
 
@@ -65,12 +130,12 @@ spec:
 
                                                                                                            $ kubectl get ds
 NAME              DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
 nginx-daemonset   1         1         0       1            0           daemon=need     116s
                                                                                                            
-
                                                                                                          16. If the workload will be accessed through a ClusterIP or NodePort Service, set the corresponding workload access type. For details, see Networking.
                                                                                                            17. 
+
                                                                                                          17. If the workload will be accessed through a ClusterIP or NodePort Service, set the corresponding workload access type. For details, see Network.
                                                                                                            18. 
 
 
 
                                                                                                            
 
                                                                                                            
-
                                                                                                            Parent topic: Workloads
                                                                                                            
+
                                                                                                            Parent topic: Creating a Workload
                                                                                                            
 
                                                                                                            
 
                                                                                                            
 
diff --git a/docs/cce/umn/cce_10_0222.html b/docs/cce/umn/cce_10_0222.html
index 2d5bab8ea..fe11784fe 100644
--- a/docs/cce/umn/cce_10_0222.html
+++ b/docs/cce/umn/cce_10_0222.html
@@ -4,15 +4,15 @@
 
                                                                                                            
 
                                                                                                            
 
                                                                                                              
+
                                                                                                            • Updating a Node Pool
                                                                                                              
+
                                                                                                              • 
 
                                                                                                            • Configuring a Node Pool
                                                                                                              
 
                                                                                                              • 
-
                                                                                                            • Updating a Node Pool
                                                                                                              
+
                                                                                                            • Copying a Node Pool
                                                                                                              
 
                                                                                                              • 
 
                                                                                                            • Synchronizing Node Pools
                                                                                                              
 
                                                                                                              • 
-
                                                                                                            • Upgrading the OS
                                                                                                              
-
                                                                                                              • 
-
                                                                                                            • Copying a Node Pool
                                                                                                              
+
                                                                                                            • Upgrading an OS
                                                                                                              
 
                                                                                                              • 
 
                                                                                                            • Migrating a Node
                                                                                                              
 
                                                                                                              • 
diff --git a/docs/cce/umn/cce_10_0232.html b/docs/cce/umn/cce_10_0232.html
index 00ec365e7..ed1018b2a 100644
--- a/docs/cce/umn/cce_10_0232.html
+++ b/docs/cce/umn/cce_10_0232.html
@@ -1,9 +1,82 @@
 
 
 
                                                                                                              Scheduling Policy (Affinity/Anti-affinity)
                                                                                                              
-
                                                                                                              A nodeSelector provides a very simple way to constrain pods to nodes with particular labels, as mentioned in Creating a DaemonSet. The affinity and anti-affinity feature greatly expands the types of constraints you can express.
                                                                                                              
-
                                                                                                              Kubernetes supports node-level and pod-level affinity and anti-affinity. You can configure custom rules to achieve affinity and anti-affinity scheduling. For example, you can deploy frontend pods and backend pods together, deploy the same type of applications on a specific node, or deploy different applications on different nodes.
                                                                                                              
-
                                                                                                              Node Affinity (nodeAffinity)
                                                                                                              Labels are the basis of affinity rules. Let's look at the labels on nodes in a cluster.
                                                                                                              
+
                                                                                                              Kubernetes supports node affinity and pod affinity/anti-affinity. You can configure custom rules to achieve affinity and anti-affinity scheduling. For example, you can deploy frontend pods and backend pods together, deploy the same type of applications on a specific node, or deploy different applications on different nodes.
                                                                                                              
+
                                                                                                              Kubernetes affinity applies to nodes and pods.
                                                                                                              
+
                                                                                                              • nodeAffinity: similar to pod nodeSelector, and they both schedule pods only to the nodes with specified labels. The difference between nodeAffinity and nodeSelector lies in that nodeAffinity features stronger expression than nodeSelector and allows you to specify preferentially selected soft constraints. The two types of node affinity are as follows:
                                                                                                                • requiredDuringSchedulingIgnoredDuringExecution: hard constraint that must be met. The scheduler can perform scheduling only when the rule is met. This function is similar to nodeSelector, but it features stronger syntax expression. For details, see Node Affinity (nodeAffinity).
                                                                                                                • preferredDuringSchedulingIgnoredDuringExecution: soft constraint that is met as much as possible. The scheduler attempts to find the node that meets the rule. If no matching node is found, the scheduler still schedules the pod. For details, see Node Preference Rule.
                                                                                                                
+
                                                                                                              • Workload Affinity (podAffinity)/Workload Anti-affinity (podAntiAffinity): The nodes to which a pod can be scheduled are determined based on the label of the pod running on a node, but not the label of the node. Similar to node affinity, workload affinity and anti-affinity are also of requiredDuringSchedulingIgnoredDuringExecution and preferredDuringSchedulingIgnoredDuringExecution types.
                                                                                                                 
                                                                                                                Workload affinity and anti-affinity require a certain amount of computing time, which significantly slows down scheduling in large-scale clusters. Do not enable workload affinity and anti-affinity in a cluster that contains hundreds of nodes.
                                                                                                                
+
                                                                                                                
+
                                                                                                              
+
                                                                                                              You can create the preceding affinity policies on the console. For details, see Configuring Scheduling Policies.
                                                                                                              
+
                                                                                                              Configuring Scheduling Policies
                                                                                                              1. Log in to the CCE console.
                                                                                                              2. When creating a workload, click Scheduling in the Advanced Settings area.
                                                                                                                
+
                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                Table 1 Node affinity settings
                                                                                                                Parameter
                                                                                                                
+
                                                                                                                Description
                                                                                                                
+
                                                                                                                Required
                                                                                                                
+
                                                                                                                Hard constraint, which corresponds to requiredDuringSchedulingIgnoredDuringExecution for specifying the conditions that must be met.
                                                                                                                
+
                                                                                                                If multiple rules that must be met are added, scheduling will be performed when only one rule is met.
                                                                                                                
+
                                                                                                                Preferred
                                                                                                                
+
                                                                                                                Soft constraint, which corresponds to preferredDuringSchedulingIgnoredDuringExecution for specifying the conditions that must be met as many as possible.
                                                                                                                
+
                                                                                                                If multiple rules that must be met as much as possible are added, scheduling will be performed even if one or none of the rules is met.
                                                                                                                
+
                                                                                                                
+
                                                                                                                
+
                                                                                                              3. Click  under Node Affinity, Workload Affinity, or Workload Anti-Affinity to add scheduling policies. In the dialog box that is displayed, directly add policies. Alternatively, you can specify nodes or AZs to be scheduled on the console.
                                                                                                                Specifying nodes and AZs is also implemented through labels. The console frees you from manually entering node labels. The kubernetes.io/hostname label is used when you specify a node, and the failure-domain.beta.kubernetes.io/zone label is used when you specify an AZ.
+
                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                Table 2 Parameters for configuring the scheduling policy
                                                                                                                Parameter
                                                                                                                
+
                                                                                                                Description
                                                                                                                
+
                                                                                                                Label
                                                                                                                
+
                                                                                                                Node label. You can use the default label or customize a label.
                                                                                                                
+
                                                                                                                Operator
                                                                                                                
+
                                                                                                                The following relations are supported: In, NotIn, Exists, DoesNotExist, Gt, and Lt.
                                                                                                                
+
                                                                                                                • In: The label of the affinity or anti-affinity object is in the label value list (values field).
                                                                                                                • NotIn: The label of the affinity or anti-affinity object is not in the label value list (values field).
                                                                                                                • Exists: The affinity or anti-affinity object has a specified label name.
                                                                                                                • DoesNotExist: The affinity or anti-affinity object does not have the specified label name.
                                                                                                                • Gt: (available only for node affinity) The label value of the scheduled node is greater than the list value (string comparison).
                                                                                                                • Lt: (available only for node affinity) The label value of the scheduling node is less than the list value (string comparison).
                                                                                                                
+
                                                                                                                Label Value
                                                                                                                
+
                                                                                                                Label value.
                                                                                                                
+
                                                                                                                Namespace
                                                                                                                
+
                                                                                                                This parameter is available only in a workload affinity or anti-affinity scheduling policy.
                                                                                                                
+
                                                                                                                Namespace for which the scheduling policy takes effect.
                                                                                                                
+
                                                                                                                Topology Key
                                                                                                                
+
                                                                                                                This parameter can be used only in a workload affinity or anti-affinity scheduling policy.
                                                                                                                
+
                                                                                                                Select the scope specified by topologyKey and then select the content defined by the policy.
                                                                                                                
+
                                                                                                                Weight
                                                                                                                
+
                                                                                                                This parameter can be set only in a Preferred scheduling policy.
                                                                                                                
+
                                                                                                                
+
                                                                                                                
+
                                                                                                                
+
                                                                                                              
+
                                                                                                              
+
                                                                                                              Node Affinity (nodeAffinity)
                                                                                                              Workload node affinity rules are implemented using node labels. When a node is created in a CCE cluster, certain labels are automatically added. You can run the kubectl describe node command to view the labels. The following is an example:
                                                                                                              
 
                                                                                                              $ kubectl describe node 192.168.0.212
 Name:               192.168.0.212
 Roles:              <none>
@@ -21,9 +94,9 @@ Labels:             beta.kubernetes.io/arch=amd64
                     os.architecture=amd64
                     os.name=EulerOS_2.0_SP5
                     os.version=3.10.0-862.14.1.5.h328.eulerosv2r7.x86_64
                                                                                                              
-
                                                                                                              These labels are automatically added by CCE during node creation. The following describes a few that are frequently used during scheduling.
                                                                                                              
+
                                                                                                              In workload scheduling, common node labels are as follows:
                                                                                                              
 
                                                                                                              • failure-domain.beta.kubernetes.io/region: region where the node is located.
                                                                                                              • failure-domain.beta.kubernetes.io/zone: availability zone to which the node belongs.
                                                                                                              • kubernetes.io/hostname: host name of the node.
                                                                                                              
-
                                                                                                              When you deploy pods, you can use a nodeSelector, as described in DaemonSet, to constrain pods to nodes with specific labels. The following example shows how to use a nodeSelector to deploy pods only on the nodes with the gpu=true label.
                                                                                                              
+
                                                                                                              Kubernetes provides the nodeSelector field. When creating a workload, you can set this field to specify that the pod can be deployed only on a node with the specific label. The following example shows how to use a nodeSelector to deploy the pod only on the node with the gpu=true label.
                                                                                                              
 
                                                                                                              apiVersion: v1
 kind: Pod
 metadata:
@@ -32,7 +105,12 @@ spec:
   nodeSelector:                 # Node selection. A pod is deployed on a node only when the node has the gpu=true label.
     gpu: true
 ...
                                                                                                              
-
                                                                                                              Node affinity rules can achieve the same results, as shown in the following example.
                                                                                                              apiVersion: apps/v1
+
                                                                                                              Node affinity rules can achieve the same results. Compared with nodeSelector, node affinity rules seem more complex, but with a more expressive syntax. You can use the spec.affinity.nodeAffinity field to set node affinity. There are two types of node affinity:
                                                                                                              • requiredDuringSchedulingIgnoredDuringExecution: Kubernetes cannot schedule the pod unless the rule is met.
                                                                                                              • PreferredDuringSchedulingIgnoredDuringExecution: Kubernetes tries to find a node that meets the rule. If a matching node is not available, Kubernetes still schedules the pod.
                                                                                                              
+
                                                                                                               
                                                                                                              In these two types of node affinity, requiredDuringScheduling or preferredDuringScheduling indicates that the pod can be scheduled to a node only when all the defined rules are met (required). IgnoredDuringExecution indicates that if the node label changes after Kubernetes schedules the pod, the pod continues to run and will not be rescheduled.
                                                                                                              
+
                                                                                                              
+
                                                                                                              
+
                                                                                                              The following is an example of setting node affinity:
                                                                                                              
+
                                                                                                              apiVersion: apps/v1
 kind: Deployment
 metadata:
   name:  gpu
@@ -69,13 +147,7 @@ spec:
                 operator: In
                 values:
                 - "true"
                                                                                                              
-
                                                                                                              
-
                                                                                                              Even though the node affinity rule requires more lines, it is more expressive, which will be further described later.
                                                                                                              
-
                                                                                                              requiredDuringSchedulingIgnoredDuringExecution seems to be complex, but it can be easily understood as a combination of two parts.
                                                                                                              
-
                                                                                                              • requiredDuringScheduling indicates that pods can be scheduled to the node only when all the defined rules are met (required).
                                                                                                              • IgnoredDuringExecution indicates that pods already running on the node do not need to meet the defined rules. That is, a label on the node is ignored, and pods that require the node to contain that label will not be re-scheduled.
                                                                                                              
-
                                                                                                              In addition, the value of operator is In, indicating that the label value must be in the values list. Other available operator values are as follows:
                                                                                                              
-
                                                                                                              • NotIn: The label value is not in a list.
                                                                                                              • Exists: A specific label exists.
                                                                                                              • DoesNotExist: A specific label does not exist.
                                                                                                              • Gt: The label value is greater than a specified value (string comparison).
                                                                                                              • Lt: The label value is less than a specified value (string comparison).
                                                                                                              
-
                                                                                                              Note that there is no such thing as nodeAntiAffinity because operators NotIn and DoesNotExist provide the same function.
                                                                                                              
+
                                                                                                              In this example, the scheduled node must contain a label with the key named gpu. The value of operator is to In, indicating that the label value must be in the values list. That is, the key value of the gpu label of the node is true. For details about other values of operator, see Operator Value Description. Note that there is no such thing as nodeAntiAffinity because operators NotIn and DoesNotExist provide the same function.
                                                                                                              
 
                                                                                                              The following describes how to check whether the rule takes effect. Assume that a cluster has three nodes.
                                                                                                              
 
                                                                                                              $ kubectl get node
 NAME            STATUS   ROLES    AGE   VERSION                            
@@ -101,7 +173,7 @@ gpu-6df65c44cf-42xw4     1/1     Running   0          15s   172.16.0.37   192.16
 gpu-6df65c44cf-jzjvs     1/1     Running   0          15s   172.16.0.36   192.168.0.212
 gpu-6df65c44cf-zv5cl     1/1     Running   0          15s   172.16.0.38   192.168.0.212
                                                                                                              
 
                                                                                                              
-
                                                                                                              Node Preference Rule
                                                                                                              The preceding requiredDuringSchedulingIgnoredDuringExecution rule is a hard selection rule. There is another type of selection rule, that is, preferredDuringSchedulingIgnoredDuringExecution. It is used to specify which nodes are preferred during scheduling.
                                                                                                              
+
                                                                                                              Node Preference Rule
                                                                                                              The preceding requiredDuringSchedulingIgnoredDuringExecution rule is a hard selection rule. There is another type of selection rule, that is, preferredDuringSchedulingIgnoredDuringExecution. It is used to specify which nodes are preferred during scheduling.
                                                                                                              
 
                                                                                                              To achieve this effect, add a node attached with SAS disks to the cluster, add the DISK=SAS label to the node, and add the DISK=SSD label to the other three nodes. 
                                                                                                              
 
                                                                                                              $ kubectl get node -L DISK,gpu
 NAME            STATUS   ROLES    AGE     VERSION                            DISK     GPU
@@ -109,7 +181,7 @@ NAME            STATUS   ROLES    AGE     VERSION                            DIS
 192.168.0.212   Ready    <none>   8h      v1.15.6-r1-20.3.0.2.B001-15.30.2   SSD      true
 192.168.0.94    Ready    <none>   8h      v1.15.6-r1-20.3.0.2.B001-15.30.2   SSD   
 192.168.0.97    Ready    <none>   8h      v1.15.6-r1-20.3.0.2.B001-15.30.2   SSD  
                                                                                                              
-
                                                                                                              Define a Deployment. Use the preferredDuringSchedulingIgnoredDuringExecution rule to set the weight of nodes with the SSD disk installed as 80 and nodes with the gpu=true label as 20. In this way, pods are preferentially deployed on the nodes with the SSD disk installed.
                                                                                                              
+
                                                                                                              Define a Deployment. Use the preferredDuringSchedulingIgnoredDuringExecution rule to set the weight of nodes with the SSD disk installed as 80 and nodes with the gpu=true label as 20. In this way, pods are preferentially deployed on the nodes with the SSD disk installed.
                                                                                                              
 
                                                                                                              apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -155,8 +227,8 @@ spec:
                 operator: In 
                 values: 
                 - "true"
                                                                                                              
-
                                                                                                              After the deployment, there are five pods deployed on the node 192.168.0.212 (label: DISK=SSD and GPU=true), three pods deployed on the node 192.168.0.97 (label: DISK=SSD), and two pods deployed on the node 192.168.0.100 (label: DISK=SAS).
                                                                                                              
-
                                                                                                              From the preceding output, you can find that no pods of the Deployment are scheduled to node 192.168.0.94 (label: DISK=SSD). This is because the node already has many pods on it and its resource usage is high. This also indicates that the preferredDuringSchedulingIgnoredDuringExecution rule defines a preference rather than a hard requirement.
                                                                                                              
+
                                                                                                              After the deployment, there are five pods deployed on the node 192.168.0.212 (label: DISK=SSD and GPU=true), three pods deployed on the node 192.168.0.97 (label: DISK=SSD), and two pods deployed on the node 192.168.0.100 (label: DISK=SAS).
                                                                                                              
+
                                                                                                              From the preceding output, you can find that no pods of the Deployment are scheduled to node 192.168.0.94 (label: DISK=SSD). This is because the node already has many pods on it and its resource usage is high. This also indicates that the preferredDuringSchedulingIgnoredDuringExecution rule defines a preference rather than a hard requirement.
                                                                                                              
 
                                                                                                              $ kubectl create -f affinity2.yaml 
 deployment.apps/gpu created
 
@@ -174,8 +246,10 @@ gpu-585455d466-t56cm   1/1     Running   0          2m29s   172.16.0.64   192.16
 gpu-585455d466-t5w5x   1/1     Running   0          2m29s   172.16.0.41   192.168.0.212
                                                                                                              
 
                                                                                                              
 
                                                                                                              In the preceding example, the node scheduling priority is as follows. Nodes with both SSD and gpu=true labels have the highest priority. Nodes with the SSD label but no gpu=true label have the second priority (weight: 80). Nodes with the gpu=true label but no SSD label have the third priority. Nodes without any of these two labels have the lowest priority.
                                                                                                              
-
                                                                                                              Figure 1 Scheduling priority
                                                                                                              
-
                                                                                                              Workload Affinity (podAffinity)
                                                                                                              Node affinity rules affect only the affinity between pods and nodes. Kubernetes also supports configuring inter-pod affinity rules. For example, the frontend and backend of an application can be deployed together on one node to reduce access latency. There are also two types of inter-pod affinity rules: requiredDuringSchedulingIgnoredDuringExecution and preferredDuringSchedulingIgnoredDuringExecution.
                                                                                                              
+
                                                                                                              Figure 1 Scheduling priority
                                                                                                              
+
                                                                                                              Workload Affinity (podAffinity)
                                                                                                              Node affinity rules affect only the affinity between pods and nodes. Kubernetes also supports configuring inter-pod affinity rules. For example, the frontend and backend of an application can be deployed together on one node to reduce access latency. There are also two types of inter-pod affinity rules: requiredDuringSchedulingIgnoredDuringExecution and preferredDuringSchedulingIgnoredDuringExecution.
                                                                                                              
+
                                                                                                               
                                                                                                              For workload affinity, topologyKey cannot be left blank when requiredDuringSchedulingIgnoredDuringExecution and preferredDuringSchedulingIgnoredDuringExecution are used.
                                                                                                              
+
                                                                                                              
 
                                                                                                              Assume that the backend of an application has been created and has the app=backend label.
                                                                                                              
 
                                                                                                              $ kubectl get po -o wide
 NAME                       READY   STATUS    RESTARTS   AGE     IP            NODE         
@@ -229,13 +303,13 @@ backend-658f6cb858-dlrz8    1/1     Running   0          5m38s   172.16.0.67   1
 frontend-67ff9b7b97-dsqzn   1/1     Running   0          6s      172.16.0.70   192.168.0.100
 frontend-67ff9b7b97-hxm5t   1/1     Running   0          6s      172.16.0.71   192.168.0.100
 frontend-67ff9b7b97-z8pdb   1/1     Running   0          6s      172.16.0.72   192.168.0.100
                                                                                                              
-
                                                                                                              The topologyKey field specifies the selection range. The scheduler selects nodes within the range based on the affinity rule defined. The effect of topologyKey is not fully demonstrated in the preceding example because all the nodes have the kubernetes.io/hostname label, that is, all the nodes are within the range.
                                                                                                              
+
                                                                                                              The topologyKey field is used to divide topology domains to specify the selection range. If the label keys and values of nodes are the same, the nodes are considered to be in the same topology domain. Then, the contents defined in the following rules are selected. The effect of topologyKey is not fully demonstrated in the preceding example because all the nodes have the kubernetes.io/hostname label, that is, all the nodes are within the range.
                                                                                                              
 
                                                                                                              To see how topologyKey works, assume that the backend of the application has two pods, which are running on different nodes.
                                                                                                              
 
                                                                                                              $ kubectl get po -o wide
 NAME                       READY   STATUS    RESTARTS   AGE     IP            NODE         
 backend-658f6cb858-5bpd6   1/1     Running   0          23m     172.16.0.40   192.168.0.97
 backend-658f6cb858-dlrz8   1/1     Running   0          2m36s   172.16.0.67   192.168.0.100
                                                                                                              
-
                                                                                                              Add the prefer=true label to nodes 192.168.0.97 and 192.168.0.94.
                                                                                                              
+
                                                                                                              Add the prefer=true label to nodes 192.168.0.97 and 192.168.0.94.
                                                                                                              
 
                                                                                                              $ kubectl label node 192.168.0.97 prefer=true
 node/192.168.0.97 labeled
 $ kubectl label node 192.168.0.94 prefer=true
@@ -247,7 +321,7 @@ NAME            STATUS   ROLES    AGE   VERSION                            PREFE
 192.168.0.212   Ready    <none>   91m   v1.15.6-r1-20.3.0.2.B001-15.30.2   
 192.168.0.94    Ready    <none>   91m   v1.15.6-r1-20.3.0.2.B001-15.30.2   true
 192.168.0.97    Ready    <none>   91m   v1.15.6-r1-20.3.0.2.B001-15.30.2   true
                                                                                                              
-
                                                                                                              Define topologyKey in the podAffinity section as prefer. The node topology domains are divided as shown in Figure 2.
                                                                                                              
+
                                                                                                              If the topologyKey of podAffinity is set to prefer, the node topology domains are divided as shown in Figure 2.
                                                                                                              
 
                                                                                                                    affinity:
         podAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -258,8 +332,8 @@ NAME            STATUS   ROLES    AGE   VERSION                            PREFE
                 operator: In 
                 values: 
                 - backend
                                                                                                              
-
                                                                                                              Figure 2 Topology domain example
                                                                                                              
-
                                                                                                              During scheduling, node topology domains are divided based on the prefer label. In this example, 192.168.0.97 and 192.168.0.94 are divided into the same topology domain. If pods with the app=backend label run in 192.168.0.97, all frontend pods are deployed onto 192.168.0.97 or 192.168.0.94.
                                                                                                              
+
                                                                                                              Figure 2 Topology domains
                                                                                                              
+
                                                                                                              During scheduling, node topology domains are divided based on the prefer label. In this example, 192.168.0.97 and 192.168.0.94 are divided into the same topology domain. If a pod with the app=backend label runs in the topology domain, even if not all nodes in the topology domain run the pod with the app=backend label (in this example, only the 192.168.0.97 node has such a pod), frontend is also deployed in this topology domain (192.168.0.97 or 192.168.0.94).
                                                                                                              
 
                                                                                                              $ kubectl create -f affinity3.yaml 
 deployment.apps/frontend created
 
@@ -271,8 +345,10 @@ frontend-67ff9b7b97-dsqzn   1/1     Running   0          6s      172.16.0.70   1
 frontend-67ff9b7b97-hxm5t   1/1     Running   0          6s      172.16.0.71   192.168.0.97
 frontend-67ff9b7b97-z8pdb   1/1     Running   0          6s      172.16.0.72   192.168.0.97
                                                                                                              
 
                                                                                                              
-
                                                                                                              Workload Anti-Affinity (podAntiAffinity)
                                                                                                              Unlike the scenarios in which pods are preferred to be scheduled onto the same node, sometimes, it could be the exact opposite. For example, if certain pods are deployed together, they will affect the performance.
                                                                                                              
-
                                                                                                              In the following example, an anti-affinity rule is defined. This rule indicates that node topology domains are divided based on the kubernetes.io/hostname label. If a pod with the app=frontend label already exists on a node in the topology domain, pods with the same label cannot be scheduled to other nodes in the topology domain.
                                                                                                              
+
                                                                                                              Workload Anti-Affinity (podAntiAffinity)
                                                                                                              Unlike the scenarios in which pods are preferred to be scheduled onto the same node, sometimes, it could be the exact opposite. For example, if certain pods are deployed together, they will affect the performance.
                                                                                                              
+
                                                                                                               
                                                                                                              For workload anti-affinity, when requiredDuringSchedulingIgnoredDuringExecution is used, the default access controller LimitPodHardAntiAffinityTopology of Kubernetes requires that topologyKey can only be kubernetes.io/hostname. To use other custom topology logic, modify or disable the access controller.
                                                                                                              
+
                                                                                                              
+
                                                                                                              The following is an example of defining an anti-affinity rule. This rule divides node topology domains by the kubernetes.io/hostname label. If a pod with the app=frontend label already exists on a node in the topology domain, pods with the same label cannot be scheduled to other nodes in the topology domain.
                                                                                                              
 
                                                                                                              apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -304,14 +380,14 @@ spec:
       affinity:
         podAntiAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
-          - topologyKey: kubernetes.io/hostname    # Node topology domain
+          - topologyKey: kubernetes.io/hostname   # Topology domain of the node
             labelSelector:    # Pod label matching rule
               matchExpressions: 
               - key: app
                 operator: In 
                 values: 
                 - frontend
                                                                                                              
-
                                                                                                              Create an anti-affinity rule and view the deployment result. In the example, node topology domains are divided by the kubernetes.io/hostname label. Among nodes with the kubernetes.io/hostname label, the label value of each node is different. Therefore, there is only one node in a topology domain. If a frontend pod already exists in a topology (a node in this example), the same pods will not be scheduled to this topology. In this example, there are only four nodes. Therefore, another pod is pending and cannot be scheduled.
                                                                                                              
+
                                                                                                              Create an anti-affinity rule and view the deployment result. In the example, node topology domains are divided by the kubernetes.io/hostname label. The label values of nodes with the kubernetes.io/hostname label are different, so there is only one node in a topology domain. If a frontend pod already exists in a topology domain, pods with the same label will not be scheduled to the topology domain. In this example, there are only four nodes. Therefore, there is one pod which is in the Pending state and cannot be scheduled.
                                                                                                              
 
                                                                                                              $ kubectl create -f affinity4.yaml 
 deployment.apps/frontend created
 
@@ -323,71 +399,8 @@ frontend-6f686d8d87-hgcq2   1/1     Running   0          18s   172.16.0.54   192
 frontend-6f686d8d87-q7cfq   1/1     Running   0          18s   172.16.0.47   192.168.0.212
 frontend-6f686d8d87-xl8hx   1/1     Running   0          18s   172.16.0.23   192.168.0.94 
                                                                                                              
 
                                                                                                              
-
                                                                                                              Configuring Scheduling Policies
                                                                                                              1. Log in to the CCE console.
                                                                                                              2. When creating a workload, click Scheduling in the Advanced Settings area.
                                                                                                                
-
                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                Table 1 Node affinity settings
                                                                                                                Parameter
                                                                                                                
-
                                                                                                                Description
                                                                                                                
-
                                                                                                                Required
                                                                                                                
-
                                                                                                                This is a hard rule that must be met for scheduling. It corresponds to requiredDuringSchedulingIgnoredDuringExecution in Kubernetes. Multiple required rules can be set, and scheduling will be performed if only one of them is met.
                                                                                                                
-
                                                                                                                Preferred
                                                                                                                
-
                                                                                                                This is a soft rule specifying preferences that the scheduler will try to enforce but will not guarantee. It corresponds to preferredDuringSchedulingIgnoredDuringExecution in Kubernetes. Scheduling is performed when one rule is met or none of the rules are met.
                                                                                                                
-
                                                                                                                
-
                                                                                                                
-
                                                                                                              3. Under Node Affinity, Workload Affinity, and Workload Anti-Affinity, click  to add scheduling policies. In the dialog box displayed, add a policy directly or by specifying a node or an AZ.
                                                                                                                Specifying a node or an AZ is essentially implemented through labels. The kubernetes.io/hostname label is used when you specify a node, and the failure-domain.beta.kubernetes.io/zone label is used when you specify an AZ.
-
                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                Table 2 Scheduling policy configuration
                                                                                                                Parameter
                                                                                                                
-
                                                                                                                Description
                                                                                                                
-
                                                                                                                Label
                                                                                                                
-
                                                                                                                Node label. You can use the default label or customize a label.
                                                                                                                
-
                                                                                                                Operator
                                                                                                                
-
                                                                                                                The following relations are supported: In, NotIn, Exists, DoesNotExist, Gt, and Lt
                                                                                                                
-
                                                                                                                • In: A label exists in the label list.
                                                                                                                • NotIn: A label does not exist in the label list.
                                                                                                                • Exists: A specific label exists.
                                                                                                                • DoesNotExist: A specific label does not exist.
                                                                                                                • Gt: The label value is greater than a specified value (string comparison).
                                                                                                                • Lt: The label value is less than a specified value (string comparison).
                                                                                                                
-
                                                                                                                Label Value
                                                                                                                
-
                                                                                                                Label value.
                                                                                                                
-
                                                                                                                Namespace
                                                                                                                
-
                                                                                                                This parameter is available only in a workload affinity or anti-affinity scheduling policy.
                                                                                                                
-
                                                                                                                Namespace for which the scheduling policy takes effect.
                                                                                                                
-
                                                                                                                Topology Key
                                                                                                                
-
                                                                                                                This parameter can be used only in a workload affinity or anti-affinity scheduling policy.
                                                                                                                
-
                                                                                                                Select the scope specified by topologyKey and then select the content defined by the policy.
                                                                                                                
-
                                                                                                                Weight
                                                                                                                
-
                                                                                                                This parameter can be set only in a Preferred scheduling policy.
                                                                                                                
-
                                                                                                                
-
                                                                                                                
-
                                                                                                                
-
                                                                                                              
+
                                                                                                              Operator Value Description
                                                                                                              You can use the operator field to set the logical relationship of the usage rule. The value of operator can be:
                                                                                                              
+
                                                                                                              • In: The label of the affinity or anti-affinity object is in the label value list (values field).
                                                                                                              • NotIn: The label of the affinity or anti-affinity object is not in the label value list (values field).
                                                                                                              • Exists: The affinity or anti-affinity object has a specified label name.
                                                                                                              • DoesNotExist: The affinity or anti-affinity object does not have the specified label name.
                                                                                                              • Gt: (available only for node affinity) The label value of the scheduled node is greater than the list value (string comparison).
                                                                                                              • Lt: (available only for node affinity) The label value of the scheduling node is less than the list value (string comparison).
                                                                                                              
 
                                                                                                              
 
                                                                                                              
 
                                                                                                              
diff --git a/docs/cce/umn/cce_10_0245.html b/docs/cce/umn/cce_10_0245.html
index f89b3667c..c1707e43e 100644
--- a/docs/cce/umn/cce_10_0245.html
+++ b/docs/cce/umn/cce_10_0245.html
@@ -7,30 +7,30 @@
 
                                                                                                              Cluster permissions and namespace permissions are independent of each other but must be used together. The permissions set for a user group apply to all users in the user group. When multiple permissions are added to a user or user group, they take effect at the same time (the union set is used).
                                                                                                              
 
                                                                                                              
 
                                                                                                              Permission Design
                                                                                                              The following uses company X as an example.
                                                                                                              
-
                                                                                                              Generally, a company has multiple departments or projects, and each department has multiple members. Therefore, you need to design how permissions are to be assigned to different groups and projects, and set a user name for each member to facilitate subsequent user group and permissions configuration.
                                                                                                              
+
                                                                                                              Generally, a company has multiple departments or projects, and each department has multiple members. Design how permissions are to be assigned to different groups and projects, and set a user name for each member to facilitate subsequent user group and permissions configuration.
                                                                                                              
 
                                                                                                              The following figure shows the organizational structure of a department in a company and the permissions to be assigned to each member:
                                                                                                              
-
                                                                                                              
+
                                                                                                              
 
                                                                                                              
-
                                                                                                              Director: David
                                                                                                              David is a department director of company X. To assign him all CCE permissions (both cluster and namespace permissions), you need to create the cce-admin user group for David on the IAM console and assign the CCE Administrator role.
                                                                                                              
+
                                                                                                              Director: David
                                                                                                              David is a department director of company X. To assign him all CCE permissions (both cluster and namespace permissions), create the cce-admin user group for David on the IAM console and assign the CCE Administrator role.
                                                                                                              
 
                                                                                                               
                                                                                                              CCE Administrator: This role has all CCE permissions. You do not need to assign other permissions.
                                                                                                              
 
                                                                                                              CCE FullAccess and CCE ReadOnlyAccess: These policies are related to cluster management permissions and configured only for cluster-related resources (such as clusters and nodes). You must also configure namespace permissions to perform operations on Kubernetes resources (such as workloads and Services).
                                                                                                              
 
                                                                                                              
 
                                                                                                              
 
                                                                                                              O&M Leader: James
                                                                                                              James is the O&M team leader of the department. He needs the cluster permissions for all projects and the read-only permissions for all namespaces.
                                                                                                              
-
                                                                                                              To assign the permissions, create a user group named cce-sre on the IAM console and add James to this user group. Then, assign CCE FullAccess to the user group cce-sre to allow it to perform operations on clusters in all projects.
                                                                                                              
+
                                                                                                              To assign the permissions, create a user group named cce-sre on the IAM console and add James to this user group. Then, assign CCE FullAccess to the user group cce-sre to allow it to perform operations on clusters in all projects.
                                                                                                              
 
                                                                                                              Assigning Read-only Permissions on All Clusters and Namespaces to All Team Leaders and Engineers
                                                                                                              
-
                                                                                                              You can create a read-only user group named read_only on the IAM console and add users to the user group.
                                                                                                              
-
                                                                                                              • Although the development engineers Linda and Peter do not require cluster management permissions, they still need to view data on the CCE console. Therefore, the read-only cluster permission is required.
                                                                                                              • For the O&M engineer William, assign the read-only permission on clusters to him in this step.
                                                                                                              • The O&M team leader James already has the management permissions on all clusters. You can add him to the read_only user group to assign the read-only permission on clusters to him.
                                                                                                              
-
                                                                                                              Users James, Robert, William, Linda, and Peter are added to the read_only user group.
                                                                                                              
+
                                                                                                              You can create a read-only user group named read_only on the IAM console and add users to the user group.
                                                                                                              
+
                                                                                                              • Although the development engineers Linda and Peter do not require cluster management permissions, they still need to view data on the CCE console. Therefore, the read-only cluster permission is required.
                                                                                                              • For the O&M engineer William, assign the read-only permission on clusters to him in this step.
                                                                                                              • The O&M team leader James already has the management permissions on all clusters. You can add him to the read_only user group to assign the read-only permission on clusters to him.
                                                                                                              
+
                                                                                                              Users James, Robert, William, Linda, and Peter are added to the read_only user group.
                                                                                                              
 
                                                                                                              Assign the read-only permission on clusters to the user group read_only.
                                                                                                              
-
                                                                                                              Return to the CCE console, and add the read-only permission on namespaces to the user group read_only to which the five users belong. Choose Permissions on the CCE console, and assign the read-only policy to the user group read_only for each cluster.
                                                                                                              
+
                                                                                                              Return to the CCE console, and add the read-only permission on namespaces to the user group read_only to which the five users belong. Choose Permissions on the CCE console, and assign the read-only policy to the user group read_only for each cluster.
                                                                                                              
 
                                                                                                              After the setting is complete, James has the cluster management permissions for all projects and the read-only permissions on all namespaces, and the Robert, William, Linda, and Peter have the read-only permission on all clusters and namespaces.
                                                                                                              
 
                                                                                                              
 
                                                                                                              Development Team Leader: Robert
                                                                                                              In the previous steps, Robert has been assigned the read-only permission on all clusters and namespaces. Now, assign the administrator permissions on all namespaces to Robert.
                                                                                                              
-
                                                                                                              Therefore, you need to assign the administrator permissions on all namespaces in all clusters to Robert.
                                                                                                              
+
                                                                                                              Therefore, assign the administrator permissions on all namespaces in all clusters to Robert.
                                                                                                              
 
                                                                                                              
-
                                                                                                              O&M Engineer: William
                                                                                                              In the previous steps, William has been assigned the read-only permission on all clusters and namespaces. He also requires the cluster management permissions. Therefore, you can log in to the IAM console, create a user group named cce-sre-b4 and assign CCE FullAccess to William.
                                                                                                              
-
                                                                                                              Now, William has the cluster management permissions and the read-only permission on all namespaces.
                                                                                                              
+
                                                                                                              O&M Engineer: William
                                                                                                              In the previous steps, William has been assigned the read-only permission on all clusters and namespaces. He also requires the cluster management permissions in his region. Therefore, you can log in to the IAM console, create a user group named cce-sre-b4 and assign CCE FullAccess to William for his region.
                                                                                                              
+
                                                                                                              Now, William has the cluster management permissions for his region and the read-only permission on all namespaces.
                                                                                                              
 
                                                                                                              
 
                                                                                                              Development Engineers: Linda and Peter
                                                                                                              In the previous steps, Linda and Peter have been assigned the read-only permission on clusters and namespaces. Therefore, you only need to assign the edit policy to them.
                                                                                                              
 
                                                                                                              By now, all the required permissions are assigned to the department members.
                                                                                                              
@@ -38,7 +38,7 @@
 
                                                                                                              
 
                                                                                                              
 
                                                                                                              
-
                                                                                                              Parent topic: Permissions Management
                                                                                                              
+
                                                                                                              Parent topic: Permissions
                                                                                                              
 
                                                                                                              
 
                                                                                                              
 
diff --git a/docs/cce/umn/cce_10_0247.html b/docs/cce/umn/cce_10_0247.html
index ecfb0343b..f78856016 100644
--- a/docs/cce/umn/cce_10_0247.html
+++ b/docs/cce/umn/cce_10_0247.html
@@ -1,16 +1,16 @@
 
 
 
-  
                                                                                                              Services
                                                                                                              
+  
                                                                                                              Service
                                                                                                              
 
   
                                                                                                              
 
                                                                                                              
 
 
 
diff --git a/docs/cce/umn/cce_10_0248.html b/docs/cce/umn/cce_10_0248.html
index 1642d0b69..19ef9ed8d 100644
--- a/docs/cce/umn/cce_10_0248.html
+++ b/docs/cce/umn/cce_10_0248.html
@@ -4,16 +4,14 @@
 
                                                                                                              
 
 
diff --git a/docs/cce/umn/cce_10_0249.html b/docs/cce/umn/cce_10_0249.html
index 91ee12bbe..fa253adb8 100644
--- a/docs/cce/umn/cce_10_0249.html
+++ b/docs/cce/umn/cce_10_0249.html
@@ -1,26 +1,189 @@
 
 
-
                                                                                                              Service Overview
                                                                                                              
-
                                                                                                              Direct Access to a Pod
                                                                                                              After a pod is created, the following problems may occur if you directly access the pod:
                                                                                                              
-
                                                                                                              • The pod can be deleted and recreated at any time by a controller such as a Deployment, and the result of accessing the pod becomes unpredictable.
                                                                                                              • The IP address of the pod is allocated only after the pod is started. Before the pod is started, the IP address of the pod is unknown.
                                                                                                              • An application is usually composed of multiple pods that run the same image. Accessing pods one by one is not efficient.
                                                                                                              
-
                                                                                                              For example, an application uses Deployments to create the frontend and backend. The frontend calls the backend for computing, as shown in Figure 1. Three pods are running in the backend, which are independent and replaceable. When a backend pod is re-created, the new pod is assigned with a new IP address, of which the frontend pod is unaware.
                                                                                                              
-
                                                                                                              Figure 1 Inter-pod access
                                                                                                              
+
                                                                                                              Overview
                                                                                                              
+
                                                                                                              Direct Access to a Pod
                                                                                                              After a pod is created, the following problems may occur if you directly access to the pod:
                                                                                                              
+
                                                                                                              • The pod can be deleted and created again at any time by a controller such as a Deployment, and the result of accessing the pod becomes unpredictable.
                                                                                                              • The IP address of the pod is allocated only after the pod is started. Before the pod is started, the IP address of the pod is unknown.
                                                                                                              • An application is usually composed of multiple pods that run the same image. Accessing pods one by one is not efficient.
                                                                                                              
+
                                                                                                              For example, an application uses Deployments to create the frontend and backend. The frontend calls the backend for computing, as shown in Figure 1. Three pods are running in the backend, which are independent and replaceable. When a backend pod is created again, the new pod is assigned with a new IP address, of which the frontend pod is unaware.
                                                                                                              
+
                                                                                                              Figure 1 Inter-pod access
                                                                                                              
 
                                                                                                              
-
                                                                                                              Using Services for Pod Access
                                                                                                              Kubernetes Services are used to solve the preceding pod access problems. A Service has a fixed IP address. (When a CCE cluster is created, a Service CIDR block is set, which is used to allocate IP addresses to Services.) A Service forwards requests accessing the Service to pods based on labels, and at the same time, perform load balancing for these pods.
                                                                                                              
+
                                                                                                              Using Services for Pod Access
                                                                                                              Kubernetes Services are used to solve the preceding pod access problems. A Service has a fixed IP address. (When a CCE cluster is created, a Service CIDR block is set, which is used to allocate IP addresses to Services.) A Service forwards requests accessing the Service to pods based on labels, and at the same time, performs load balancing for these pods.
                                                                                                              
 
                                                                                                              In the preceding example, a Service is added for the frontend pod to access the backend pods. In this way, the frontend pod does not need to be aware of the changes on backend pods, as shown in Figure 2.
                                                                                                              
-
                                                                                                              Figure 2 Accessing pods through a Service
                                                                                                              
+
                                                                                                              Figure 2 Accessing pods through a Service
                                                                                                              
 
                                                                                                              
 
                                                                                                              Service Types
                                                                                                              Kubernetes allows you to specify a Service of a required type. The values and actions of different types of Services are as follows:
                                                                                                              
 
                                                                                                              • ClusterIP
                                                                                                                A ClusterIP Service allows workloads in the same cluster to use their cluster-internal domain names to access each other.
                                                                                                                
 
                                                                                                              
-
                                                                                                              • NodePort
                                                                                                                A NodePort Service is exposed on each node's IP at a static port. A ClusterIP Service, to which the NodePort Service routes, is automatically created. By requesting <NodeIP>:<NodePort>, you can access a NodePort Service from outside the cluster.
                                                                                                                
-
                                                                                                              • LoadBalancer
                                                                                                                A workload can be accessed from public networks through a load balancer, which is more secure and reliable than EIP.
                                                                                                                
+
                                                                                                                • NodePort
                                                                                                                  A Service is exposed on each node's IP address at a static port (NodePort). A ClusterIP Service, to which the NodePort Service will route, is automatically created. By requesting <NodeIP>:<NodePort>, you can access a NodePort Service from outside the cluster.
                                                                                                                  
+
                                                                                                                • LoadBalancer
                                                                                                                  LoadBalancer Services can access workloads from the public network through a load balancer, which is more reliable than EIP-based access. LoadBalancer Services are recommended for accessing workloads from outside the cluster.
                                                                                                                  
+
                                                                                                                
+
                                                                                                              
+
                                                                                                              externalTrafficPolicy (Service Affinity)
                                                                                                              For a NodePort and LoadBalancer Service, requests are first sent to the node port, then the Service, and finally the pod backing the Service. The backing pod may be not located in the node receiving the requests. By default, the backend workload can be accessed from any node IP address and service port. If the pod is not on the node that receives the request, the request will be redirected to the node where the pod is located, which may cause performance loss.
                                                                                                              
+
                                                                                                              externalTrafficPolicy is a configuration parameter of the Service.
                                                                                                              
+
                                                                                                              apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-nodeport
+spec:
+  externalTrafficPolicy: Local
+  ports:
+  - name: service
+    nodePort: 30000
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  type: NodePort
                                                                                                              
+
                                                                                                              If the value of externalTrafficPolicy is Local, requests sent from Node IP address:Service port will be forwarded only to the pod on the local node. If the node does not have a pod, the requests are suspended.
                                                                                                              
+
                                                                                                              If the value of externalTrafficPolicy is Cluster, requests are forwarded within the cluster and the backend workload can be accessed from any node IP address and service port.
                                                                                                              
+
                                                                                                              If externalTrafficPolicy is not set, the default value Cluster will be used.
                                                                                                              
+
                                                                                                              You can set this parameter when creating a Service of the NodePort type on the CCE console.
                                                                                                              
+
                                                                                                              The values of externalTrafficPolicy are as follows:
                                                                                                              
+
                                                                                                              • Cluster: The IP addresses and access ports of all nodes in a cluster can access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                                                              • Local: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained. In this scenario, Services may fail to be accessed from within the cluster. For details, see Why a Service Fail to Be Accessed from Within the Cluster.
                                                                                                              
+
                                                                                                              
+
                                                                                                              Why a Service Fail to Be Accessed from Within the Cluster
                                                                                                              If the service affinity of a Service is set to the node level, that is, the value of externalTrafficPolicy is Local, the Service may fail to be accessed from within the cluster (specifically, nodes or containers). Information similar to the following is displayed:
                                                                                                              upstream connect error or disconnect/reset before headers. reset reason: connection failure
+Or
+curl: (7) Failed to connect to 192.168.10.36 port 900: Connection refused
                                                                                                              
+
                                                                                                              
+
                                                                                                              It is common that a load balancer in a cluster cannot be accessed. The reason is as follows: When Kubernetes creates a Service, kube-proxy adds the access address of the load balancer as an external IP address (External-IP, as shown in the following command output) to iptables or IPVS. If a client inside the cluster initiates a request to access the load balancer, the address is considered as the external IP address of the Service, and the request is directly forwarded by kube-proxy without passing through the load balancer outside the cluster.
                                                                                                              
+
                                                                                                              # kubectl get svc nginx
+NAME    TYPE           CLUSTER-IP      EXTERNAL-IP                   PORT(S)        AGE
+nginx   LoadBalancer   10.247.76.156   123.**.**.**,192.168.0.133   80:32146/TCP   37s
                                                                                                              
+
                                                                                                              When the value of externalTrafficPolicy is Local, the access failures in different container network models and service forwarding modes are as follows:
                                                                                                               
                                                                                                              • For a multi-pod workload, ensure that all pods are accessible. Otherwise, there is a possibility that the access to the workload fails.
                                                                                                              • CCE Turbo clusters using Cloud Native 2.0 networking do not support node-level service affinity.
                                                                                                              
+
                                                                                                              
+
+
                                                                                                              
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                              Service Type Released on the Server
                                                                                                              
+
                                                                                                              Access Type
                                                                                                              
+
                                                                                                              Request Initiation Location on the Client
                                                                                                              
+
                                                                                                              Tunnel Network Cluster (IPVS)
                                                                                                              
+
                                                                                                              VPC Network Cluster (IPVS)
                                                                                                              
+
                                                                                                              Tunnel Network Cluster (iptables)
                                                                                                              
+
                                                                                                              VPC Network Cluster (iptables)
                                                                                                              
+
                                                                                                              NodePort Service
                                                                                                              
+
                                                                                                              Public/Private network
                                                                                                              
+
                                                                                                              Same node as the service pod
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on the node where the server is located: The access is successful.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on a node other than the node where the server is located: The access failed.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on the node where the server is located: The access is successful.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on a node other than the node where the server is located: The access failed.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on the node where the server is located: The access is successful.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on a node other than the node where the server is located: The access failed.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on the node where the server is located: The access is successful.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on a node other than the node where the server is located: The access failed.
                                                                                                              
+
                                                                                                              Different nodes from the service pod
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on the node where the server is located: The access is successful.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on a node other than the node where the server is located: The access failed.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on the node where the server is located: The access is successful.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on a node other than the node where the server is located: The access failed.
                                                                                                              
+
                                                                                                              The access is successful.
                                                                                                              
+
                                                                                                              The access is successful.
                                                                                                              
+
                                                                                                              Other containers on the same node as the service pod
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on the node where the server is located: The access is successful.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on a node other than the node where the server is located: The access is successful.
                                                                                                              
+
                                                                                                              The access failed.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on the node where the server is located: The access is successful.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on a node other than the node where the server is located: The access failed.
                                                                                                              
+
                                                                                                              The access failed.
                                                                                                              
+
                                                                                                              Other containers on different nodes from the service pod
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on the node where the server is located: The access is successful.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on a node other than the node where the server is located: The access failed.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on the node where the server is located: The access is successful.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on a node other than the node where the server is located: The access failed.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on the node where the server is located: The access is successful.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on a node other than the node where the server is located: The access failed.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on the node where the server is located: The access is successful.
                                                                                                              
+
                                                                                                              Access the IP address and NodePort on a node other than the node where the server is located: The access failed.
                                                                                                              
+
                                                                                                              LoadBalancer Service using a dedicated load balancer
                                                                                                              
+
                                                                                                              Private network
                                                                                                              
+
                                                                                                              Same node as the service pod
                                                                                                              
+
                                                                                                              The access failed.
                                                                                                              
+
                                                                                                              The access failed.
                                                                                                              
+
                                                                                                              The access failed.
                                                                                                              
+
                                                                                                              The access failed.
                                                                                                              
+
                                                                                                              Other containers on the same node as the service pod
                                                                                                              
+
                                                                                                              The access failed.
                                                                                                              
+
                                                                                                              The access failed.
                                                                                                              
+
                                                                                                              The access failed.
                                                                                                              
+
                                                                                                              The access failed.
                                                                                                              
+
                                                                                                              
+
                                                                                                              
+
                                                                                                              
+
                                                                                                              The following methods can be used to solve this problem:
                                                                                                              
+
                                                                                                              • (Recommended) In the cluster, use the ClusterIP Service or service domain name for access.
                                                                                                              • Set externalTrafficPolicy of the Service to Cluster, which means cluster-level service affinity. Note that this affects source address persistence.
                                                                                                                apiVersion: v1 
+kind: Service
+metadata: 
+  annotations:   
+    kubernetes.io/elb.class: union
+    kubernetes.io/elb.autocreate: '{"type":"public","bandwidth_name":"cce-bandwidth","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
+  labels: 
+    app: nginx 
+  name: nginx 
+spec: 
+  externalTrafficPolicy: Cluster
+  ports: 
+  - name: service0 
+    port: 80
+    protocol: TCP 
+    targetPort: 80
+  selector: 
+    app: nginx 
+  type: LoadBalancer
                                                                                                                
 
                                                                                                              
 
                                                                                                              
 
                                                                                                              
 
                                                                                                              
 
                                                                                                              
-
                                                                                                              Parent topic: Services
                                                                                                              
+
                                                                                                              Parent topic: Service
                                                                                                              
 
                                                                                                              
 
                                                                                                              
 
diff --git a/docs/cce/umn/cce_10_0251.html b/docs/cce/umn/cce_10_0251.html
index 458b2cc47..ff68fc976 100644
--- a/docs/cce/umn/cce_10_0251.html
+++ b/docs/cce/umn/cce_10_0251.html
@@ -1,44 +1,84 @@
 
 
-
                                                                                                              Using ELB Ingresses on the Console
                                                                                                              
-
                                                                                                              Prerequisites
                                                                                                              • An ingress provides network access for backend workloads. Ensure that a workload is available in a cluster. If no workload is available, deploy a workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.
                                                                                                              • A NodePort Service has been configured for the workload. For details about how to configure the Service, see NodePort.
                                                                                                              • Dedicated load balancers must be the application type (HTTP/HTTPS) supporting private networks (with a private IP).
                                                                                                              • In ELB passthrough networking (CCE Turbo cluster + dedicated load balancer), ELB Ingress supports ClusterIP Services. In other scenarios, ELB Ingress supports NodePort Services.
                                                                                                              
+
                                                                                                              Creating an ELB Ingress on the Console
                                                                                                              
+
                                                                                                              Prerequisites
                                                                                                              
 
                                                                                                              
-
                                                                                                              Precautions
                                                                                                              • It is recommended that other resources not use the load balancer automatically created by an ingress. Otherwise, the load balancer will be occupied when the ingress is deleted, resulting in residual resources.
                                                                                                              • After an ingress is created, upgrade and maintain the configuration of the selected load balancers on the CCE console. Do not modify the configuration on the ELB console. Otherwise, the ingress service may be abnormal.
                                                                                                              • The URL registered in an ingress forwarding policy must be the same as the URL exposed by the backend Service. Otherwise, a 404 error will be returned.
                                                                                                              • In a cluster using the IPVS proxy mode, if the ingress and Service use the same ELB load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer connected to the ingress. You are advised to use different ELB load balancers for the ingress and Service.
                                                                                                              
+
                                                                                                              Precautions
                                                                                                              • It is recommended that other resources not use the load balancer automatically created by an ingress. Otherwise, the load balancer will be occupied when the ingress is deleted, resulting in residual resources.
                                                                                                              • After an ingress is created, upgrade and maintain the configuration of the selected load balancers on the CCE console. Do not modify the configuration on the ELB console. Otherwise, the ingress service may be abnormal.
                                                                                                              • The URL registered in an ingress forwarding policy must be the same as the URL used to access the backend Service. Otherwise, a 404 error will be returned.
                                                                                                              • In a cluster using the IPVS proxy mode, if the ingress and Service use the same ELB load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer connected to the ingress. You are advised to use different ELB load balancers for the ingress and Service.
                                                                                                              • Dedicated load balancers must be the application type (HTTP/HTTPS) supporting private networks (with a private IP).
                                                                                                              • If multiple ingresses are used to connect to the same ELB port in the same cluster, the listener configuration items (such as the certificate associated with the listener and the HTTP2 attribute of the listener) are subject to the configuration of the first ingress.
                                                                                                              
 
                                                                                                              
 
                                                                                                              Adding an ELB Ingress
                                                                                                              This section uses an Nginx workload as an example to describe how to add an ELB ingress.
                                                                                                              
-
                                                                                                              1. Log in to the CCE console and access the cluster console.
                                                                                                              2. Choose Networking in the navigation pane, click the Ingresses tab, and click Create Service in the upper right corner.
                                                                                                              3. Set ingress parameters.
                                                                                                                • Name: Specify a name of an ingress, for example, ingress-demo.
                                                                                                                • Load Balancer
                                                                                                                  Select the load balancer to interconnect. Only load balancers in the same VPC as the cluster are supported. If no load balancer is available, click Create Load Balancer to create one on the ELB console.
                                                                                                                  
-
                                                                                                                  Dedicated load balancers must support HTTP and the network type must support private networks.
                                                                                                                  
-
                                                                                                                • Listener: Ingress configures a listener for the load balancer, which listens to requests from the load balancer and distributes traffic. After the configuration is complete, a listener is created on the load balancer. The default listener name is k8s__<Protocol type>_<Port number>, for example, k8s_HTTP_80.
                                                                                                                  • Front-End Protocol: HTTP and HTTPS are available.
                                                                                                                  • External Port: Port number that is open to the ELB service address. The port number can be specified randomly.
                                                                                                                  • Server Certificate: When an HTTPS listener is created for a load balancer, you need to bind a certificate to the load balancer to support encrypted authentication for HTTPS data transmission.
                                                                                                                     
                                                                                                                    If there is already an HTTPS ingress for the chosen port on the load balancer, the certificate of the new HTTPS ingress must be the same as the certificate of the existing ingress. This means that a listener has only one certificate. If two certificates, each with a different ingress, are added to the same listener of the same load balancer, only the certificate added earliest takes effect on the load balancer.
                                                                                                                    
+
                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                    2. Choose Networking in the navigation pane, click the Ingresses tab, and click Create Ingress in the upper right corner.
                                                                                                                    3. Configure ingress parameters.
                                                                                                                      • Name: specifies a name of an ingress, for example, ingress-demo.
                                                                                                                      • Load Balancer
                                                                                                                        Select the load balancer to interconnect. Only load balancers in the same VPC as the cluster are supported. If no load balancer is available, click Create Load Balancer to create one on the ELB console.
                                                                                                                        
+
                                                                                                                        Dedicated load balancers must support HTTP or HTTPS and the network type must support private networks.
                                                                                                                        
+
                                                                                                                        The CCE console supports automatic creation of load balancers. Select Auto create from the drop-down list box and configure the following parameters:
                                                                                                                        • Instance Name: Enter a load balancer name.
                                                                                                                        • Public Access: If enabled, an EIP with 5 Mbit/s bandwidth will be created. 
                                                                                                                        • Subnet, AZ, and Specifications (available only for dedicated load balancers): Configure the subnet AZ, and specifications. Only HTTP- or HTTPS-compliant dedicated load balancers can be automatically created.
                                                                                                                        
+
                                                                                                                        
+
                                                                                                                      • Listener: Ingress configures a listener for the load balancer, which listens to requests from the load balancer and distributes traffic. After the configuration is complete, a listener is created on the load balancer. The default listener name is k8s__<Protocol type>_<Port number>, for example, k8s_HTTP_80.
                                                                                                                        • External Protocol: HTTP and HTTPS are available.
                                                                                                                        • External Port: Port number that is open to the ELB service address. The port number can be specified randomly.
                                                                                                                        • Server Certificate: When an HTTPS listener is created for a load balancer, bind a certificate to the load balancer to support encrypted authentication for HTTPS data transmission.
                                                                                                                           
                                                                                                                          If there is already an HTTPS ingress for the chosen port on the load balancer, the certificate of the new HTTPS ingress must be the same as the certificate of the existing ingress. This means that a listener has only one certificate. If two certificates, each with a different ingress, are added to the same listener of the same load balancer, only the certificate added earliest takes effect on the load balancer.
                                                                                                                          
 
                                                                                                                          
-
                                                                                                                        • SNI: Server Name Indication (SNI) is an extended protocol of TLS. It allows multiple TLS-based access domain names to be provided for external systems using the same IP address and port. Different domain names can use different security certificates. After SNI is enabled, the client is allowed to submit the requested domain name when initiating a TLS handshake request. After receiving the TLS request, the load balancer searches for the certificate based on the domain name in the request. If the certificate corresponding to the domain name is found, the load balancer returns the certificate for authorization. Otherwise, the default certificate (server certificate) is returned for authorization.
                                                                                                                           
                                                                                                                          • The SNI option is available only when HTTPS is selected.
                                                                                                                          
+
                                                                                                                        • SNI: Server Name Indication (SNI) is an extended protocol of TLS. It allows multiple TLS-based access domain names to be provided for external systems using the same IP address and port. Different domain names can use different security certificates. After SNI is enabled, the client is allowed to submit the requested domain name when initiating a TLS handshake request. After receiving the TLS request, the load balancer searches for the certificate based on the domain name in the request. If the certificate corresponding to the domain name is found, the load balancer returns the certificate for authorization. Otherwise, the default certificate (server certificate) is returned for authorization.
                                                                                                                           
                                                                                                                          • The SNI option is available only when HTTPS is selected.
                                                                                                                          
 
                                                                                                                          • This function is supported only for clusters of v1.15.11 and later.
                                                                                                                          • Specify the domain name for the SNI certificate. Only one domain name can be specified for each certificate. Wildcard-domain certificates are supported.
                                                                                                                          
 
                                                                                                                          
 
                                                                                                                        • Security Policy: combinations of different TLS versions and supported cipher suites available to HTTPS listeners.
                                                                                                                          For details about security policies, see ELB User Guide.
                                                                                                                          
 
                                                                                                                           
                                                                                                                          • Security Policy is available only when HTTPS is selected.
                                                                                                                          • This function is supported only for clusters of v1.17.9 and later.
                                                                                                                          
 
                                                                                                                          
-
                                                                                                                        • Backend protocol
                                                                                                                          If the listener uses HTTP, only HTTP can be selected.
                                                                                                                          
-
                                                                                                                          If the listener uses HTTPS, you can select HTTP or HTTPS.
                                                                                                                          
 
                                                                                                                        
-
                                                                                                                      • Forwarding Policies: When the access address of a request matches the forwarding policy (a forwarding policy consists of a domain name and URL, for example, 10.117.117.117:80/helloworld), the request is forwarded to the corresponding target Service for processing. Click  to add multiple forwarding policies.
                                                                                                                        • Domain Name: actual domain name. Ensure that the domain name has been registered and archived. Once a domain name rule is configured, you must use the domain name for access.
                                                                                                                        • URL Matching Rule:
                                                                                                                          • Prefix match: If the URL is set to /healthz, the URL that meets the prefix can be accessed. For example, /healthz/v1 and /healthz/v2.
                                                                                                                          • Exact match: The URL can be accessed only when it is fully matched. For example, if the URL is set to /healthz, only /healthz can be accessed.
                                                                                                                          • Regular expression: The URL is matched based on the regular expression. For example, if the regular expression is /[A-Za-z0-9_.-]+/test, all URLs that comply with this rule can be accessed, for example, /abcA9/test and /v1-Ab/test. Two regular expression standards are supported: POSIX and Perl.
                                                                                                                          
-
                                                                                                                        • URL: access path to be registered, for example, /healthz.
                                                                                                                           
                                                                                                                          The URL added here must exist in the backend application. Otherwise, the forwarding fails.
                                                                                                                          
+
                                                                                                                        • Forwarding Policy: When the access address of a request matches the forwarding policy (a forwarding policy consists of a domain name and URL, for example, 10.XXX.XXX.XXX:80/helloworld), the request is forwarded to the corresponding Service for processing. You can click  to add multiple forwarding policies.
                                                                                                                          • Domain Name: actual domain name. Ensure that the domain name has been registered and archived. Once a domain name rule is configured, you must use the domain name for access.
                                                                                                                          • URL Matching Rule
                                                                                                                            • Prefix match: If the URL is set to /healthz, the URL that meets the prefix can be accessed. For example, /healthz/v1 and /healthz/v2.
                                                                                                                            • Exact match: The URL can be accessed only when it is fully matched. For example, if the URL is set to /healthz, only /healthz can be accessed.
                                                                                                                            • Regular expression: The URL is matched based on the regular expression. For example, if the regular expression is /[A-Za-z0-9_.-]+/test, all URLs that comply with this rule can be accessed, for example, /abcA9/test and /v1-Ab/test. Two regular expression standards are supported: POSIX and Perl.
                                                                                                                            
+
                                                                                                                          • URL: access path to be registered, for example, /healthz.
                                                                                                                             
                                                                                                                            The access path added here must exist in the backend application. Otherwise, the forwarding fails.
                                                                                                                            
 
                                                                                                                            For example, the default access URL of the Nginx application is /usr/share/nginx/html. When adding /test to the ingress forwarding policy, ensure that your Nginx application contains the same URL, that is, /usr/share/nginx/html/test, otherwise, 404 is returned.
                                                                                                                            
 
                                                                                                                            
-
                                                                                                                          • Destination Service: Select an existing Service or create a Service. Services that do not meet search criteria are automatically filtered out.
                                                                                                                          • Destination Service Port: Select the access port of the destination Service.
                                                                                                                          • Set ELB:
                                                                                                                            • Distribution Policy: Three algorithms are available: weighted round robin, weighted least connections algorithm, or source IP hash.
                                                                                                                               
                                                                                                                              • Weighted round robin: Requests are forwarded to different servers based on their weights, which indicate server processing performance. Backend servers with higher weights receive proportionately more requests, whereas equal-weighted servers receive the same number of requests. This algorithm is often used for short connections, such as HTTP services.
                                                                                                                              • Weighted least connections: In addition to the weight assigned to each server, the number of connections processed by each backend server is also considered. Requests are forwarded to the server with the lowest connections-to-weight ratio. Building on least connections, the weighted least connections algorithm assigns a weight to each server based on their processing performance. This algorithm is often used for persistent connections, such as database connections.
                                                                                                                              • Source IP hash: The source IP address of each request is calculated using the hash algorithm to obtain a unique hash key, and all backend servers are numbered. The generated key allocates the client to a particular server. This allows requests from different clients to be routed based on source IP addresses and ensures that a client is directed to the same server as always. This algorithm applies to TCP connections without cookies.
                                                                                                                              
+
                                                                                                                            • Destination Service: Select an existing Service or create a Service. Services that do not meet search criteria are automatically filtered out.
                                                                                                                            • Destination Service Port: Select the access port of the destination Service.
                                                                                                                            • Set ELB:
                                                                                                                              • Algorithm: Three algorithms are available: weighted round robin, weighted least connections algorithm, or source IP hash.
                                                                                                                                 
                                                                                                                                • Weighted round robin: Requests are forwarded to different servers based on their weights, which indicate server processing performance. Backend servers with higher weights receive proportionately more requests, whereas equal-weighted servers receive the same number of requests. This algorithm is often used for short connections, such as HTTP services.
                                                                                                                                • Weighted least connections: In addition to the weight assigned to each server, the number of connections processed by each backend server is also considered. Requests are forwarded to the server with the lowest connections-to-weight ratio. Building on least connections, the weighted least connections algorithm assigns a weight to each server based on their processing capability. This algorithm is often used for persistent connections, such as database connections.
                                                                                                                                • Source IP hash: The source IP address of each request is calculated using the hash algorithm to obtain a unique hash key, and all backend servers are numbered. The generated key allocates the client to a particular server. This enables requests from different clients to be distributed in load balancing mode and ensures that requests from the same client are forwarded to the same server. This algorithm applies to TCP connections without cookies.
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                              • Type: This function is disabled by default. You can select Load balancer cookie.
                                                                                                                              • Health Check: configured for the load balancer. When TCP is selected during the port settings, you can choose either TCP or HTTP. Currently, UDP is not supported. By default, the service port (Node Port and container port of the Service) is used for health check. You can also specify another port for health check. After the port is specified, a service port named cce-healthz will be added for the Service.
                                                                                                                              
+
                                                                                                                            • Sticky Session: This function is disabled by default. Options are as follows:
                                                                                                                              • Load balancer cookie: Enter the Stickiness Duration , which ranges from 1 to 1,440 minutes.
                                                                                                                              • Application cookie: This parameter is available only for shared load balancers. In addition, enter Cookie Name, which ranges from 1 to 64 characters.
                                                                                                                              
+
                                                                                                                               
                                                                                                                              When the distribution policy uses the source IP hash, sticky session cannot be set.
                                                                                                                              
+
                                                                                                                              
+
                                                                                                                            • Health Check: Set the health check configuration of the load balancer. If this function is enabled, the following configurations are supported:
+
                                                                                                                              
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                              Parameter
                                                                                                                              
+
                                                                                                                              Description
                                                                                                                              
+
                                                                                                                              Protocol
                                                                                                                              
+
                                                                                                                              When the protocol of the target service port is set to TCP, TCP and HTTP are supported. When it is set to UDP, only UDP is supported.
                                                                                                                              
+
                                                                                                                              • Check Path (supported only by the HTTP health check protocol): specifies the health check URL. The check path must start with a slash (/) and contain 1 to 80 characters.
                                                                                                                              
+
                                                                                                                              Port
                                                                                                                              
+
                                                                                                                              By default, the service port (Node Port and container port of the Service) is used for health check. You can also specify another port for health check. After the port is specified, a service port named cce-healthz will be added for the Service.
                                                                                                                              
+
                                                                                                                              • Node Port: If a shared load balancer is used or no ENI instance is associated, the node port is used as the health check port. If this parameter is not specified, a random port is used. The value ranges from 30000 to 32767.
                                                                                                                              • Container Port: When a dedicated load balancer is associated with an ENI instance, the container port is used for health check. The value ranges from 1 to 65535.
                                                                                                                              
+
                                                                                                                              Check Period (s)
                                                                                                                              
+
                                                                                                                              Specifies the maximum interval between health checks. The value ranges from 1 to 50.
                                                                                                                              
+
                                                                                                                              Timeout (s)
                                                                                                                              
+
                                                                                                                              Specifies the maximum timeout duration for each health check. The value ranges from 1 to 50.
                                                                                                                              
+
                                                                                                                              Max. Retries
                                                                                                                              
+
                                                                                                                              Specifies the maximum number of health check retries. The value ranges from 1 to 10.
                                                                                                                              
+
                                                                                                                              
+
                                                                                                                              
+
                                                                                                                            
 
                                                                                                                          • Operation: Click Delete to delete the configuration.
                                                                                                                          
 
                                                                                                                        • Annotation: Ingresses provide some advanced CCE functions, which are implemented by annotations. When you use kubectl to create a container, annotations will be used. For details, see Creating an Ingress - Automatically Creating a Load Balancer and Creating an Ingress - Interconnecting with an Existing Load Balancer.
                                                                                                                        
 
                                                                                                                      • After the configuration is complete, click OK. After the ingress is created, it is displayed in the ingress list.
                                                                                                                        On the ELB console, you can view the ELB automatically created through CCE. The default name is cce-lb-ingress.UID. Click the ELB name to access its details page. On the Listeners tab page, view the route settings of the ingress, including the URL, listener port, and backend server group port.
                                                                                                                        
 
                                                                                                                         
                                                                                                                        After the ingress is created, upgrade and maintain the selected load balancer on the CCE console. Do not maintain the load balancer on the ELB console. Otherwise, the ingress service may be abnormal.
                                                                                                                        
 
                                                                                                                        
-
                                                                                                                      • Access the /healthz interface of the workload, for example, workload defaultbackend.
                                                                                                                        1. Obtain the access address of the /healthz interface of the workload. The access address consists of the load balancer IP address, external port, and mapping URL, for example, 10.**.**.**:80/healthz.
                                                                                                                        2. Enter the URL of the /healthz interface, for example, http://10.**.**.**:80/healthz, in the address box of the browser to access the workload, as shown in Figure 1.
                                                                                                                          Figure 1 Accessing the /healthz interface of defaultbackend
                                                                                                                          
+
                                                                                                                        3. Access the /healthz interface of the workload, for example, workload defaultbackend.
                                                                                                                          1. Obtain the access address of the /healthz interface of the workload. The access address consists of the load balancer IP address, external port, and mapping URL, for example, 10.**.**.**:80/healthz.
                                                                                                                          2. Enter the URL of the /healthz interface, for example, http://10.**.**.**:80/healthz, in the address box of the browser to access the workload, as shown in Figure 1.
                                                                                                                            Figure 1 Accessing the /healthz interface of defaultbackend
                                                                                                                            
 
                                                                                                                          
 
                                                                                                                        
 
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Parent topic: Ingresses
                                                                                                                    
+
                                                                                                                    Parent topic: ELB Ingresses
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0252.html b/docs/cce/umn/cce_10_0252.html
index c1f6c3be9..0796002b3 100644
--- a/docs/cce/umn/cce_10_0252.html
+++ b/docs/cce/umn/cce_10_0252.html
@@ -4,13 +4,13 @@
 
                                                                                                                    Scenario
                                                                                                                    This section uses an Nginx workload as an example to describe how to create an ELB ingress using kubectl.
                                                                                                                    
 
 
                                                                                                                    
-
                                                                                                                    Prerequisites
                                                                                                                    • An ingress provides network access for backend workloads. Ensure that a workload is available in a cluster. If no workload is available, deploy a sample Nginx workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.
                                                                                                                    • A NodePort Service has been configured for the workload. For details about how to configure the Service, see NodePort.
                                                                                                                    • Dedicated load balancers must be the application type (HTTP/HTTPS) supporting private networks (with a private IP).
                                                                                                                    
+
                                                                                                                    Prerequisites
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Ingress Description of networking.k8s.io/v1
                                                                                                                    In CCE clusters of v1.23 or later, the ingress version is switched to networking.k8s.io/v1.
                                                                                                                    
+
                                                                                                                    Ingress Description of networking.k8s.io/v1
                                                                                                                    In CCE clusters of v1.23 or later, the ingress version is switched to networking.k8s.io/v1.
                                                                                                                    
 
                                                                                                                    Compared with v1beta1, v1 has the following differences in parameters:
                                                                                                                    
 
                                                                                                                    • The ingress type is changed from kubernetes.io/ingress.class in annotations to spec.ingressClassName.
                                                                                                                    • The format of backend is changed.
                                                                                                                    • The pathType parameter must be specified for each path. The options are as follows:
                                                                                                                      • ImplementationSpecific: The matching method depends on Ingress Controller. The matching method defined by ingress.beta.kubernetes.io/url-match-mode is used in CCE, which is the same as v1beta1.
                                                                                                                      • Exact: exact matching of the URL, which is case-sensitive.
                                                                                                                      • Prefix: matching based on the URL prefix separated by a slash (/). The match is case-sensitive, and elements in the path are matched one by one. A path element refers to a list of labels in the path separated by a slash (/).
                                                                                                                      
 
                                                                                                                    
-
                                                                                                                    
+
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    Creating an Ingress - Automatically Creating a Load Balancer
                                                                                                                    The following describes how to run the kubectl command to automatically create a load balancer when creating an ingress.
                                                                                                                    
 
                                                                                                                    1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                    2. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                      vi ingress-test.yaml
                                                                                                                      
@@ -21,16 +21,16 @@ kind: Ingress
 metadata: 
   name: ingress-test
   annotations: 
-    kubernetes.io/elb.class: union
-    kubernetes.io/elb.port: '80'
+    kubernetes.io/elb.class: union
+    kubernetes.io/elb.port: '80'
     kubernetes.io/elb.autocreate: 
       '{
-          "type":"public",
-          "bandwidth_name":"cce-bandwidth-******",
-          "bandwidth_chargemode":"bandwidth",
-          "bandwidth_size":5,
-          "bandwidth_sharetype":"PER",
-          "eip_type":"5_bgp"
+          "type":"public",
+          "bandwidth_name":"cce-bandwidth-******",
+          "bandwidth_chargemode":"bandwidth",
+          "bandwidth_size":5,
+          "bandwidth_sharetype":"PER",
+          "eip_type":"5_bgp"
         }'
 spec:
   rules: 
@@ -40,9 +40,9 @@ spec:
       - path: '/'
         backend: 
           service:
-            name: <your_service_name>  # Replace it with the name of your target Service.
+            name: <your_service_name>  # Replace it with the name of your target Service.
             port: 
-              number: 8080             # Replace 8080 with the port number of your target Service.
+              number: <your_service_port>  # Replace it with the port number of your target Service.
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
         pathType: ImplementationSpecific
@@ -53,17 +53,17 @@ kind: Ingress
 metadata: 
   name: ingress-test
   annotations: 
-    kubernetes.io/elb.class: union
-    kubernetes.io/ingress.class: cce    # ELB ingress is used.
-    kubernetes.io/elb.port: '80'
+    kubernetes.io/elb.class: union
+    kubernetes.io/ingress.class: cce    # ELB ingress is used.
+    kubernetes.io/elb.port: '80'
     kubernetes.io/elb.autocreate: 
       '{
-          "type":"public",
-          "bandwidth_name":"cce-bandwidth-******",
-          "bandwidth_chargemode":"bandwidth",
-          "bandwidth_size":5,
-          "bandwidth_sharetype":"PER",
-          "eip_type":"5_bgp"
+          "type":"public",
+          "bandwidth_name":"cce-bandwidth-******",
+          "bandwidth_chargemode":"bandwidth",
+          "bandwidth_size":5,
+          "bandwidth_sharetype":"PER",
+          "eip_type":"5_bgp"
         }'
 spec:
   rules: 
@@ -72,8 +72,8 @@ spec:
       paths: 
       - path: '/'
         backend: 
-          serviceName: <your_service_name>  # Replace it with the name of your target Service.
-          servicePort: 80
+          serviceName: <your_service_name>  # Replace it with the name of your target Service.
+          servicePort: <your_service_port>  # Replace it with the port number of your target Service.
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
 
                                                                                                                    
@@ -83,19 +83,20 @@ metadata:
   name: ingress-test
   namespace: default
   annotations:
-    kubernetes.io/elb.class: performance
-    kubernetes.io/elb.port: '80'
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.port: '80'
     kubernetes.io/elb.autocreate: 
       '{
-          "type": "public",
-          "bandwidth_name": "cce-bandwidth-******",
-          "bandwidth_chargemode": "bandwidth",
-          "bandwidth_size": 5,
-          "bandwidth_sharetype": "PER",
-          "eip_type": "5_bgp",
+          "type": "public",
+          "bandwidth_name": "cce-bandwidth-******",
+          "bandwidth_chargemode": "bandwidth",
+          "bandwidth_size": 5,
+          "bandwidth_sharetype": "PER",
+          "eip_type": "5_bgp",
           "available_zone": [
-              "eu-de-01"
+              "eu-de-01"
           ],
+          "elb_virsubnet_ids":["b4bf8152-6c36-4c3b-9f74-2229f8e640c9"],
           "l7_flavor_name": "L7_flavor.elb.s1.small"
        }'
 spec:
@@ -106,9 +107,9 @@ spec:
       - path: '/'
         backend: 
           service:
-            name: <your_service_name>  # Replace it with the name of your target Service.
+            name: <your_service_name>  # Replace it with the name of your target Service.
             port: 
-              number: 8080             # Replace 8080 with the port number of your target Service.
+              number: <your_service_port>  # Replace it with the port number of your target Service.
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
         pathType: ImplementationSpecific
@@ -120,21 +121,22 @@ metadata:
   name: ingress-test
   namespace: default
   annotations:
-    kubernetes.io/elb.class: performance
-    kubernetes.io/ingress.class: cce
-    kubernetes.io/elb.port: '80'
+    kubernetes.io/elb.class: performance
+    kubernetes.io/ingress.class: cce
+    kubernetes.io/elb.port: '80'
     kubernetes.io/elb.autocreate: 
       '{
-          "type": "public",
-          "bandwidth_name": "cce-bandwidth-******",
-          "bandwidth_chargemode": "bandwidth",
-          "bandwidth_size": 5,
-          "bandwidth_sharetype": "PER",
-          "eip_type": "5_bgp",
+          "type": "public",
+          "bandwidth_name": "cce-bandwidth-******",
+          "bandwidth_chargemode": "bandwidth",
+          "bandwidth_size": 5,
+          "bandwidth_sharetype": "PER",
+          "eip_type": "5_bgp",
           "available_zone": [
-              "eu-de-01"
+              "eu-de-01"
           ],
-          "l7_flavor_name": "L7_flavor.elb.s1.small"
+          "elb_virsubnet_ids":["b4bf8152-6c36-4c3b-9f74-2229f8e640c9"],
+          "l7_flavor_name": "L7_flavor.elb.s1.small"
        }'
 spec:
   rules:
@@ -143,232 +145,266 @@ spec:
       paths:
       - path: '/'
         backend: 
-          serviceName: <your_service_name>  # Replace it with the name of your target Service.
-          servicePort: 80
+          serviceName: <your_service_name>  # Replace it with the name of your target Service.
+          servicePort: <your_service_port>  # Replace it with the port number of your target Service.
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
 
                                                                                                                    
 
-
                                                                                                                    Table 1 Key parameters
                                                                                                                    Parameter
                                                                                                                    
+
                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                    Table 1 Key parameters
                                                                                                                    Parameter
                                                                                                                    
 
                                                                                                                    Mandatory
                                                                                                                    
+
                                                                                                                    Mandatory
                                                                                                                    
 
                                                                                                                    Type
                                                                                                                    
+
                                                                                                                    Type
                                                                                                                    
 
                                                                                                                    Description
                                                                                                                    
+
                                                                                                                    Description
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
 
                                                                                                                    kubernetes.io/elb.class
                                                                                                                    
+
                                                                                                                    kubernetes.io/elb.class
                                                                                                                    
 
                                                                                                                    Yes
                                                                                                                    
+
                                                                                                                    Yes
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    Select a proper load balancer type.
                                                                                                                    
-
                                                                                                                    The value can be:
                                                                                                                    
-
                                                                                                                    • union: shared load balancer
                                                                                                                    • performance: dedicated load balancer..
                                                                                                                    
-
                                                                                                                    Default: union
                                                                                                                    
+
                                                                                                                    Select a proper load balancer type.
                                                                                                                    
+
                                                                                                                    • union: shared load balancer
                                                                                                                    • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    kubernetes.io/ingress.class
                                                                                                                    
+
                                                                                                                    kubernetes.io/ingress.class
                                                                                                                    
 
                                                                                                                    Yes
                                                                                                                    
+
                                                                                                                    Yes
                                                                                                                    
 
                                                                                                                    (only for clusters of v1.21 or earlier)
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    cce: The self-developed ELB ingress is used.
                                                                                                                    
+
                                                                                                                    cce: The self-developed ELB ingress is used.
                                                                                                                    
 
                                                                                                                    This parameter is mandatory when an ingress is created by calling the API.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    ingressClassName
                                                                                                                    
+
                                                                                                                    ingressClassName
                                                                                                                    
 
                                                                                                                    Yes
                                                                                                                    
+
                                                                                                                    Yes
                                                                                                                    
 
                                                                                                                    (only for clusters of v1.23 or later)
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    cce: The self-developed ELB ingress is used.
                                                                                                                    
+
                                                                                                                    cce: The self-developed ELB ingress is used.
                                                                                                                    
 
                                                                                                                    This parameter is mandatory when an ingress is created by calling the API.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    kubernetes.io/elb.port
                                                                                                                    
+
                                                                                                                    kubernetes.io/elb.port
                                                                                                                    
 
                                                                                                                    Yes
                                                                                                                    
+
                                                                                                                    Yes
                                                                                                                    
 
                                                                                                                    Integer
                                                                                                                    
+
                                                                                                                    Integer
                                                                                                                    
 
                                                                                                                    This parameter indicates the external port registered with the address of the LoadBalancer Service.
                                                                                                                    
+
                                                                                                                    This parameter indicates the external port registered with the address of the LoadBalancer Service.
                                                                                                                    
 
                                                                                                                    Supported range: 1 to 65535
                                                                                                                    
+
                                                                                                                     NOTE: 
                                                                                                                    Some ports are high-risk ports and are blocked by default, for example, port 21.
                                                                                                                    
+
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    kubernetes.io/elb.subnet-id
                                                                                                                    
+
                                                                                                                    kubernetes.io/elb.subnet-id
                                                                                                                    
 
                                                                                                                    -
                                                                                                                    
+
                                                                                                                    None
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                                                                                                                    
+
                                                                                                                    ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                                                                                                                    
 
                                                                                                                    • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                                                                                                                    • Optional for clusters later than v1.11.7-r0. It is left blank by default.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    kubernetes.io/elb.autocreate
                                                                                                                    
+
                                                                                                                    kubernetes.io/elb.autocreate
                                                                                                                    
 
                                                                                                                    Yes
                                                                                                                    
+
                                                                                                                    Yes
                                                                                                                    
 
                                                                                                                    elb.autocreate object
                                                                                                                    
+
                                                                                                                    elb.autocreate object
                                                                                                                    
 
                                                                                                                    Whether to automatically create a load balancer associated with an ingress. For details about the field description, see Table 2.
                                                                                                                    
+
                                                                                                                    Whether to automatically create a load balancer associated with an ingress. For details about the field description, see Table 2.
                                                                                                                    
 
                                                                                                                    Example
                                                                                                                    
 
                                                                                                                    • If a public network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                      {"type":"public","bandwidth_name":"cce-bandwidth-******","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}
                                                                                                                      
 
                                                                                                                    • If a private network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                      {"type":"inner","name":"A-location-d-test"}
                                                                                                                      
 
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    host
                                                                                                                    
+
                                                                                                                    host
                                                                                                                    
 
                                                                                                                    No
                                                                                                                    
+
                                                                                                                    No
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    Domain name for accessing the Service. By default, this parameter is left blank, and the domain name needs to be fully matched.
                                                                                                                    
+
                                                                                                                    Domain name for accessing the Service. By default, this parameter is left blank, and the domain name needs to be fully matched. Ensure that the domain name has been registered and archived. Once a domain name rule is configured, you must use the domain name for access.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    path
                                                                                                                    
+
                                                                                                                    path
                                                                                                                    
 
                                                                                                                    Yes
                                                                                                                    
+
                                                                                                                    Yes
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    User-defined route path. All external access requests must match host and path.
                                                                                                                    
+
                                                                                                                    User-defined route path. All external access requests must match host and path.
                                                                                                                    
+
                                                                                                                     NOTE: 
                                                                                                                    The access path added here must exist in the backend application. Otherwise, the forwarding fails.
                                                                                                                    
+
                                                                                                                    For example, the default access URL of the Nginx application is /usr/share/nginx/html. When adding /test to the ingress forwarding policy, ensure the access URL of your Nginx application contains /usr/share/nginx/html/test. Otherwise, error 404 will be returned.
                                                                                                                    
+
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    serviceName
                                                                                                                    
+
                                                                                                                    ingress.beta.kubernetes.io/url-match-mode
                                                                                                                    
 
                                                                                                                    Yes
                                                                                                                    
+
                                                                                                                    No
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    Name of the target Service bound to the ingress.
                                                                                                                    
-
                                                                                                                    servicePort
                                                                                                                    
-
                                                                                                                    Yes
                                                                                                                    
-
                                                                                                                    Integer
                                                                                                                    
-
                                                                                                                    Access port of the target Service.
                                                                                                                    
-
                                                                                                                    ingress.beta.kubernetes.io/url-match-mode
                                                                                                                    
-
                                                                                                                    No
                                                                                                                    
-
                                                                                                                    String
                                                                                                                    
-
                                                                                                                    Route matching policy.
                                                                                                                    
+
                                                                                                                    Route matching policy.
                                                                                                                    
 
                                                                                                                    Default: STARTS_WITH (prefix match)
                                                                                                                    
 
                                                                                                                    Options:
                                                                                                                    
 
                                                                                                                    • EQUAL_TO: exact match
                                                                                                                    • STARTS_WITH: prefix match
                                                                                                                    • REGEX: regular expression match
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    pathType
                                                                                                                    
+
                                                                                                                    pathType
                                                                                                                    
 
                                                                                                                    Yes
                                                                                                                    
+
                                                                                                                    Yes
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    Path type. This field is supported only by clusters of v1.23 or later.
                                                                                                                    
-
                                                                                                                    • ImplementationSpecific: The matching method depends on Ingress Controller. The matching method defined by ingress.beta.kubernetes.io/url-match-mode is used in CCE.
                                                                                                                    • Exact: exact matching of the URL, which is case-sensitive.
                                                                                                                    • Prefix: matching based on the URL prefix separated by a slash (/). The match is case-sensitive, and elements in the path are matched one by one. A path element refers to a list of labels in the path separated by a slash (/).
                                                                                                                    
+
                                                                                                                    Path type. This field is supported only by clusters of v1.23 or later.
                                                                                                                    • ImplementationSpecific: The matching method depends on Ingress Controller. The matching method defined by ingress.beta.kubernetes.io/url-match-mode is used in CCE.
                                                                                                                    • Exact: exact matching of the URL, which is case-sensitive.
                                                                                                                    • Prefix: prefix matching, which is case-sensitive. With this method, the URL path is separated into multiple elements by slashes (/) and the elements are matched one by one. If each element in the URL matches the path, the subpaths of the URL can be routed normally.
                                                                                                                       NOTE: 
                                                                                                                      • During prefix matching, each element must be exactly matched. If the last element of the URL is the substring of the last element in the request path, no matching is performed. For example, /foo/bar matches /foo/bar/baz but does not match /foo/barbaz.
                                                                                                                      • When elements are separated by slashes (/), if the URL or request path ends with a slash (/), the slash (/) at the end is ignored. For example, /foo/bar matches /foo/bar/.
                                                                                                                      
+
                                                                                                                      
+
                                                                                                                    
+
                                                                                                                    
+
                                                                                                                    See examples of ingress path matching.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
                                                                                                                     
 
                                                                                                                    
 
                                                                                                                    
 
-
                                                                                                                    Table 2 Data structure of the elb.autocreate field
                                                                                                                    Parameter
                                                                                                                    
+
                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -378,7 +414,7 @@ spec:
 
                                                                                                                    If information similar to the following is displayed, the ingress has been created.
                                                                                                                    ingress/ingress-test created
                                                                                                                    kubectl get ingress
                                                                                                                    
-
                                                                                                                    If information similar to the following is displayed, the ingress has been created successfully and the workload is accessible.
                                                                                                                    
+
                                                                                                                    If information similar to the following is displayed, the ingress has been created and the workload is accessible.
                                                                                                                    NAME             HOSTS     ADDRESS          PORTS   AGE
 ingress-test     *         121.**.**.**     80      10s
                                                                                                                  • Enter http://121.**.**.**:80 in the address box of the browser to access the workload (for example, Nginx workload).
                                                                                                                    121.**.**.** indicates the IP address of the unified load balancer.
                                                                                                                    
@@ -392,9 +428,10 @@ kind: Ingress
 metadata: 
   name: ingress-test
   annotations: 
-    kubernetes.io/elb.id: <your_elb_id>  # Replace it with the ID of your existing load balancer.
-    kubernetes.io/elb.ip: <your_elb_ip>  # Replace it with your existing load balancer IP.
-    kubernetes.io/elb.port: '80'
+    kubernetes.io/elb.id: <your_elb_id>  # Replace it with the ID of your existing load balancer.
+    kubernetes.io/elb.ip: <your_elb_ip>  # Replace it with the IP of your existing load balancer.
+    kubernetes.io/elb.class: performance  # Load balancer type
+    kubernetes.io/elb.port: '80'
 spec:
   rules: 
   - host: ''
@@ -403,9 +440,9 @@ spec:
       - path: '/'
         backend: 
           service:
-            name: <your_service_name>  # Replace it with the name of your target Service.
+            name: <your_service_name>  # Replace it with the name of your target Service.
             port: 
-              number: 8080             # Replace 8080 with your target service port number.
+              number: 8080             # Replace 8080 with the port number of your target Service.
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
         pathType: ImplementationSpecific
@@ -417,9 +454,10 @@ kind: Ingress
 metadata: 
   name: ingress-test
   annotations: 
-    kubernetes.io/elb.id: <your_elb_id>  # Replace it with the ID of your existing load balancer.
-    kubernetes.io/elb.ip: <your_elb_ip>  # Replace it with your existing load balancer IP.
-    kubernetes.io/elb.port: '80'
+    kubernetes.io/elb.id: <your_elb_id>  # Replace it with the ID of your existing load balancer.
+    kubernetes.io/elb.ip: <your_elb_ip>  # Replace it with the IP of your existing load balancer.
+    kubernetes.io/elb.class: performance  # Load balancer type
+    kubernetes.io/elb.port: '80'
     kubernetes.io/ingress.class: cce
 spec:
   rules: 
@@ -428,470 +466,61 @@ spec:
       paths: 
       - path: '/'
         backend: 
-          serviceName: <your_service_name>  # Replace it with the name of your target Service.
-          servicePort: 80
+          serviceName: <your_service_name>  # Replace it with the name of your target Service.
+          servicePort: 80
         property:
           ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
 
-
                                                                                                                    • Table 2 Data structure of the elb.autocreate field
                                                                                                                    Parameter
                                                                                                                    
 
                                                                                                                    Mandatory
                                                                                                                    
+
                                                                                                                    Mandatory
                                                                                                                    
 
                                                                                                                    Type
                                                                                                                    
+
                                                                                                                    Type
                                                                                                                    
 
                                                                                                                    Description
                                                                                                                    
+
                                                                                                                    Description
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
 
                                                                                                                    type
                                                                                                                    
+
                                                                                                                    name
                                                                                                                    
 
                                                                                                                    No
                                                                                                                    
+
                                                                                                                    No
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    Network type of the load balancer.
                                                                                                                    
-
                                                                                                                    • public: public network load balancer
                                                                                                                    • inner: private network load balancer
                                                                                                                    
-
                                                                                                                    Default: inner
                                                                                                                    
+
                                                                                                                    Name of the automatically created load balancer.
                                                                                                                    
+
                                                                                                                    The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                    
+
                                                                                                                    Default: cce-lb+service.UID
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    bandwidth_name
                                                                                                                    
+
                                                                                                                    type
                                                                                                                    
 
                                                                                                                    Yes for public network load balancers
                                                                                                                    
+
                                                                                                                    No
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                    
-
                                                                                                                    Value range: a string of 1 to 64 characters, including lowercase letters, digits, and underscores (_). The value must start with a lowercase letter and end with a lowercase letter or digit.
                                                                                                                    
+
                                                                                                                    Network type of the load balancer.
                                                                                                                    
+
                                                                                                                    • public: public network load balancer
                                                                                                                    • inner: private network load balancer
                                                                                                                    
+
                                                                                                                    Default: inner
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    bandwidth_chargemode
                                                                                                                    
+
                                                                                                                    bandwidth_name
                                                                                                                    
 
                                                                                                                    No
                                                                                                                    
+
                                                                                                                    Yes for public network load balancers
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    Bandwidth mode.
                                                                                                                    
-
+
                                                                                                                    Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                    
+
                                                                                                                    The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    bandwidth_size
                                                                                                                    
+
                                                                                                                    bandwidth_chargemode
                                                                                                                    
 
                                                                                                                    Yes for public network load balancers
                                                                                                                    
+
                                                                                                                    No
                                                                                                                    
 
                                                                                                                    Integer
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    Bandwidth size. The value ranges from 1 Mbit/s to 2000 Mbit/s by default. The actual range varies depending on the configuration in each region.
                                                                                                                    
-
                                                                                                                    • The minimum increment for bandwidth adjustment varies depending on the bandwidth range. The details are as follows:
                                                                                                                      • The minimum increment is 1 Mbit/s if the allowed bandwidth ranges from 0 Mbit/s to 300 Mbit/s (with 300 Mbit/s included).
                                                                                                                      • The minimum increment is 50 Mbit/s if the allowed bandwidth ranges from 300 Mbit/s to 1000 Mbit/s.
                                                                                                                      • The minimum increment is 500 Mbit/s if the allowed bandwidth is greater than 1000 Mbit/s.
                                                                                                                      
-
                                                                                                                    
+
                                                                                                                    Bandwidth mode.
                                                                                                                    
+
                                                                                                                    • bandwidth: billed by bandwidth
                                                                                                                    • traffic: billed by traffic
                                                                                                                    
+
                                                                                                                    Default: bandwidth
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    bandwidth_sharetype
                                                                                                                    
+
                                                                                                                    bandwidth_size
                                                                                                                    
 
                                                                                                                    Yes for public network load balancers
                                                                                                                    
+
                                                                                                                    Yes for public network load balancers
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    Integer
                                                                                                                    
 
                                                                                                                    Bandwidth type.
                                                                                                                    
-
                                                                                                                    PER: dedicated bandwidth.
                                                                                                                    
+
                                                                                                                    Bandwidth size. The default value is 1 to 2000 Mbit/s. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                    
+
                                                                                                                    The minimum increment for bandwidth adjustment varies depending on the bandwidth range.
                                                                                                                    • The minimum increment is 1 Mbit/s if the allowed bandwidth does not exceed 300 Mbit/s.
                                                                                                                    • The minimum increment is 50 Mbit/s if the allowed bandwidth ranges from 300 Mbit/s to 1000 Mbit/s.
                                                                                                                    • The minimum increment is 500 Mbit/s if the allowed bandwidth exceeds 1000 Mbit/s.
                                                                                                                    
+
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    eip_type
                                                                                                                    
+
                                                                                                                    bandwidth_sharetype
                                                                                                                    
 
                                                                                                                    Yes for public network load balancers
                                                                                                                    
+
                                                                                                                    Yes for public network load balancers
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    EIP type.
                                                                                                                    
-
                                                                                                                    • 5_bgp: dynamic BGP
                                                                                                                    • 5_sbgp: static BGP
                                                                                                                    
+
                                                                                                                    Bandwidth sharing mode.
                                                                                                                    
+
                                                                                                                    • PER: dedicated bandwidth
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    name
                                                                                                                    
+
                                                                                                                    eip_type
                                                                                                                    
 
                                                                                                                    No
                                                                                                                    
+
                                                                                                                    Yes for public network load balancers
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    Name of the automatically created load balancer.
                                                                                                                    
-
                                                                                                                    Value range: a string of 1 to 64 characters, including lowercase letters, digits, and underscores (_). The value must start with a lowercase letter and end with a lowercase letter or digit.
                                                                                                                    
-
                                                                                                                    Default: cce-lb+ingress.UID
                                                                                                                    
+
                                                                                                                    EIP type.
                                                                                                                    
+
                                                                                                                    • 5_bgp: dynamic BGP
                                                                                                                    
+
                                                                                                                    The specific type varies with regions. For details, see the EIP console.
                                                                                                                    
+
                                                                                                                    available_zone
                                                                                                                    
+
                                                                                                                    Yes
                                                                                                                    
+
                                                                                                                    Array of strings
                                                                                                                    
+
                                                                                                                    AZ where the load balancer is located.
                                                                                                                    
+
                                                                                                                    This parameter is available only for dedicated load balancers.
                                                                                                                    
+
                                                                                                                    l4_flavor_name
                                                                                                                    
+
                                                                                                                    Yes
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    Flavor name of the layer-4 load balancer.
                                                                                                                    
+
                                                                                                                    This parameter is available only for dedicated load balancers.
                                                                                                                    
+
                                                                                                                    l7_flavor_name
                                                                                                                    
+
                                                                                                                    No
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    Flavor name of the layer-7 load balancer.
                                                                                                                    
+
                                                                                                                    This parameter is available only for dedicated load balancers. The value of this parameter must be the same as that of l4_flavor_name, that is, both are elastic specifications or fixed specifications.
                                                                                                                    
+
                                                                                                                    elb_virsubnet_ids
                                                                                                                    
+
                                                                                                                    No
                                                                                                                    
+
                                                                                                                    Array of strings
                                                                                                                    
+
                                                                                                                    Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Therefore, you are not advised to use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                                    
+
                                                                                                                    This parameter is available only for dedicated load balancers.
                                                                                                                    
+
                                                                                                                    Example:
                                                                                                                    
+
                                                                                                                    "elb_virsubnet_ids": [
+   "14567f27-8ae4-42b8-ae47-9f847a4690dd"
+ ]
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
                                                                                                                     
 
 
 
 
                                                                                                                    
-
diff --git a/docs/cce/umn/cce_10_0280.html b/docs/cce/umn/cce_10_0280.html
index 069f55c73..639d90652 100644
--- a/docs/cce/umn/cce_10_0280.html
+++ b/docs/cce/umn/cce_10_0280.html
@@ -10,12 +10,12 @@
 
                                                                                                                  • VPC Network
                                                                                                                    
 
                                                                                                                    • 
-
                                                                                                                  • Cloud Native Network 2.0
                                                                                                                    
+
                                                                                                                  • Cloud Native 2.0 Network
                                                                                                                    
 
                                                                                                                    • 
-
                                                                                                                    Parent topic: Networking
                                                                                                                    
+
                                                                                                                    Parent topic: Network
                                                                                                                    
 
                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0281.html b/docs/cce/umn/cce_10_0281.html
index 84a4039da..55d51c2da 100644
--- a/docs/cce/umn/cce_10_0281.html
+++ b/docs/cce/umn/cce_10_0281.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                    Overview
                                                                                                                    The container network assigns IP addresses to pods in a cluster and provides networking services. In CCE, you can select the following network models for your cluster:
                                                                                                                    
-
+
 
                                                                                                                    Network Model Comparison
                                                                                                                    Table 1 describes the differences of network models supported by CCE.
                                                                                                                    
 
                                                                                                                     
                                                                                                                    After a cluster is created, the network model cannot be changed.
                                                                                                                    
 
                                                                                                                    
@@ -10,7 +10,7 @@
 
 
                                                                                                                    Table 3 Key parameters
                                                                                                                    Parameter
                                                                                                                    
+
                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
                                                                                                                    Table 3 Key parameters
                                                                                                                    Parameter
                                                                                                                    
 
                                                                                                                    Mandatory
                                                                                                                    
+
                                                                                                                    Mandatory
                                                                                                                    
 
                                                                                                                    Type
                                                                                                                    
+
                                                                                                                    Type
                                                                                                                    
 
                                                                                                                    Description
                                                                                                                    
+
                                                                                                                    Description
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
 
                                                                                                                    kubernetes.io/elb.id
                                                                                                                    
+
                                                                                                                    kubernetes.io/elb.id
                                                                                                                    
 
                                                                                                                    Yes
                                                                                                                    
+
                                                                                                                    Yes
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    This parameter indicates the ID of a load balancer. The value can contain 1 to 100 characters.
                                                                                                                    
+
                                                                                                                    ID of a load balancer. The value can contain 1 to 100 characters.
                                                                                                                    
 
                                                                                                                    How to obtain:
                                                                                                                    
 
                                                                                                                    On the management console, click Service List, and choose Networking > Elastic Load Balance. Click the name of the target load balancer. On the Summary tab page, find and copy the ID.
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    kubernetes.io/elb.ip
                                                                                                                    
+
                                                                                                                    kubernetes.io/elb.ip
                                                                                                                    
 
                                                                                                                    Yes
                                                                                                                    
+
                                                                                                                    No
                                                                                                                    
 
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
 
                                                                                                                    This parameter indicates the service address of a load balancer. The value can be the public IP address of a public network load balancer or the private IP address of a private network load balancer.
                                                                                                                    
+
                                                                                                                    Service address of a load balancer. The value can be the public IP address of a public network load balancer or the private IP address of a private network load balancer.
                                                                                                                    
+
                                                                                                                    kubernetes.io/elb.class
                                                                                                                    
+
                                                                                                                    Yes
                                                                                                                    
+
                                                                                                                    String
                                                                                                                    
+
                                                                                                                    Load balancer type.
                                                                                                                    
+
                                                                                                                    • union: shared load balancer
                                                                                                                    • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                                                                                                                    
+
                                                                                                                     NOTE: 
                                                                                                                    If an ELB Ingress accesses an existing dedicated load balancer, the dedicated load balancer must be of the application load balancing (HTTP/HTTPS) type.
                                                                                                                    
+
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
                                                                                                                     
 
                                                                                                                    
 
                                                                                                                    
 
-
                                                                                                                    Configuring HTTPS Certificates
                                                                                                                    Ingress supports TLS certificate configuration and secures your Services with HTTPS.
                                                                                                                    
-
                                                                                                                     
                                                                                                                    If HTTPS is enabled for the same port of the same load balancer of multiple ingresses, you must select the same certificate.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                    2. Run the following command to create a YAML file named ingress-test-secret.yaml (the file name can be customized):
                                                                                                                      vi ingress-test-secret.yaml
                                                                                                                      
-
                                                                                                                      The YAML file is configured as follows:
                                                                                                                      apiVersion: v1
-data:
-  tls.crt: LS0******tLS0tCg==
-  tls.key: LS0tL******0tLS0K
-kind: Secret
-metadata:
-  annotations:
-    description: test for ingressTLS secrets
-  name: ingress-test-secret
-  namespace: default
-type: IngressTLS
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                       
                                                                                                                      In the preceding information, tls.crt and tls.key are only examples. Replace them with the actual files. The values of tls.crt and tls.key are Base64-encoded.
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                    3. Create a secret.
                                                                                                                      kubectl create -f ingress-test-secret.yaml
                                                                                                                      
-
                                                                                                                      If information similar to the following is displayed, the secret is being created:
                                                                                                                      
-
                                                                                                                      secret/ingress-test-secret created
                                                                                                                      
-
                                                                                                                      View the created secrets.
                                                                                                                      
-
                                                                                                                      kubectl get secrets
                                                                                                                      
-
                                                                                                                      If information similar to the following is displayed, the secret has been created successfully:
                                                                                                                      
-
                                                                                                                      NAME                         TYPE                                  DATA      AGE
-ingress-test-secret          IngressTLS                            2         13s
                                                                                                                      
-
                                                                                                                    4. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                      vi ingress-test.yaml
                                                                                                                      
-
                                                                                                                       
                                                                                                                      Default security policy (kubernetes.io/elb.tls-ciphers-policy) is supported only in clusters of v1.17.17 or later.
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                      The following uses the automatically created load balancer as an example. The YAML file is configured as follows:
                                                                                                                      
-
                                                                                                                      For clusters of v1.21 or earlier:
                                                                                                                      
-
                                                                                                                      apiVersion: networking.k8s.io/v1beta1
-kind: Ingress 
-metadata: 
-  name: ingress-test
-  annotations: 
-    kubernetes.io/elb.class: union
-    kubernetes.io/ingress.class: cce
-    kubernetes.io/elb.port: '443'
-    kubernetes.io/elb.autocreate: 
-      '{
-          "type":"public",
-          "bandwidth_name":"cce-bandwidth-15511633796**",
-          "bandwidth_chargemode":"bandwidth",
-          "bandwidth_size":5,
-          "bandwidth_sharetype":"PER",
-          "eip_type":"5_bgp"
-        }'
-    kubernetes.io/elb.tls-ciphers-policy: tls-1-2
-spec:
-  tls: 
-  - secretName: ingress-test-secret
-  rules: 
-  - host: ''
-    http: 
-      paths: 
-      - path: '/'
-        backend: 
-          serviceName: <your_service_name>  # Replace it with the name of your target Service.
-          servicePort: 80
-        property:
-          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                      
-
                                                                                                                      For clusters of v1.23 or later:
                                                                                                                      apiVersion: networking.k8s.io/v1
-kind: Ingress 
-metadata: 
-  name: ingress-test
-  annotations: 
-    kubernetes.io/elb.class: union
-    kubernetes.io/elb.port: '443'
-    kubernetes.io/elb.autocreate: 
-      '{
-          "type":"public",
-          "bandwidth_name":"cce-bandwidth-15511633796**",
-          "bandwidth_chargemode":"bandwidth",
-          "bandwidth_size":5,
-          "bandwidth_sharetype":"PER",
-          "eip_type":"5_bgp"
-        }'
-    kubernetes.io/elb.tls-ciphers-policy: tls-1-2
-spec:
-  tls: 
-  - secretName: ingress-test-secret
-  rules: 
-  - host: ''
-    http: 
-      paths: 
-      - path: '/'
-        backend: 
-          service:
-            name: <your_service_name>  # Replace it with the name of your target Service.
-            port: 
-              number: 8080             # Replace 8080 with the port number of your target Service.
-        property:
-          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
-        pathType: ImplementationSpecific
-  ingressClassName: cce 
                                                                                                                      
-
                                                                                                                      
-
-
                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                      Table 4 Key parameters
                                                                                                                      Parameter
                                                                                                                      
-
                                                                                                                      Mandatory
                                                                                                                      
-
                                                                                                                      Type
                                                                                                                      
-
                                                                                                                      Description
                                                                                                                      
-
                                                                                                                      kubernetes.io/elb.tls-ciphers-policy
                                                                                                                      
-
                                                                                                                      No
                                                                                                                      
-
                                                                                                                      String
                                                                                                                      
-
                                                                                                                      The default value is tls-1-2, which is the default security policy used by the listener and takes effect only when the HTTPS protocol is used.
                                                                                                                      
-
                                                                                                                      Options:
                                                                                                                      
-
                                                                                                                      • tls-1-0
                                                                                                                      • tls-1-1
                                                                                                                      • tls-1-2
                                                                                                                      • tls-1-2-strict
                                                                                                                      
-
                                                                                                                      For details of cipher suites for each security policy, see Table 5.
                                                                                                                      
-
                                                                                                                      tls
                                                                                                                      
-
                                                                                                                      No
                                                                                                                      
-
                                                                                                                      Array of strings
                                                                                                                      
-
                                                                                                                      This parameter is mandatory if HTTPS is used. Multiple independent domain names and certificates can be added to this parameter. For details, see Configuring the Server Name Indication (SNI).
                                                                                                                      
-
                                                                                                                      secretName
                                                                                                                      
-
                                                                                                                      No
                                                                                                                      
-
                                                                                                                      String
                                                                                                                      
-
                                                                                                                      This parameter is mandatory if HTTPS is used. Set this parameter to the name of the created secret.
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                      
-
-
                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                      Table 5 tls_ciphers_policy parameter description
                                                                                                                      Security Policy
                                                                                                                      
-
                                                                                                                      TLS Version
                                                                                                                      
-
                                                                                                                      Cipher Suite
                                                                                                                      
-
                                                                                                                      tls-1-0
                                                                                                                      
-
                                                                                                                      TLS 1.2
                                                                                                                      
-
                                                                                                                      TLS 1.1
                                                                                                                      
-
                                                                                                                      TLS 1.0
                                                                                                                      
-
                                                                                                                      ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-SHA:AES256-SHA
                                                                                                                      
-
                                                                                                                      tls-1-1
                                                                                                                      
-
                                                                                                                      TLS 1.2
                                                                                                                      
-
                                                                                                                      TLS 1.1
                                                                                                                      
-
                                                                                                                      tls-1-2
                                                                                                                      
-
                                                                                                                      TLS 1.2
                                                                                                                      
-
                                                                                                                      tls-1-2-strict
                                                                                                                      
-
                                                                                                                      TLS 1.2
                                                                                                                      
-
                                                                                                                      ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                    5. Create an ingress.
                                                                                                                      kubectl create -f ingress-test.yaml
                                                                                                                      
-
                                                                                                                      If information similar to the following is displayed, the ingress has been created.
                                                                                                                      
-
                                                                                                                      ingress/ingress-test created
                                                                                                                      
-
                                                                                                                      View the created ingress.
                                                                                                                      
-
                                                                                                                      kubectl get ingress
                                                                                                                      
-
                                                                                                                      If information similar to the following is displayed, the ingress has been created successfully and the workload is accessible.
                                                                                                                      
-
                                                                                                                      NAME             HOSTS     ADDRESS          PORTS   AGE
-ingress-test     *         121.**.**.**     80      10s
                                                                                                                      
-
                                                                                                                    6. Enter https://121.**.**.**:443 in the address box of the browser to access the workload (for example, Nginx workload).
                                                                                                                      121.**.**.** indicates the IP address of the unified load balancer.
                                                                                                                      
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Using HTTP/2
                                                                                                                    Ingresses can use HTTP/2 to expose services. Connections from the load balancer proxy to your applications use HTTP/1.X by default. If your application is capable of receiving HTTP/2 requests, you can add the following field to the ingress annotation to enable the use of HTTP/2:
                                                                                                                    
-
                                                                                                                    `kubernetes.io/elb.http2-enable: 'true'`
                                                                                                                    
-
                                                                                                                    The following shows the YAML file for associating with an existing load balancer:
                                                                                                                    
-
                                                                                                                    For clusters of v1.21 or earlier:
                                                                                                                    
-
                                                                                                                    apiVersion: networking.k8s.io/v1beta1
-kind: Ingress 
-metadata: 
-  name: ingress-test
-  annotations: 
-    kubernetes.io/elb.id: <your_elb_id>  # Replace it with the ID of your existing load balancer.
-    kubernetes.io/elb.ip: <your_elb_ip>  # Replace it with the IP of your existing load balancer.
-    kubernetes.io/elb.port: '443'
-    kubernetes.io/ingress.class: cce
-    kubernetes.io/elb.http2-enable: 'true' # Enable HTTP/2.
-spec:
-  tls:
-  - secretName: ingress-test-secret
-  rules: 
-  - host: ''
-    http: 
-      paths: 
-      - path: '/'
-        backend: 
-          serviceName: <your_service_name>  # Replace it with the name of your target Service.
-          servicePort: 80                   # Replace it with the port number of your target Service.
-        property:
-          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                    
-
                                                                                                                    For clusters of v1.23 or later:
                                                                                                                    apiVersion: networking.k8s.io/v1
-kind: Ingress 
-metadata: 
-  name: ingress-test
-  annotations: 
-    kubernetes.io/elb.id: <your_elb_id>  # Replace it with the ID of your existing load balancer.
-    kubernetes.io/elb.ip: <your_elb_ip>  # Replace it with the IP of your existing load balancer.
-    kubernetes.io/elb.port: '443'
-    kubernetes.io/elb.http2-enable: 'true' # Enable HTTP/2.
-spec:
-  tls: 
-  - secretName: ingress-test-secret
-  rules: 
-  - host: ''
-    http: 
-      paths: 
-      - path: '/'
-        backend: 
-          service:
-            name: <your_service_name>  # Replace it with the name of your target Service.
-            port: 
-              number: 8080             # Replace 8080 with the port number of your target Service.
-        property:
-          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
-        pathType: ImplementationSpecific
-  ingressClassName: cce 
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Table 6 HTTP/2 parameters
                                                                                                                    
-
-
                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                    Parameter
                                                                                                                    
-
                                                                                                                    Mandatory
                                                                                                                    
-
                                                                                                                    Type
                                                                                                                    
-
                                                                                                                    Description
                                                                                                                    
-
                                                                                                                    kubernetes.io/elb.http2-enable
                                                                                                                    
-
                                                                                                                    No
                                                                                                                    
-
                                                                                                                    Bool
                                                                                                                    
-
                                                                                                                    Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP 1.X to forward requests to the backend server. This parameter is supported in clusters of v1.19.16-r0, v1.21.3-r0, and later versions.
                                                                                                                    
-
                                                                                                                    Options:
                                                                                                                    
-
                                                                                                                    • true: enabled
                                                                                                                    • false: disabled (default value)
                                                                                                                    
-
                                                                                                                    Note: HTTP/2 can be enabled or disabled only when the listener uses HTTPS. This parameter is invalid and defaults to false when the listener protocol is HTTP.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Configuring the Server Name Indication (SNI)
                                                                                                                    SNI allows multiple TLS-based access domain names to be provided for external systems using the same IP address and port number. Different domain names can use different security certificates.
                                                                                                                     
                                                                                                                    • Only one domain name can be specified for each SNI certificate. Wildcard-domain certificates are supported.
                                                                                                                    • Security policy (kubernetes.io/elb.tls-ciphers-policy) is supported only in clusters of v1.17.11 or later.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    You can enable SNI when the preceding conditions are met. The following uses the automatic creation of a load balancer as an example. In this example, sni-test-secret-1 and sni-test-secret-2 are SNI certificates. The domain names specified by the certificates must be the same as those in the certificates.
                                                                                                                    
-
                                                                                                                    For clusters of v1.21 or earlier:
                                                                                                                    apiVersion: networking.k8s.io/v1beta1
-kind: Ingress 
-metadata: 
-  name: ingress-test
-  annotations: 
-    kubernetes.io/elb.class: union
-    kubernetes.io/ingress.class: cce
-    kubernetes.io/elb.port: '443'
-    kubernetes.io/elb.autocreate: 
-      '{
-          "type":"public",
-          "bandwidth_name":"cce-bandwidth-******",
-          "bandwidth_chargemode":"bandwidth",
-          "bandwidth_size":5,
-          "bandwidth_sharetype":"PER",
-          "eip_type":"5_bgp"
-        }'
-    kubernetes.io/elb.tls-ciphers-policy: tls-1-2
-spec:
-  tls: 
-  - secretName: ingress-test-secret
-  - hosts:
-      - example.top  # Domain name specified a certificate is issued
-    secretName: sni-test-secret-1  
-  - hosts:
-      - example.com  # Domain name specified a certificate is issued
-    secretName: sni-test-secret-2
-  rules: 
-  - host: ''
-    http: 
-      paths: 
-      - path: '/'
-        backend: 
-          serviceName: <your_service_name>  # Replace it with the name of your target Service.
-          servicePort: 80
-        property:
-          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    For clusters of v1.23 or later:
                                                                                                                    apiVersion: networking.k8s.io/v1
-kind: Ingress 
-metadata: 
-  name: ingress-test
-  annotations: 
-    kubernetes.io/elb.class: union
-    kubernetes.io/elb.port: '443'
-    kubernetes.io/elb.autocreate: 
-      '{
-          "type":"public",
-          "bandwidth_name":"cce-bandwidth-******",
-          "bandwidth_chargemode":"bandwidth",
-          "bandwidth_size":5,
-          "bandwidth_sharetype":"PER",
-          "eip_type":"5_bgp"
-        }'
-    kubernetes.io/elb.tls-ciphers-policy: tls-1-2
-spec:
-  tls: 
-  - secretName: ingress-test-secret
-  - hosts:
-      - example.top  # Domain name specified a certificate is issued
-    secretName: sni-test-secret-1  
-  - hosts:
-      - example.com  # Domain name specified a certificate is issued
-    secretName: sni-test-secret-2
-  rules: 
-  - host: ''
-    http: 
-      paths: 
-      - path: '/'
-        backend: 
-          service:
-            name: <your_service_name>  # Replace it with the name of your target Service.
-            port: 
-              number: 8080             # Replace 8080 with the port number of your target Service.
-        property:
-          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
-        pathType: ImplementationSpecific
-  ingressClassName: cce 
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Accessing Multiple Services
                                                                                                                    Ingresses can route requests to multiple backend Services based on different matching policies. The spec field in the YAML file is set as below. You can access www.example.com/foo, www.example.com/bar, and foo.example.com/ to route to three different backend Services.
                                                                                                                    
-
                                                                                                                     
                                                                                                                    The URL registered in an ingress forwarding policy must be the same as the URL exposed by the backend Service. Otherwise, a 404 error will be returned.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    spec:
-  rules: 
-  - host: 'www.example.com'
-    http: 
-      paths: 
-      - path: '/foo'
-        backend: 
-          serviceName: <your_service_name>  # Replace it with the name of your target Service.
-          servicePort: 80
-        property:
-          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
-      - path: '/bar'
-        backend:
-          serviceName: <your_service_name>  # Replace it with the name of your target Service.
-          servicePort: 80
-        property:
-          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
-  - host: 'foo.example.com'
-    http:
-      paths:
-      - path: '/'
-        backend:
-          serviceName: <your_service_name>  # Replace it with the name of your target Service.
-          servicePort: 80
-        property:
-          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Interconnecting with HTTPS Backend Services
                                                                                                                    Ingress can interconnect with backend services of different protocols. By default, the backend proxy channel of an ingress is an HTTP channel. To create an HTTPS channel, add the following configuration to the annotations field:
                                                                                                                    
-
                                                                                                                    kubernetes.io/elb.pool-protocol: https
                                                                                                                    
-
                                                                                                                     
                                                                                                                    • This feature only applies to clusters of v1.23.8, v1.25.3, and later.
                                                                                                                    • Ingress can interconnect with HTTPS backend services only when dedicated load balancers are used.
                                                                                                                    • When interconnecting with HTTPS backend services, set Client Protocol of ingress to HTTPS.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    An ingress configuration example is as follows:
                                                                                                                    
-
                                                                                                                    apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: ingress-test
-  namespace: default
-  annotations:
-    kubernetes.io/elb.port: '443'
-    kubernetes.io/elb.id: <your_elb_id>    # In this example, an existing dedicated load balancer is used. Replace its ID with the ID of your dedicated load balancer.
-    kubernetes.io/elb.class: performance
-    kubernetes.io/elb.pool-protocol: https  # Interconnected HTTPS backend service
-    kubernetes.io/elb.tls-ciphers-policy: tls-1-2
-spec:
-  tls: 
-    - secretName: ingress-test-secret
-  rules:
-    - host: ''
-      http:
-        paths:
-          - path: '/'
-            backend:
-              service:
-                name: <your_service_name>  # Replace it with the name of your target Service.
-                port:
-                  number: 80
-            property:
-              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
-            pathType: ImplementationSpecific
-  ingressClassName: cce
                                                                                                                    
-
                                                                                                                    
 
 
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Parent topic: Ingresses
                                                                                                                    
+
                                                                                                                    Parent topic: ELB Ingresses
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0257.html b/docs/cce/umn/cce_10_0257.html
deleted file mode 100644
index 91786143d..000000000
--- a/docs/cce/umn/cce_10_0257.html
+++ /dev/null
@@ -1,207 +0,0 @@
-
-
-
                                                                                                                    Creating a Deployment Mounted with an EVS Volume
                                                                                                                    
-
                                                                                                                    Scenario
                                                                                                                    After an EVS volume is created or imported to CCE, you can mount it to a workload.
                                                                                                                    
-
                                                                                                                     
                                                                                                                    EVS disks cannot be attached across AZs. Before mounting a volume, you can run the kubectl get pvc command to query the available PVCs in the AZ where the current cluster is located.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Prerequisites
                                                                                                                    You have created a cluster and installed the CSI plug-in (everest) in the cluster.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Notes and Constraints
                                                                                                                    The following configuration example applies to clusters of Kubernetes 1.15 or later.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Using EVS Volumes for Deployments
                                                                                                                    1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                    2. Run the following commands to configure the evs-deployment-example.yaml file, which is used to create a Deployment.
                                                                                                                      touch evs-deployment-example.yaml
                                                                                                                      
-
                                                                                                                      vi evs-deployment-example.yaml
                                                                                                                      
-
                                                                                                                      Example of mounting an EVS volume to a Deployment (PVC-based, shared volume):
                                                                                                                      apiVersion: apps/v1 
-kind: Deployment 
-metadata: 
-  name: evs-deployment-example 
-  namespace: default 
-spec: 
-  replicas: 1 
-  selector: 
-    matchLabels: 
-      app: evs-deployment-example 
-  template: 
-    metadata: 
-      labels: 
-        app: evs-deployment-example 
-    spec: 
-      containers: 
-      - image: nginx
-        name: container-0 
-        volumeMounts: 
-        - mountPath: /tmp 
-          name: pvc-evs-example 
-      imagePullSecrets:
-        - name: default-secret
-      restartPolicy: Always 
-      volumes: 
-      - name: pvc-evs-example 
-        persistentVolumeClaim: 
-          claimName: pvc-evs-auto-example
                                                                                                                      
-
                                                                                                                      
-
-
                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                      Table 1 Key parameters
                                                                                                                      Parent Parameter
                                                                                                                      
-
                                                                                                                      Parameter
                                                                                                                      
-
                                                                                                                      Description
                                                                                                                      
-
                                                                                                                      spec.template.spec.containers.volumeMounts
                                                                                                                      
-
                                                                                                                      name
                                                                                                                      
-
                                                                                                                      Name of the volume mounted to the container.
                                                                                                                      
-
                                                                                                                      spec.template.spec.containers.volumeMounts
                                                                                                                      
-
                                                                                                                      mountPath
                                                                                                                      
-
                                                                                                                      Mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                      
-
                                                                                                                      spec.template.spec.volumes
                                                                                                                      
-
                                                                                                                      name
                                                                                                                      
-
                                                                                                                      Name of the volume.
                                                                                                                      
-
                                                                                                                      spec.template.spec.volumes.persistentVolumeClaim
                                                                                                                      
-
                                                                                                                      claimName
                                                                                                                      
-
                                                                                                                      Name of an existing PVC.
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                       
                                                                                                                      spec.template.spec.containers.volumeMounts.name and spec.template.spec.volumes.name must be consistent because they have a mapping relationship.
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                    3. Run the following command to create the workload:
                                                                                                                      kubectl create -f evs-deployment-example.yaml
                                                                                                                      
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Using EVS Volumes for StatefulSets
                                                                                                                    1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                    2. Run the following commands to configure the evs-statefulset-example.yaml file, which is used to create a Deployment.
                                                                                                                      touch evs-statefulset-example.yaml
                                                                                                                      
-
                                                                                                                      vi evs-statefulset-example.yaml
                                                                                                                      
-
                                                                                                                      Mounting an EVS volume to a StatefulSet (PVC template-based, non-shared volume):
                                                                                                                      
-
                                                                                                                      Example YAML:
                                                                                                                      apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: evs-statefulset-example
-  namespace: default
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: evs-statefulset-example
-  template:
-    metadata:
-      labels:
-        app: evs-statefulset-example
-    spec:
-      containers:
-        - name: container-0
-          image: 'nginx:latest'
-          volumeMounts:
-            - name: pvc-evs-auto-example
-              mountPath: /tmp
-      restartPolicy: Always
-      imagePullSecrets:
-        - name: default-secret
-  volumeClaimTemplates:
-    - metadata:
-        name: pvc-evs-auto-example
-        namespace: default
-        labels:
-          failure-domain.beta.kubernetes.io/region: eu-de
-          failure-domain.beta.kubernetes.io/zone: 
-        annotations:
-          everest.io/disk-volume-type: SAS
-      spec:
-        accessModes:
-          - ReadWriteOnce
-        resources:
-          requests:
-            storage: 10Gi
-        storageClassName: csi-disk   
-  serviceName: evs-statefulset-example-headless
-  updateStrategy:
-    type: RollingUpdate
                                                                                                                      
-
-
                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                      Table 2 Key parameters
                                                                                                                      Parent Parameter
                                                                                                                      
-
                                                                                                                      Parameter
                                                                                                                      
-
                                                                                                                      Description
                                                                                                                      
-
                                                                                                                      metadata
                                                                                                                      
-
                                                                                                                      name
                                                                                                                      
-
                                                                                                                      Name of the created workload.
                                                                                                                      
-
                                                                                                                      spec.template.spec.containers
                                                                                                                      
-
                                                                                                                      image
                                                                                                                      
-
                                                                                                                      Image of the workload.
                                                                                                                      
-
                                                                                                                      spec.template.spec.containers.volumeMount
                                                                                                                      
-
                                                                                                                      mountPath
                                                                                                                      
-
                                                                                                                      Mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                      
-
                                                                                                                      spec
                                                                                                                      
-
                                                                                                                      serviceName
                                                                                                                      
-
                                                                                                                      Service corresponding to the workload. For details about how to create a Service, see Creating a StatefulSet.
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                       
                                                                                                                      spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name must be consistent because they have a mapping relationship.
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                    3. Run the following command to create the workload:
                                                                                                                      kubectl create -f evs-statefulset-example.yaml
                                                                                                                      
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Verifying Persistent Storage of an EVS Volume
                                                                                                                    1. Query the pod and EVS files of the deployed workload (for example, evs-statefulset-example).
                                                                                                                      1. Run the following command to query the pod name of the workload:
                                                                                                                        kubectl get po | grep evs-statefulset-example
                                                                                                                        
-
                                                                                                                        Expected outputs:
                                                                                                                        
-
                                                                                                                        evs-statefulset-example-0   1/1     Running   0          22h
                                                                                                                        
-
                                                                                                                      2. Run the following command to check whether an EVS volume is mounted to the /tmp directory:
                                                                                                                        kubectl exec evs-statefulset-example-0 -- df tmp
                                                                                                                        
-
                                                                                                                        Expected outputs:
                                                                                                                        
-
                                                                                                                        /dev/sda        10255636 36888  10202364   1% /tmp
                                                                                                                        
-
                                                                                                                      
-
                                                                                                                    2. Run the following command to create a file named test in the /tmp directory:
                                                                                                                      kubectl exec evs-statefulset-example-0 -- touch /tmp/test
                                                                                                                      
-
                                                                                                                    3. Run the following command to view the file in the /tmp directory:
                                                                                                                      kubectl exec evs-statefulset-example-0 -- ls -l /tmp
                                                                                                                      
-
                                                                                                                      Expected outputs:
                                                                                                                      
-
                                                                                                                      -rw-r--r-- 1 root root     0 Jun  1 02:50 test
                                                                                                                      
-
                                                                                                                    4. Run the following command to delete the pod named evs-statefulset-example-0:
                                                                                                                      kubectl delete po evs-statefulset-example-0
                                                                                                                      
-
                                                                                                                    5. Check whether the file still exists after the pod is rebuilt.
                                                                                                                      1. Run the following command to query the name of the rebuilt pod:
                                                                                                                        kubectl get po
                                                                                                                        
-
                                                                                                                        Expected outputs:
                                                                                                                        
-
                                                                                                                        evs-statefulset-example-0   1/1     Running   0          2m
                                                                                                                        
-
                                                                                                                      2. Run the following command to view the file in the /tmp directory:
                                                                                                                        kubectl exec evs-statefulset-example-0 -- ls -l /tmp
                                                                                                                        
-
                                                                                                                        Expected outputs:
                                                                                                                        
-
                                                                                                                        -rw-r--r-- 1 root root     0 Jun  1 02:50 test
                                                                                                                        
-
                                                                                                                      3. The test file still exists after the pod is rebuilt, indicating that the data in the EVS volume can be persistently stored.
                                                                                                                      
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Parent topic: Deployment Examples
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
diff --git a/docs/cce/umn/cce_10_0262.html b/docs/cce/umn/cce_10_0262.html
deleted file mode 100644
index 806b4c6a3..000000000
--- a/docs/cce/umn/cce_10_0262.html
+++ /dev/null
@@ -1,149 +0,0 @@
-
-
-
                                                                                                                    Creating a StatefulSet Mounted with an SFS Volume
                                                                                                                    
-
                                                                                                                    Scenario
                                                                                                                    CCE allows you to use an existing SGS volume to create a StatefulSet (by using a PVC).
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Prerequisites
                                                                                                                    You have created a cluster and installed the CSI plug-in (everest) in the cluster.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Notes and Constraints
                                                                                                                    The following configuration example applies to clusters of Kubernetes 1.15 or later.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Procedure
                                                                                                                    1. Create an SFS volume by referring to PersistentVolumeClaims (PVCs) and record the volume name.
                                                                                                                    2. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                    3. Create a YAML file for creating the workload. Assume that the file name is sfs-statefulset-example.yaml.
                                                                                                                      touch sfs-statefulset-example.yaml
                                                                                                                      
-
                                                                                                                      vi sfs-statefulset-example.yaml
                                                                                                                      
-
                                                                                                                      Configuration example:
                                                                                                                      
-
                                                                                                                      apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: sfs-statefulset-example
-  namespace: default
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: sfs-statefulset-example
-  template:
-    metadata:
-      labels:
-        app: sfs-statefulset-example
-    spec:
-      volumes: 
-      - name: pvc-sfs-example 
-        persistentVolumeClaim:
-          claimName: pvc-sfs-example     
-      containers:
-      - name: container-0
-        image: 'nginx:latest'
-        volumeMounts:
-          - name: pvc-sfs-example
-            mountPath: /tmp
-      restartPolicy: Always
-      imagePullSecrets:
-      - name: default-secret 
-  serviceName: sfs-statefulset-example-headless
-  updateStrategy:
-    type: RollingUpdate
                                                                                                                      
-
-
                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                      Table 1 Key parameters
                                                                                                                      Parent Parameter
                                                                                                                      
-
                                                                                                                      Parameter
                                                                                                                      
-
                                                                                                                      Description
                                                                                                                      
-
                                                                                                                      spec
                                                                                                                      
-
                                                                                                                      replicas
                                                                                                                      
-
                                                                                                                      Number of pods.
                                                                                                                      
-
                                                                                                                      metadata
                                                                                                                      
-
                                                                                                                      name
                                                                                                                      
-
                                                                                                                      Name of the new workload.
                                                                                                                      
-
                                                                                                                      spec.template.spec.containers
                                                                                                                      
-
                                                                                                                      image
                                                                                                                      
-
                                                                                                                      Image used by the workload.
                                                                                                                      
-
                                                                                                                      spec.template.spec.containers.volumeMounts
                                                                                                                      
-
                                                                                                                      mountPath
                                                                                                                      
-
                                                                                                                      Mount path of a container.
                                                                                                                      
-
                                                                                                                      spec
                                                                                                                      
-
                                                                                                                      serviceName
                                                                                                                      
-
                                                                                                                      Service corresponding to the workload. For details about how to create a Service, see Creating a StatefulSet.
                                                                                                                      
-
                                                                                                                      spec.template.spec.volumes.persistentVolumeClaim
                                                                                                                      
-
                                                                                                                      claimName
                                                                                                                      
-
                                                                                                                      Name of an existing PVC.
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                      Example of mounting an SFS volume to a StatefulSet (PVC template-based, dedicated volume):
                                                                                                                      
-
                                                                                                                      Example YAML file:
                                                                                                                      apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: sfs-statefulset-example
-  namespace: default
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: sfs-statefulset-example
-  template:
-    metadata:
-      labels:
-        app: sfs-statefulset-example
-    spec:
-      containers:
-        - name: container-0
-          image: 'nginx:latest'
-          volumeMounts:
-            - name: pvc-sfs-auto-example
-              mountPath: /tmp
-      restartPolicy: Always
-      imagePullSecrets:
-        - name: default-secret
-  volumeClaimTemplates:
-    - metadata:
-        name: pvc-sfs-auto-example
-        namespace: default
-      spec:
-        accessModes:
-          - ReadWriteMany
-        resources:
-          requests:
-            storage: 10Gi
-        storageClassName: csi-nas
-  serviceName: sfs-statefulset-example-headless
-  updateStrategy:
-    type: RollingUpdate
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                       
                                                                                                                      spec.template.spec.containers.volumeMounts.name and spec.template.spec.volumes.name must be consistent because they have a mapping relationship.
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                    4. Create a StatefulSet.
                                                                                                                      kubectl create -f  sfs-statefulset-example.yaml
                                                                                                                      
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Parent topic: Deployment Examples
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
diff --git a/docs/cce/umn/cce_10_0263.html b/docs/cce/umn/cce_10_0263.html
deleted file mode 100644
index 986d92be3..000000000
--- a/docs/cce/umn/cce_10_0263.html
+++ /dev/null
@@ -1,52 +0,0 @@
-
-
-
                                                                                                                    Creating a Deployment Mounted with an SFS Volume
                                                                                                                    
-
                                                                                                                    Scenario
                                                                                                                    After an SFS volume is created or imported to CCE, you can mount the volume to a workload.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Prerequisites
                                                                                                                    You have created a cluster and installed the CSI plug-in (everest) in the cluster.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Notes and Constraints
                                                                                                                    The following configuration example applies to clusters of Kubernetes 1.15 or later.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Procedure
                                                                                                                    1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                    2. Run the following commands to configure the sfs-deployment-example.yaml file, which is used to create a pod.
                                                                                                                      touch sfs-deployment-example.yaml
                                                                                                                      
-
                                                                                                                      vi sfs-deployment-example.yaml
                                                                                                                      
-
                                                                                                                      Example of mounting an SFS volume to a Deployment (PVC-based, shared volume):
                                                                                                                      apiVersion: apps/v1 
-kind: Deployment 
-metadata: 
-  name: sfs-deployment-example                                # Workload name
-  namespace: default 
-spec: 
-  replicas: 1 
-  selector: 
-    matchLabels: 
-      app: sfs-deployment-example 
-  template: 
-    metadata: 
-      labels: 
-        app: sfs-deployment-example 
-    spec: 
-      containers: 
-      - image: nginx 
-        name: container-0 
-        volumeMounts: 
-        - mountPath: /tmp                                # Mount path 
-          name: pvc-sfs-example 
-      imagePullSecrets:
-        - name: default-secret
-      restartPolicy: Always 
-      volumes: 
-      - name: pvc-sfs-example 
-        persistentVolumeClaim: 
-          claimName: pvc-sfs-auto-example                # PVC name
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                       
                                                                                                                      spec.template.spec.containers.volumeMounts.name and spec.template.spec.volumes.name must be consistent because they have a mapping relationship.
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                    3. Run the following command to create the workload:
                                                                                                                      kubectl create -f sfs-deployment-example.yaml
                                                                                                                      
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Parent topic: Deployment Examples
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
diff --git a/docs/cce/umn/cce_10_0268.html b/docs/cce/umn/cce_10_0268.html
deleted file mode 100644
index eae9c0b8e..000000000
--- a/docs/cce/umn/cce_10_0268.html
+++ /dev/null
@@ -1,152 +0,0 @@
-
-
-
                                                                                                                    Creating a StatefulSet Mounted with an OBS Volume
                                                                                                                    
-
                                                                                                                    Scenario
                                                                                                                    CCE allows you to use an existing OBS volume to create a StatefulSet through a PVC.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Prerequisites
                                                                                                                    You have created a cluster and installed the CSI plug-in (everest) in the cluster.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Notes and Constraints
                                                                                                                    The following configuration example applies to clusters of Kubernetes 1.15 or later.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Procedure
                                                                                                                    1. Create an OBS volume by referring to PersistentVolumeClaims (PVCs) and obtain the PVC name.
                                                                                                                    2. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                    3. Create a YAML file for creating the workload. Assume that the file name is obs-statefulset-example.yaml.
                                                                                                                      touch obs-statefulset-example.yaml
                                                                                                                      
-
                                                                                                                      vi obs-statefulset-example.yaml
                                                                                                                      
-
                                                                                                                      Configuration example:
                                                                                                                      
-
                                                                                                                      apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: obs-statefulset-example
-  namespace: default
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: obs-statefulset-example
-  template:
-    metadata:
-      labels:
-        app: obs-statefulset-example
-    spec:
-      volumes: 
-      - name: pvc-obs-example 
-        persistentVolumeClaim:
-          claimName: pvc-obs-example     
-      containers:
-      - name: container-0
-        image: 'nginx:latest'
-        volumeMounts:
-          - name: pvc-obs-example
-            mountPath: /tmp
-      restartPolicy: Always
-      imagePullSecrets:
-      - name: default-secret 
-  serviceName: obs-statefulset-example-headless    # Name of the headless Service
                                                                                                                      
-
-
                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                      Table 1 Key parameters
                                                                                                                      Parameter
                                                                                                                      
-
                                                                                                                      Description
                                                                                                                      
-
                                                                                                                      replicas
                                                                                                                      
-
                                                                                                                      Number of pods.
                                                                                                                      
-
                                                                                                                      name
                                                                                                                      
-
                                                                                                                      Name of the new workload.
                                                                                                                      
-
                                                                                                                      image
                                                                                                                      
-
                                                                                                                      Image used by the workload.
                                                                                                                      
-
                                                                                                                      mountPath
                                                                                                                      
-
                                                                                                                      Mount path of a container.
                                                                                                                      
-
                                                                                                                      serviceName
                                                                                                                      
-
                                                                                                                      Service corresponding to the workload. For details about how to create a Service, see Creating a StatefulSet.
                                                                                                                      
-
                                                                                                                      claimName
                                                                                                                      
-
                                                                                                                      Name of an existing PVC.
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                      Example of mounting an OBS volume to a StatefulSet (PVC template-based, dedicated volume):
                                                                                                                      
-
                                                                                                                      Example YAML:
                                                                                                                      
-
                                                                                                                      apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: obs-statefulset-example
-  namespace: default
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: obs-statefulset-example
-  template:
-    metadata:
-      labels:
-        app: obs-statefulset-example
-    spec:
-      containers:
-        - name: container-0
-          image: 'nginx:latest'
-          volumeMounts:
-            - name: pvc-obs-auto-example
-              mountPath: /tmp
-      restartPolicy: Always
-      imagePullSecrets:
-        - name: default-secret
-  volumeClaimTemplates:
-    - metadata:
-        name: pvc-obs-auto-example
-        namespace: default
-        annotations:
-          everest.io/obs-volume-type: STANDARD
-      spec:
-        accessModes:
-          - ReadWriteMany
-        resources:
-          requests:
-            storage: 1Gi
-        storageClassName: csi-obs  
-  serviceName: obs-statefulset-example-headless
                                                                                                                      
-
                                                                                                                    4. Create a StatefulSet.
                                                                                                                      kubectl create -f obs-statefulset-example.yaml
                                                                                                                      
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Verifying Persistent Storage of an OBS Volume
                                                                                                                    1. Query the pod and OBS volume of the deployed workload (for example, obs-statefulset-example).
                                                                                                                      1. Run the following command to query the pod name of the workload:
                                                                                                                        kubectl get po | grep obs-statefulset-example
                                                                                                                        
-
                                                                                                                        Expected outputs:
                                                                                                                        
-
                                                                                                                        obs-statefulset-example-0   1/1     Running   0          2m5s
                                                                                                                        
-
                                                                                                                      2. Run the following command to check whether an OBS volume is mounted to the /tmp directory:
                                                                                                                        kubectl exec obs-statefulset-example-0 -- mount|grep /tmp
                                                                                                                        
-
                                                                                                                        Expected outputs:
                                                                                                                        
-
                                                                                                                        s3fs on /tmp type fuse.s3fs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
                                                                                                                        
-
                                                                                                                      
-
                                                                                                                    2. Run the following command to create a file named test in the /tmp directory:
                                                                                                                      kubectl exec obs-statefulset-example-0 -- touch /tmp/test
                                                                                                                      
-
                                                                                                                    3. Run the following command to view the file in the /tmp directory:
                                                                                                                      kubectl exec obs-statefulset-example-0 -- ls -l /tmp
                                                                                                                      
-
                                                                                                                      Expected outputs:
                                                                                                                      
-
                                                                                                                      -rw-r--r-- 1 root root     0 Jun  1 02:50 test
                                                                                                                      
-
                                                                                                                    4. Run the following command to delete the pod named obs-statefulset-example-0:
                                                                                                                      kubectl delete po obs-statefulset-example-0
                                                                                                                      
-
                                                                                                                    5. Check whether the file still exists after the pod is rebuilt.
                                                                                                                      1. Run the following command to query the name of the rebuilt pod:
                                                                                                                        kubectl get po
                                                                                                                        
-
                                                                                                                        Expected outputs:
                                                                                                                        
-
                                                                                                                        obs-statefulset-example-0   1/1     Running   0          2m
                                                                                                                        
-
                                                                                                                      2. Run the following command to view the file in the /tmp directory:
                                                                                                                        kubectl exec obs-statefulset-example-0 -- ls -l /tmp
                                                                                                                        
-
                                                                                                                        Expected outputs:
                                                                                                                        
-
                                                                                                                        -rw-r--r-- 1 root root     0 Jun  1 02:50 test
                                                                                                                        
-
                                                                                                                      3. The test file still exists after the pod is rebuilt, indicating that the data in the OBS volume can be persistently stored.
                                                                                                                      
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Parent topic: Deployment Examples
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
diff --git a/docs/cce/umn/cce_10_0269.html b/docs/cce/umn/cce_10_0269.html
deleted file mode 100644
index 631658daf..000000000
--- a/docs/cce/umn/cce_10_0269.html
+++ /dev/null
@@ -1,52 +0,0 @@
-
-
-
                                                                                                                    Creating a Deployment Mounted with an OBS Volume
                                                                                                                    
-
                                                                                                                    Scenario
                                                                                                                    After an OBS volume is created or imported to CCE, you can mount the volume to a workload.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Prerequisites
                                                                                                                    You have created a cluster and installed the CSI plug-in (everest) in the cluster.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Notes and Constraints
                                                                                                                    The following configuration example applies to clusters of Kubernetes 1.15 or later.
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Procedure
                                                                                                                    1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                    2. Run the following commands to configure the obs-deployment-example.yaml file, which is used to create a pod.
                                                                                                                      touch obs-deployment-example.yaml
                                                                                                                      
-
                                                                                                                      vi obs-deployment-example.yaml
                                                                                                                      
-
                                                                                                                      Example of mounting an OBS volume to a Deployment (PVC-based, shared volume):
                                                                                                                      apiVersion: apps/v1 
-kind: Deployment 
-metadata: 
-  name: obs-deployment-example                        # Workload name
-  namespace: default 
-spec: 
-  replicas: 1 
-  selector: 
-    matchLabels: 
-      app: obs-deployment-example 
-  template: 
-    metadata: 
-      labels: 
-        app: obs-deployment-example 
-    spec: 
-      containers: 
-      - image: nginx
-        name: container-0 
-        volumeMounts: 
-        - mountPath: /tmp                       # Mount path
-          name: pvc-obs-example 
-      restartPolicy: Always
-      imagePullSecrets:
-        - name: default-secret
-      volumes: 
-      - name: pvc-obs-example  
-        persistentVolumeClaim: 
-          claimName: pvc-obs-auto-example       # PVC name
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                       
                                                                                                                      spec.template.spec.containers.volumeMounts.name and spec.template.spec.volumes.name must be consistent because they have a mapping relationship.
                                                                                                                      
-
                                                                                                                      
-
                                                                                                                    3. Run the following command to create the workload:
                                                                                                                      kubectl create -f obs-deployment-example.yaml
                                                                                                                      
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    Parent topic: Deployment Examples
                                                                                                                    
-
                                                                                                                    
-
                                                                                                                    
-
diff --git a/docs/cce/umn/cce_10_0275.html b/docs/cce/umn/cce_10_0275.html
index 6f4a1efb0..4ac0e7803 100644
--- a/docs/cce/umn/cce_10_0275.html
+++ b/docs/cce/umn/cce_10_0275.html
@@ -1,15 +1,108 @@
 
 
 
                                                                                                                    Configuring a Pod Security Policy
                                                                                                                    
-
                                                                                                                    A pod security policy (PSP) is a cluster-level resource that controls sensitive security aspects of the pod specification. The PodSecurityPolicy object in Kubernetes defines a group of conditions that a pod must comply with to be accepted by the system, as well as the default values of related fields.
                                                                                                                    
+
                                                                                                                    A pod security policy (PSP) is a cluster-level resource that controls sensitive security aspects of the pod specification. The PodSecurityPolicy object in Kubernetes defines a group of conditions that a pod must comply with to be accepted by the system, as well as the default values of related fields.
                                                                                                                    
 
                                                                                                                    By default, the PSP access control component is enabled for clusters of v1.17.17 and a global default PSP named psp-global is created. You can modify the default policy (but not delete it). You can also create a PSP and bind it to the RBAC configuration.
                                                                                                                    
-
                                                                                                                     
                                                                                                                    • In addition to the global default PSP, the system configures independent PSPs for system components in namespace kube-system. Modifying the psp-global configuration does not affect pod creation in namespace kube-system.
                                                                                                                    • In Kubernetes 1.25, PSP has been removed and replaced by Pod Security Admission. For details, see Configuring Pod Security Admission.
                                                                                                                    
+
                                                                                                                     
                                                                                                                    • In addition to the global default PSP, the system configures independent PSPs for system components in namespace kube-system. Modifying the psp-global configuration does not affect pod creation in namespace kube-system.
                                                                                                                    • PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. You can use pod security admission as a substitute for PodSecurityPolicy. For details, see Configuring Pod Security Admission.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    Modifying the Global Default PSP
                                                                                                                    Before modifying the global default PSP, ensure that a CCE cluster has been created and connected by using kubectl.
                                                                                                                    
 
                                                                                                                    1. Run the following command:
                                                                                                                      kubectl edit psp psp-global
                                                                                                                      
-
                                                                                                                    2. Modify the parameters as required. For details, see PodSecurityPolicy.
                                                                                                                    
+
                                                                                                                  • Modify the required parameters, as shown in Table 1.
                                                                                                                    
+
                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                    Table 1 PSP configuration
                                                                                                                    Item
                                                                                                                    
+
                                                                                                                    Description
                                                                                                                    
+
                                                                                                                    privileged
                                                                                                                    
+
                                                                                                                    Starts the privileged container.
                                                                                                                    
+
                                                                                                                    hostPID
                                                                                                                    
+
                                                                                                                    hostIPC
                                                                                                                    
+
                                                                                                                    Uses the host namespace.
                                                                                                                    
+
                                                                                                                    hostNetwork
                                                                                                                    
+
                                                                                                                    hostPorts
                                                                                                                    
+
                                                                                                                    Uses the host network and port.
                                                                                                                    
+
                                                                                                                    volumes
                                                                                                                    
+
                                                                                                                    Specifies the type of the mounted volume that can be used.
                                                                                                                    
+
                                                                                                                    allowedHostPaths
                                                                                                                    
+
                                                                                                                    Specifies the host path to which a hostPath volume can be mounted. The pathPrefix field specifies the host path prefix group to which a hostPath volume can be mounted.
                                                                                                                    
+
                                                                                                                    allowedFlexVolumes
                                                                                                                    
+
                                                                                                                    Specifies the FlexVolume driver that can be used.
                                                                                                                    
+
                                                                                                                    fsGroup
                                                                                                                    
+
                                                                                                                    Configures the supplemental group ID used by the mounted volume in the pod.
                                                                                                                    
+
                                                                                                                    readOnlyRootFilesystem
                                                                                                                    
+
                                                                                                                    Pods can only be started using a read-only root file system.
                                                                                                                    
+
                                                                                                                    runAsUser
                                                                                                                    
+
                                                                                                                    runAsGroup
                                                                                                                    
+
                                                                                                                    supplementalGroups
                                                                                                                    
+
                                                                                                                    Specifies the user ID, primary group ID, and supplemental group ID for starting containers in a pod.
                                                                                                                    
+
                                                                                                                    allowPrivilegeEscalation
                                                                                                                    
+
                                                                                                                    defaultAllowPrivilegeEscalation
                                                                                                                    
+
                                                                                                                    Specifies whether allowPrivilegeEscalation can be set to true in a pod. This configuration controls the use of Setuid and whether programs can use additional privileged system calls.
                                                                                                                    
+
                                                                                                                    defaultAddCapabilities
                                                                                                                    
+
                                                                                                                    requiredDropCapabilities
                                                                                                                    
+
                                                                                                                    allowedCapabilities
                                                                                                                    
+
                                                                                                                    Controls the Linux capabilities used in pods.
                                                                                                                    
+
                                                                                                                    seLinux
                                                                                                                    
+
                                                                                                                    Controls the configuration of seLinux used in pods.
                                                                                                                    
+
                                                                                                                    allowedProcMountTypes
                                                                                                                    
+
                                                                                                                    Controls the ProcMountTypes that can be used by pods.
                                                                                                                    
+
                                                                                                                    annotations
                                                                                                                    
+
                                                                                                                    Configures AppArmor or Seccomp used by containers in a pod.
                                                                                                                    
+
                                                                                                                    forbiddenSysctls
                                                                                                                    
+
                                                                                                                    allowedUnsafeSysctls
                                                                                                                    
+
                                                                                                                    Controls the configuration of Sysctl used by containers in a pod.
                                                                                                                    
+
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Example of Enabling Unsafe Sysctls in Pod Security Policy
                                                                                                                    You can configure allowed-unsafe-sysctls for a node pool. For CCE v1.17.17 and later versions, add configurations in allowedUnsafeSysctls of the pod security policy to make the configuration take effect. For details, see PodSecurityPolicy.
                                                                                                                    
+
                                                                                                                    • 
+
                                                                                                                    
+
                                                                                                                    Example of Enabling Unsafe Sysctls in Pod Security Policy
                                                                                                                    You can configure allowed-unsafe-sysctls for a node pool. For CCE clusters of v1.17.17 and later versions, add configurations in allowedUnsafeSysctls of the pod security policy to make the configuration take effect. For details, see Table 1.
                                                                                                                    
 
                                                                                                                    In addition to modifying the global pod security policy, you can add new pod security policies. For example, enable the net.core.somaxconn unsafe sysctls. The following is an example of adding a pod security policy:
                                                                                                                    
 
                                                                                                                    apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
diff --git a/docs/cce/umn/cce_10_0276.html b/docs/cce/umn/cce_10_0276.html
index 06e55d2dc..efdeab093 100644
--- a/docs/cce/umn/cce_10_0276.html
+++ b/docs/cce/umn/cce_10_0276.html
@@ -2,11 +2,11 @@
 
 
                                                                                                                    Performing Rolling Upgrade for Nodes
                                                                                                                    
 
                                                                                                                    Scenario
                                                                                                                    In a rolling upgrade, a new node is created, existing workloads are migrated to the new node, and then the old node is deleted. Figure 1 shows the migration process.
                                                                                                                    
-
                                                                                                                    Figure 1 Workload migration
                                                                                                                    
+
                                                                                                                    Figure 1 Workload migration
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Notes and Constraints
                                                                                                                    • The original node and the target node to which the workload is to be migrated must be in the same cluster.
                                                                                                                    • The cluster must be of v1.13.10 or later.
                                                                                                                    • The default node pool DefaultPool does not support this configuration.
                                                                                                                    
+
                                                                                                                    Constraints
                                                                                                                    • The original node and the target node to which the workload is to be migrated must be in the same cluster.
                                                                                                                    • The cluster must be of v1.13.10 or later.
                                                                                                                    • The default node pool DefaultPool does not support this configuration.
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Scenario 1: The Original Node Is in DefaultPool
                                                                                                                    1. Create a node pool. For details, see Creating a Node Pool.
                                                                                                                    2. Click the name of the node pool. The IP address of the new node is displayed in the node list.
                                                                                                                    1. Install and configure kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                    1. Migrate the workload.
                                                                                                                      1. Add a taint to the node where the workload needs to be migrated out.
                                                                                                                        kubectl taint node [node] key=value:[effect]
                                                                                                                        
+
                                                                                                                        Scenario 1: The Original Node Is in DefaultPool
                                                                                                                        1. Create a node pool. For details, see Creating a Node Pool.
                                                                                                                        2. On the node pool list page, click View Node in the Operation column of the target node pool. The IP address of the new node is displayed in the node list.
                                                                                                                        1. Install and configure kubectl. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                        1. Migrate the workload.
                                                                                                                          1. Add a taint to the node where the workload needs to be migrated out.
                                                                                                                            kubectl taint node [node] key=value:[effect]
                                                                                                                            
 
                                                                                                                            In the preceding command, [node] indicates the IP address of the node where the workload to be migrated is located. The value of [effect] can be NoSchedule, PreferNoSchedule, or NoExecute. In this example, set this parameter to NoSchedule.
                                                                                                                            
 
                                                                                                                            • NoSchedule: Pods that do not tolerate this taint are not scheduled on the node; existing pods are not evicted from the node.
                                                                                                                            • PreferNoSchedule: Kubernetes tries to avoid scheduling pods that do not tolerate this taint onto the node.
                                                                                                                            • NoExecute: A pod is evicted from the node if it is already running on the node, and is not scheduled onto the node if it is not yet running on the node.
                                                                                                                            
 
                                                                                                                             
                                                                                                                            To reset a taint, run the kubectl taint node [node] key:[effect]- command to remove the taint.
                                                                                                                            
@@ -20,20 +20,20 @@
 
                                                                                                                          1. Delete the original node.
                                                                                                                            After the workload is successfully migrated and runs properly, delete the original node.
                                                                                                                            
 
                                                                                                                          
 
                                                                                                                        
-
                                                                                                                        Scenario 2: The Original Node Is Not in DefaultPool
                                                                                                                        1. Copy the node pool and add nodes to it. For details, see Copying a Node Pool.
                                                                                                                        2. Click View Node in the Operation column of the node pool. The IP address of the new node is displayed in the node list.
                                                                                                                        1. Migrate the workload.
                                                                                                                          1. Click Edit on the right of original node pool and set Taints.
                                                                                                                          2. Enter the key and value of the taint. The options of Effect are NoSchedule, PreferNoSchedule, and NoExecute. Select NoExecute and click confirm to add.
                                                                                                                            • NoSchedule: Pods that do not tolerate this taint are not scheduled on the node; existing pods are not evicted from the node.
                                                                                                                            • PreferNoSchedule: Kubernetes tries to avoid scheduling pods that do not tolerate this taint onto the node.
                                                                                                                            • NoExecute: A pod is evicted from the node if it is already running on the node, and is not scheduled onto the node if it is not yet running on the node.
                                                                                                                            
-
                                                                                                                             
                                                                                                                            If you need to reset the taint, delete the configured taint.
                                                                                                                            
+
                                                                                                                            Scenario 2: The Original Node Is Not in DefaultPool
                                                                                                                            1. Copy the node pool and add nodes to it. For details, see Copying a Node Pool.
                                                                                                                            2. Click View Node in the Operation column of the node pool. The IP address of the new node is displayed in the node list.
                                                                                                                            1. Migrate the workload.
                                                                                                                              1. Click Edit on the right of original node pool and configure Taints.
                                                                                                                              2. Enter the key and value of a taint. The options of Effect are NoSchedule, PreferNoSchedule, and NoExecute. Select NoExecute and click Add.
                                                                                                                                • NoSchedule: Pods that do not tolerate this taint are not scheduled on the node; existing pods are not evicted from the node.
                                                                                                                                • PreferNoSchedule: Kubernetes tries to avoid scheduling pods that do not tolerate this taint onto the node.
                                                                                                                                • NoExecute: A pod is evicted from the node if it is already running on the node, and is not scheduled onto the node if it is not yet running on the node.
                                                                                                                                
+
                                                                                                                                 
                                                                                                                                To reset the taint, delete the configured one.
                                                                                                                                
 
                                                                                                                                
 
                                                                                                                              3. Click OK.
                                                                                                                              4. In the navigation pane of the CCE console, choose Workloads > Deployments. In the workload list, the status of the workload to be migrated changes from Running to Unready. If the workload status changes to Running again, the migration is successful.
                                                                                                                              
 
                                                                                                                               
                                                                                                                              During workload migration, if node affinity is configured for the workload, the workload keeps displaying a message indicating that the workload is not ready. In this case, click the workload name to go to the workload details page. On the Scheduling Policies tab page, delete the affinity configuration of the original node and configure the affinity and anti-affinity policies of the new node. For details, see Scheduling Policy (Affinity/Anti-affinity).
                                                                                                                              
 
                                                                                                                              
-
                                                                                                                              After the workload is successfully migrated, you can view that the workload is migrated to the node created in 1 on the Pods tab page of the workload details page.
                                                                                                                              
+
                                                                                                                              After the workload is migrated, you can view that the workload is migrated to the node created in 1 on the Pods tab page of the workload details page.
                                                                                                                              
 
                                                                                                                            1. Delete the original node.
                                                                                                                              After the workload is successfully migrated and runs properly, delete the original node.
                                                                                                                              
 
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            
-
                                                                                                                            Parent topic: Nodes
                                                                                                                            
+
                                                                                                                            Parent topic: Management Nodes
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            
 
diff --git a/docs/cce/umn/cce_10_0277.html b/docs/cce/umn/cce_10_0277.html
index 306e9b72f..ede5db939 100644
--- a/docs/cce/umn/cce_10_0277.html
+++ b/docs/cce/umn/cce_10_0277.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                            Overview
                                                                                                                            
 
                                                                                                                            CCE provides multiple types of add-ons to extend cluster functions and meet feature requirements. You can install add-ons as required.
                                                                                                                            
-
                                                                                                                             
                                                                                                                            CCE uses Helm templates to deploy add-ons. To modify or upgrade an add-on, perform operations on the Add-ons page or use open APIs. Do not directly modify resources related to add-ons in the background. Otherwise, add-on exceptions or other unexpected problems may occur.
                                                                                                                            
+
                                                                                                                             
                                                                                                                            CCE uses Helm charts to deploy add-ons. To modify or upgrade an add-on, perform operations on the Add-ons page or use open add-on management APIs. Do not directly modify resources related to add-ons in the background. Otherwise, add-on exceptions or other unexpected problems may occur.
                                                                                                                            
 
                                                                                                                            
 
 
                                                                                                                            
-
-
-
-
-
-
-
                                                                                                                            Table 1 Add-on list
                                                                                                                            Add-on Name
                                                                                                                            
@@ -11,19 +11,19 @@
                                                                                                                             		
 
                                                                                                                            
 
                                                                                                                            coredns (System Resource Add-On, Mandatory)
                                                                                                                            
+
                                                                                                                            coredns (System Resource Add-on, Mandatory)
                                                                                                                            
 
                                                                                                                            The coredns add-on is a DNS server that provides domain name resolution services for Kubernetes clusters. coredns chains plug-ins to provide additional features.
                                                                                                                            
+
                                                                                                                            CoreDNS is a DNS server that provides domain name resolution for Kubernetes clusters through chain plug-ins.
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            storage-driver (System Resource Add-On, Discarded)
                                                                                                                            
+
                                                                                                                            storage-driver(Flexvolume, Deprecated)
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            storage-driver is a FlexVolume driver used to support IaaS storage services such as EVS, SFS, and OBS.
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            everest (System Resource Add-On, Mandatory)
                                                                                                                            
+
                                                                                                                            everest (System Resource Add-on, Mandatory)
                                                                                                                            
 
                                                                                                                            Everest is a cloud native container storage system. Based on the Container Storage Interface (CSI), clusters of Kubernetes v1.15.6 or later obtain access to cloud storage services.
                                                                                                                            
+
                                                                                                                            everest is a cloud native container storage system, which enables clusters of Kubernetes v1.15.6 or later to use cloud storage through the Container Storage Interface (CSI).
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            
 
                                                                                                                            npd
                                                                                                                            
@@ -41,9 +41,9 @@
 
                                                                                                                            metrics-server is an aggregator for monitoring data of core cluster resources.
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            gpu-beta
                                                                                                                            
+
                                                                                                                            gpu-device-plugin (formerly gpu-beta)
                                                                                                                            
 
                                                                                                                            gpu-beta is a device management add-on that supports GPUs in containers. It supports only NVIDIA drivers.
                                                                                                                            
+
                                                                                                                            gpu-device-plugin is a device management add-on that supports GPUs in containers. It supports only NVIDIA drivers.
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            
 
                                                                                                                            volcano
                                                                                                                            
@@ -54,6 +54,154 @@
 
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            
+
                                                                                                                            Add-on Lifecycle
                                                                                                                            An add-on lifecycle involves all the statuses of the add-on from installation to uninstallation.
                                                                                                                            
+
+
                                                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                            Table 2 Add-on statuses
                                                                                                                            Status
                                                                                                                            
+
                                                                                                                            Attribute
                                                                                                                            
+
                                                                                                                            Description
                                                                                                                            
+
                                                                                                                            Running
                                                                                                                            
+
                                                                                                                            Stable state
                                                                                                                            
+
                                                                                                                            The add-on is running properly, all add-on instances are deployed properly, and the add-on can be used properly.
                                                                                                                            
+
                                                                                                                            Partially ready
                                                                                                                            
+
                                                                                                                            Stable state
                                                                                                                            
+
                                                                                                                            The add-on is running properly, but some add-on instances are not properly deployed. In this state, the add-on functions may be unavailable.
                                                                                                                            
+
                                                                                                                            Unavailable
                                                                                                                            
+
                                                                                                                            Stable state
                                                                                                                            
+
                                                                                                                            The add-on malfunctions, and all add-on instances are not properly deployed.
                                                                                                                            
+
                                                                                                                            Installing
                                                                                                                            
+
                                                                                                                            Intermediate state
                                                                                                                            
+
                                                                                                                            The add-on is being deployed.
                                                                                                                            
+
                                                                                                                            If all instances cannot be scheduled due to incorrect add-on configuration or insufficient resources, the system sets the add-on status to Unavailable 10 minutes later.
                                                                                                                            
+
                                                                                                                            Installation failed
                                                                                                                            
+
                                                                                                                            Stable state
                                                                                                                            
+
                                                                                                                            Install add-on failed. Uninstall it and try again.
                                                                                                                            
+
                                                                                                                            Upgrading
                                                                                                                            
+
                                                                                                                            Intermediate state
                                                                                                                            
+
                                                                                                                            The add-on is being upgraded.
                                                                                                                            
+
                                                                                                                            Upgrade failed
                                                                                                                            
+
                                                                                                                            Stable state
                                                                                                                            
+
                                                                                                                            Upgrade add-on failed. Upgrade it again, or uninstall it and try again.
                                                                                                                            
+
                                                                                                                            Rolling back
                                                                                                                            
+
                                                                                                                            Intermediate state
                                                                                                                            
+
                                                                                                                            The add-on is rolling back.
                                                                                                                            
+
                                                                                                                            Rollback failed
                                                                                                                            
+
                                                                                                                            Stable state
                                                                                                                            
+
                                                                                                                            The add-on rollback failed. Retry the rollback, or uninstall it and try again.
                                                                                                                            
+
                                                                                                                            Deleting
                                                                                                                            
+
                                                                                                                            Intermediate state
                                                                                                                            
+
                                                                                                                            The add-on is being deleted.
                                                                                                                            
+
                                                                                                                            If this state stays for a long time, an exception occurred.
                                                                                                                            
+
                                                                                                                            Deletion failed
                                                                                                                            
+
                                                                                                                            Stable state
                                                                                                                            
+
                                                                                                                            Delete add-on failed. Try again.
                                                                                                                            
+
                                                                                                                            Unknown
                                                                                                                            
+
                                                                                                                            Stable state
                                                                                                                            
+
                                                                                                                            No add-on chart found.
                                                                                                                            
+
                                                                                                                            
+
                                                                                                                            
+
                                                                                                                             
                                                                                                                            When an add-on is in an intermediate state such as Installing or Deleting, you are not allowed to edit or uninstall the add-on.
                                                                                                                            
+
                                                                                                                            
+
                                                                                                                            
+
                                                                                                                            Related Operations
                                                                                                                            You can perform the operations described in Table 3 on the Add-ons page.
+
                                                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                            Table 3 Related operations
                                                                                                                            Operation
                                                                                                                            
+
                                                                                                                            Description
                                                                                                                            
+
                                                                                                                            Procedure
                                                                                                                            
+
                                                                                                                            Install
                                                                                                                            
+
                                                                                                                            Install a specified add-on.
                                                                                                                            
+
                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons.
                                                                                                                            2. Click Install under the target add-on.
                                                                                                                              Each add-on has different configuration parameters. For details, see the corresponding chapter.
                                                                                                                              
+
                                                                                                                            3. Click OK.
                                                                                                                            
+
                                                                                                                            Upgrade
                                                                                                                            
+
                                                                                                                            Upgrade an add-on to the new version.
                                                                                                                            
+
                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons.
                                                                                                                            2. If an add-on can be upgraded, the Upgrade button is displayed under it.
                                                                                                                              Click Upgrade. Each add-on has different configuration parameters. For details, see the corresponding chapter.
                                                                                                                              
+
                                                                                                                            3. Click OK.
                                                                                                                            
+
                                                                                                                            Edit
                                                                                                                            
+
                                                                                                                            Edit add-on parameters.
                                                                                                                            
+
                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons.
                                                                                                                            2. Click Edit under the target add-on.
                                                                                                                              Each add-on has different configuration parameters. For details, see the corresponding chapter.
                                                                                                                              
+
                                                                                                                            3. Click OK.
                                                                                                                            
+
                                                                                                                            Uninstall
                                                                                                                            
+
                                                                                                                            Uninstall an add-on from the cluster.
                                                                                                                            
+
                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons.
                                                                                                                            2. Click Uninstall under the target add-on.
                                                                                                                            3. In the displayed dialog box, click Yes.
                                                                                                                              This operation cannot be undone.
                                                                                                                              
+
                                                                                                                            
+
                                                                                                                            
+
                                                                                                                            
+
                                                                                                                            
+
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            
diff --git a/docs/cce/umn/cce_10_0278.html b/docs/cce/umn/cce_10_0278.html
index 9b66158d2..9f96fe571 100644
--- a/docs/cce/umn/cce_10_0278.html
+++ b/docs/cce/umn/cce_10_0278.html
@@ -6,13 +6,13 @@
 
                                                                                                                            
 
                                                                                                                            Prerequisites
                                                                                                                            At least one cluster has been created.
                                                                                                                            
 
                                                                                                                            
-
                                                                                                                            Notes and Constraints
                                                                                                                            A maximum of 6,000 Services can be created in each namespace. The Services mentioned here indicate the Kubernetes Service resources added for workloads.
                                                                                                                            
+
                                                                                                                            Constraints
                                                                                                                            A maximum of 6,000 Services can be created in each namespace. The Services mentioned here indicate the Kubernetes Service resources added for workloads.
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            Namespace Types
                                                                                                                            Namespaces can be created in either of the following ways:
                                                                                                                            
 
                                                                                                                            • Created automatically: When a cluster is up, the default, kube-public, kube-system, and kube-node-lease namespaces are created by default.
                                                                                                                              • default: All objects for which no namespace is specified are allocated to this namespace.
                                                                                                                              • kube-public: Resources in this namespace can be accessed by all users (including unauthenticated users), such as public add-ons and container charts.
                                                                                                                              • kube-system: All resources created by Kubernetes are in this namespace.
                                                                                                                              • kube-node-lease: Each node has an associated Lease object in this namespace. The object is periodically updated by the node. Both NodeStatus and NodeLease are considered as heartbeats from a node. In versions earlier than v1.13, only NodeStatus is available. The NodeLease feature is introduced in v1.13. NodeLease is more lightweight than NodeStatus. This feature significantly improves the cluster scalability and performance.
                                                                                                                              
 
                                                                                                                            • Created manually: You can create namespaces to serve separate purposes. For example, you can create three namespaces, one for a development environment, one for joint debugging environment, and one for test environment. You can also create one namespace for login services and one for game services.
                                                                                                                            
 
                                                                                                                            
-
                                                                                                                            Creating a Namespace
                                                                                                                            1. Log in to the CCE console and access the cluster console.
                                                                                                                            2. Choose Namespaces in the navigation pane and click Create Namespace in the upper right corner.
                                                                                                                            3. Set namespace parameters based on Table 1.
                                                                                                                              
+
                                                                                                                              Creating a Namespace
                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                              2. Choose Namespaces in the navigation pane and click Create Namespace in the upper right corner.
                                                                                                                              3. Set namespace parameters based on Table 1.
                                                                                                                                
 
                                                                                                                                Table 1 Parameters for creating a namespace
                                                                                                                                Parameter
                                                                                                                                
                                                                                                                                 		
 
                                                                                                                                Description
                                                                                                                                
@@ -42,7 +42,7 @@
 
 
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                              4. When the configuration is complete, click OK.
                                                                                                                              
+
                                                                                                                            4. After the configuration is complete, click OK.
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            Using kubectl to Create a Namespace
                                                                                                                            Define a namespace.
                                                                                                                            
 
                                                                                                                            apiVersion: v1 
diff --git a/docs/cce/umn/cce_10_0279.html b/docs/cce/umn/cce_10_0279.html
index 55cecbab8..e9c942214 100644
--- a/docs/cce/umn/cce_10_0279.html
+++ b/docs/cce/umn/cce_10_0279.html
@@ -3,10 +3,10 @@
 
                                                                                                                            Overview
                                                                                                                            
 
                                                                                                                            Auto scaling is a service that automatically and economically adjusts service resources based on your service requirements and configured policies.
                                                                                                                            
 
                                                                                                                            Context
                                                                                                                            More and more applications are developed based on Kubernetes. It becomes increasingly important to quickly scale out applications on Kubernetes to cope with service peaks and to scale in applications during off-peak hours to save resources and reduce costs.
                                                                                                                            
-
                                                                                                                            In a Kubernetes cluster, auto scaling involves pods and nodes. A pod is an application instance. Each pod contains one or more containers and runs on a node (VM or bare-metal server). If a cluster does not have sufficient nodes to run new pods, you need to add nodes to the cluster to ensure service running.
                                                                                                                            
+
                                                                                                                            In a Kubernetes cluster, auto scaling involves pods and nodes. A pod is an application instance. Each pod contains one or more containers and runs on a node (VM or bare-metal server). If a cluster does not have sufficient nodes to run new pods, add nodes to the cluster to ensure service running.
                                                                                                                            
 
                                                                                                                            In CCE, auto scaling is used for online services, large-scale computing and training, deep learning GPU or shared GPU training and inference, periodic load changes, and many other scenarios.
                                                                                                                            
 
                                                                                                                            
-
                                                                                                                            Auto Scaling in CCE
                                                                                                                            CCE supports auto scaling for workloads and nodes.
                                                                                                                            
+
                                                                                                                            Auto Scaling in CCE
                                                                                                                            CCE supports auto scaling for workloads and nodes.
                                                                                                                            
 
                                                                                                                            • Workload scaling: Auto scaling at the scheduling layer to change the scheduling capacity of workloads. For example, you can use the HPA, a scaling component at the scheduling layer, to adjust the number of replicas of an application. Adjusting the number of replicas changes the scheduling capacity occupied by the current workload, thereby enabling scaling at the scheduling layer.
                                                                                                                            • Node scaling: Auto scaling at the resource layer. When the planned cluster nodes cannot allow workload scheduling, ECS resources are provided to support scheduling. 
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            Components
                                                                                                                            
@@ -29,7 +29,7 @@
 
 
                                                                                                                    A built-in component of Kubernetes, which enables horizontal scaling of pods. It adds the application-level cooldown time window and scaling threshold functions based on the HPA.
                                                                                                                    
 
                                                                                                                    Creating an HPA Policy for Workload Auto Scaling
                                                                                                                    
+
                                                                                                                    HPA
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    
 
 
 
 
 
 
 
                                                                                                                    
-
@@ -85,7 +85,7 @@
 
-
                                                                                                                    Table 1 Network model comparison
                                                                                                                    Dimension
                                                                                                                    
 
                                                                                                                    Container Tunnel Network
                                                                                                                    
+
                                                                                                                    Tunnel Network
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    VPC Network
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    A maximum of 2,000 nodes are supported.
                                                                                                                    
 
                                                                                                                    By default, 200 nodes are supported.
                                                                                                                    
+
                                                                                                                    A maximum of 2000 nodes are supported, which is restricted by the VPC routing capability.
                                                                                                                    
 
                                                                                                                    Each time a node is added to the cluster, a route is added to the VPC route tables. Therefore, the cluster scale is limited by the VPC route tables. 
                                                                                                                    
                                                                                                                     		
 
                                                                                                                    A maximum of 2,000 nodes are supported.
                                                                                                                    
@@ -94,7 +94,7 @@
 
 
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                     
                                                                                                                    1. The scale of a cluster that uses the VPC network model is limited by the custom routes of the VPC. Therefore, you need to estimate the number of required nodes before creating a cluster.
                                                                                                                    2. The scale of a cluster that uses the Cloud Native Network 2.0 model depends on the size of the VPC subnet CIDR block selected for the network attachment definition. Before creating a cluster, evaluate the scale of your cluster.
                                                                                                                    3. By default, VPC routing network supports direct communication between containers and hosts in the same VPC. If a peering connection policy is configured between the VPC and another VPC, the containers can directly communicate with hosts on the peer VPC. In addition, in hybrid networking scenarios such as Direct Connect and VPN, communication between containers and hosts on the peer end can also be achieved with proper planning.
                                                                                                                    4. Do not change the mask of the primary CIDR block on the VPC after a cluster is created. Otherwise, the network will be abnormal.
                                                                                                                    
+
                                                                                                                     
                                                                                                                    1. The scale of a cluster that uses the VPC network model is limited by the custom routes of the VPC. Therefore, estimate the number of required nodes before creating a cluster.
                                                                                                                    2. The scale of a cluster that uses the Cloud Native Network 2.0 model depends on the size of the VPC subnet CIDR block selected for the network attachment definition. Before creating a cluster, evaluate the scale of your cluster.
                                                                                                                    3. By default, VPC routing network supports direct communication between containers and hosts in the same VPC. If a peering connection policy is configured between the VPC and another VPC, the containers can directly communicate with hosts on the peer VPC. In addition, in hybrid networking scenarios such as Direct Connect and VPN, communication between containers and hosts on the peer end can also be achieved with proper planning.
                                                                                                                    4. Do not change the mask of the primary CIDR block on the VPC after a cluster is created. Otherwise, the network will be abnormal.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0282.html b/docs/cce/umn/cce_10_0282.html
index 9ad9ebf96..51a035ae9 100644
--- a/docs/cce/umn/cce_10_0282.html
+++ b/docs/cce/umn/cce_10_0282.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                    Container Tunnel Network
                                                                                                                    
-
                                                                                                                    Container Tunnel Network Model
                                                                                                                    The container tunnel network is constructed on but independent of the node network through tunnel encapsulation. This network model uses VXLAN to encapsulate Ethernet packets into UDP packets and transmits them in tunnels. Open vSwitch serves as the backend virtual switch. Though at some costs of performance, packet encapsulation and tunnel transmission enable higher interoperability and compatibility with advanced features (such as network policy-based isolation) for most common scenarios.
                                                                                                                    Figure 1 Container tunnel network
                                                                                                                    
+
                                                                                                                    Container Tunnel Network Model
                                                                                                                    The container tunnel network is constructed on but independent of the node network through tunnel encapsulation. This network model uses VXLAN to encapsulate Ethernet packets into UDP packets and transmits them in tunnels. Open vSwitch serves as the backend virtual switch. Though at some costs of performance, packet encapsulation and tunnel transmission enable higher interoperability and compatibility with advanced features (such as network policy-based isolation) for most common scenarios.
                                                                                                                    Figure 1 Container tunnel network
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    Pod-to-pod communication
                                                                                                                    
 
                                                                                                                    • On the same node: Packets are directly forwarded via the OVS bridge on the node.
                                                                                                                    • Across nodes: Packets are encapsulated in the OVS bridge and then forwarded to the peer node.
                                                                                                                    
@@ -9,13 +9,13 @@
 
                                                                                                                    Advantages and Disadvantages
                                                                                                                    Advantages
                                                                                                                    
 
                                                                                                                    • The container network is decoupled from the node network and is not limited by the VPC quotas and response speed (such as the number of VPC routes, number of elastic ENIs, and creation speed).
                                                                                                                    • Network isolation is supported. For details, see Network Policies.
                                                                                                                    • Bandwidth limits are supported.
                                                                                                                    • Large-scale networking is supported.
                                                                                                                    
 
                                                                                                                    Disadvantages
                                                                                                                    
-
                                                                                                                    • High encapsulation overhead, complex networking, and low performance
                                                                                                                    • Failure to use the load balancing and security group capabilities provided by the VPC
                                                                                                                    • External networks cannot be directly connected to container IP addresses.
                                                                                                                    
+
                                                                                                                    • High encapsulation overhead, complex networking, and low performance
                                                                                                                    • Pods cannot directly use functionalities such as EIPs and security groups.
                                                                                                                    • External networks cannot be directly connected to container IP addresses.
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Applicable Scenarios
                                                                                                                    • Low requirements on performance: As the container tunnel network requires additional VXLAN tunnel encapsulation, it has about 5% to 15% of performance loss when compared with the other two container network models. Therefore, the container tunnel network is applicable to the scenarios that do not have high performance requirements, such as web applications, and middle-end and back-end services with a small number of access requests.
                                                                                                                    • Large-scale networking: Different from the VPC network that is limited by the VPC route quota, the container tunnel network does not have any restriction on the infrastructure. In addition, the container tunnel network controls the broadcast domain to the node level. The container tunnel network supports a maximum of 2000 nodes.
                                                                                                                    
+
                                                                                                                    Applicable Scenarios
                                                                                                                    • Low requirements on performance: As the container tunnel network requires additional VXLAN tunnel encapsulation, it has about 5% to 15% of performance loss when compared with the other two container network models. Therefore, the container tunnel network applies to the scenarios that do not have high performance requirements, such as web applications, and middle-end and back-end services with a small number of access requests.
                                                                                                                    • Large-scale networking: Different from the VPC network that is limited by the VPC route quota, the container tunnel network does not have any restriction on the infrastructure. In addition, the container tunnel network controls the broadcast domain to the node level. The container tunnel network supports a maximum of 2000 nodes.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    Container IP Address Management
                                                                                                                    The container tunnel network allocates container IP addresses according to the following rules:
                                                                                                                    
 
                                                                                                                    • The container CIDR block is allocated separately, which is irrelevant to the node CIDR block.
                                                                                                                    • IP addresses are allocated by node. One or more CIDR blocks with a fixed size (16 by default) are allocated to each node in a cluster from the container CIDR block.
                                                                                                                    • When the IP addresses on a node are used up, you can apply for a new CIDR block.
                                                                                                                    • The container CIDR block cyclically allocates CIDR blocks to new nodes or existing nodes in sequence.
                                                                                                                    • Pods scheduled to a node are cyclically allocated IP addresses from one or more CIDR blocks allocated to the node.
                                                                                                                    
-
                                                                                                                    Figure 2 IP address allocation of the container tunnel network
                                                                                                                    
+
                                                                                                                    Figure 2 IP address allocation of the container tunnel network
                                                                                                                    
 
                                                                                                                    Maximum number of nodes that can be created in the cluster using the container tunnel network = Number of IP addresses in the container CIDR block / Size of the IP CIDR block allocated to the node by the container CIDR block at a time (16 by default)
                                                                                                                    
 
                                                                                                                    For example, if the container CIDR block is 172.16.0.0/16, the number of IP addresses is 65536. If 16 IP addresses are allocated to a node at a time, a maximum of 4096 (65536/16) nodes can be created in the cluster. This is an extreme case. If 4096 nodes are created, a maximum of 16 pods can be created for each node because only 16 IP CIDR block\s are allocated to each node. In addition, the number of nodes that can be created in a cluster also depends on the node network and cluster scale.
                                                                                                                    
 
                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0283.html b/docs/cce/umn/cce_10_0283.html
index 6b3b6783e..1a96f71ae 100644
--- a/docs/cce/umn/cce_10_0283.html
+++ b/docs/cce/umn/cce_10_0283.html
@@ -1,21 +1,21 @@
 
 
 
                                                                                                                    VPC Network
                                                                                                                    
-
                                                                                                                    Model Definition
                                                                                                                    The VPC network uses VPC routing to integrate with the underlying network. This network model is suitable for performance-intensive scenarios. The maximum number of nodes allowed in a cluster depends on the VPC route quota. Each node is assigned a CIDR block of a fixed size. This networking model is free from tunnel encapsulation overhead and outperforms the container tunnel network model. In addition, as VPC routing includes routes to node IP addresses and the container CIDR block, container pods in a cluster can be directly accessed from outside the cluster.
                                                                                                                    Figure 1 VPC network model
                                                                                                                    
+
                                                                                                                    Model Definition
                                                                                                                    The VPC network uses VPC routing to integrate with the underlying network. This network model is suitable for performance-intensive scenarios. The maximum number of nodes allowed in a cluster depends on the VPC route quota. Each node is assigned a CIDR block of a fixed size. This networking model is free from tunnel encapsulation overhead and outperforms the container tunnel network model. In addition, as VPC routing includes routes to node IP addresses and the container CIDR block, container pods in a cluster can be directly accessed from ECSs in the same VPC outside the cluster.
                                                                                                                    Figure 1 VPC network model
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    Pod-to-pod communication
                                                                                                                    
-
                                                                                                                    • On the same node: Packets are directly forwarded through IPVlan.
                                                                                                                    • Across nodes: Packets are forwarded to the default gateway through default routes, and then to the peer node via the VPC routes.
                                                                                                                    
+
                                                                                                                    • On the same node: Packets are directly forwarded through IPvlan.
                                                                                                                    • Across nodes: Packets are forwarded to the default gateway through default routes, and then to the peer node via the VPC routes.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    Advantages and Disadvantages
                                                                                                                    Advantages
                                                                                                                    
-
                                                                                                                    • No tunnel encapsulation is required, so network problems are easy to locate and the performance is high.
                                                                                                                    • External networks in a VPC can be directly connected to container IP addresses.
                                                                                                                    
+
                                                                                                                    • No tunnel encapsulation is required, so network problems are easy to locate and the performance is high.
                                                                                                                    • In the same VPC, the external network of the cluster can be directly connected to the container IP address.
                                                                                                                    
 
                                                                                                                    Disadvantages
                                                                                                                    
 
                                                                                                                    • The number of nodes is limited by the VPC route quota.
                                                                                                                    • Each node is assigned a CIDR block of a fixed size, which leads to a waste of IP addresses in the container CIDR block.
                                                                                                                    • Pods cannot directly use functionalities such as EIPs and security groups.
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Applicable Scenarios
                                                                                                                    • High performance requirements: As no tunnel encapsulation is required, the VPC network model delivers the performance close to that of a VPC network when compared with the container tunnel network model. Therefore, the VPC network model is applicable to scenarios that have high requirements on performance, such as AI computing and big data computing.
                                                                                                                    • Small- and medium-scale networking: The VPC network is limited by the VPC route quota. Currently, a maximum of 200 nodes are supported by default. If there are large-scale networking requirements, you can increase the VPC route quota.
                                                                                                                    
+
                                                                                                                    Applicable Scenarios
                                                                                                                    • High performance requirements: As no tunnel encapsulation is required, the VPC network model delivers the performance close to that of a VPC network when compared with the container tunnel network model. Therefore, the VPC network model applies to scenarios that have high requirements on performance, such as AI computing and big data computing.
                                                                                                                    • Small- and medium-scale networking: The VPC network is limited by the VPC route quota. Currently, a maximum of 200 nodes are supported by default. If there are large-scale networking requirements, you can increase the VPC route quota.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    Container IP Address Management
                                                                                                                    The VPC network allocates container IP addresses according to the following rules:
                                                                                                                    
 
                                                                                                                    • The container CIDR block is allocated separately.
                                                                                                                    • IP addresses are allocated by node. One CIDR block with a fixed size (which is configurable) is allocated to each node in a cluster from the container CIDR block.
                                                                                                                    • The container CIDR block cyclically allocates CIDR blocks to new nodes in sequence.
                                                                                                                    • Pods scheduled to a node are cyclically allocated IP addresses from CIDR blocks allocated to the node.
                                                                                                                    
-
                                                                                                                    Figure 2 IP address management of the VPC network
                                                                                                                    
+
                                                                                                                    Figure 2 IP address management of the VPC network
                                                                                                                    
 
                                                                                                                    Maximum number of nodes that can be created in the cluster using the VPC network = Number of IP addresses in the container CIDR block /Number of IP addresses in the CIDR block allocated to the node by the container CIDR block
                                                                                                                    
 
                                                                                                                    For example, if the container CIDR block is 172.16.0.0/16, the number of IP addresses is 65536. The mask of the container CIDR block allocated to the node is 25. That is, the number of container IP addresses on each node is 128. Therefore, a maximum of 512 (65536/128) nodes can be created. In addition, the number of nodes that can be created in a cluster also depends on the node network and cluster scale.
                                                                                                                    
 
                                                                                                                    
@@ -59,8 +59,8 @@ example-86b9779494-l8qrw   1/1     Running   0          14s   172.16.0.6   192.1
 example-86b9779494-svs8t   1/1     Running   0          14s   172.16.0.7   192.168.0.99   <none>           <none>
 example-86b9779494-x8kl5   1/1     Running   0          14s   172.16.0.5   192.168.0.99   <none>           <none>
 example-86b9779494-zt627   1/1     Running   0          14s   172.16.0.8   192.168.0.99   <none>           <none>
-
                                                                                                                    In this case, the IP address of the pod can be directly accessed from a node outside the cluster in the same VPC. This is a feature of the VPC network feature.
                                                                                                                    
-
                                                                                                                    The pod can also be accessed from a node in the same cluster or in the pod. As shown in the following figure, the pod can be accessed directly from the container.
                                                                                                                    
+
                                                                                                                    In this case, if you access the IP address of the pod from an ECS (outside the cluster) in the same VPC, the access is successful. This is a feature of VPC networking. Pods can be directly accessed from any node locating outside of the cluster and in the same VPC as that of the pods using the pods' IP addresses.
                                                                                                                    
+
                                                                                                                    Pods can be accessed from nodes or pods in the same cluster. In the following example, you can directly access the pods in the container.
                                                                                                                    
 
                                                                                                                    $ kubectl exec -it example-86b9779494-l8qrw -- curl 172.16.0.7
 <!DOCTYPE html>
 <html>
diff --git a/docs/cce/umn/cce_10_0284.html b/docs/cce/umn/cce_10_0284.html
index b36abe205..94a35269a 100644
--- a/docs/cce/umn/cce_10_0284.html
+++ b/docs/cce/umn/cce_10_0284.html
@@ -1,27 +1,27 @@
 
 
-
                                                                                                                    Cloud Native Network 2.0
                                                                                                                    
-
                                                                                                                    Model Definition
                                                                                                                    Developed by CCE, Cloud Native Network 2.0 deeply integrates Elastic Network Interfaces (ENIs) and sub-ENIs of Virtual Private Cloud (VPC). Container IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to direct access requests to containers. Security groups and elastic IPs (EIPs) are bound to deliver high performance.
                                                                                                                    
-
                                                                                                                    Figure 1 Cloud Native Network 2.0
                                                                                                                    
+
                                                                                                                    Cloud Native 2.0 Network
                                                                                                                    
+
                                                                                                                    Model Definition
                                                                                                                    Developed by CCE, Cloud Native 2.0 network deeply integrates Elastic Network Interfaces (ENIs) and sub-ENIs of Virtual Private Cloud (VPC). Container IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to direct access requests to containers. Security groups and elastic IPs (EIPs) are bound to deliver high performance.
                                                                                                                    
+
                                                                                                                    Figure 1 Cloud Native 2.0 network model
                                                                                                                    
 
                                                                                                                    Pod-to-pod communication
                                                                                                                    
 
                                                                                                                    • Pods on BMS nodes use ENIs, whereas pods on ECS nodes use Sub-ENIs. Sub-ENIs are attached to ENIs through VLAN sub-interfaces.
                                                                                                                    • On the same node: Packets are forwarded through the VPC ENI or sub-ENI.
                                                                                                                    • Across nodes: Packets are forwarded through the VPC ENI or sub-ENI.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    Advantages and Disadvantages
                                                                                                                    Advantages
                                                                                                                    
-
                                                                                                                    • As the container network directly uses VPC, it is easy to locate network problems and provide the highest performance.
                                                                                                                    • External networks in a VPC can be directly connected to container IP addresses.
                                                                                                                    • The load balancing, security group, and EIP capabilities provided by VPC can be used directly.
                                                                                                                    
+
                                                                                                                    • As the container network directly uses VPC, it is easy to locate network problems and provide the highest performance.
                                                                                                                    • External networks in a VPC can be directly connected to container IP addresses.
                                                                                                                    • The load balancing, security group, and EIP capabilities provided by VPC can be directly used by pods.
                                                                                                                    
 
                                                                                                                    Disadvantages
                                                                                                                    
 
                                                                                                                    The container network directly uses VPC, which occupies the VPC address space. Therefore, you must properly plan the container CIDR block before creating a cluster.
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Application Scenarios
                                                                                                                    • High performance requirements and use of other VPC network capabilities: Cloud Native Network 2.0 directly uses VPC, which delivers almost the same performance as the VPC network. Therefore, it is applicable to scenarios that have high requirements on bandwidth and latency, such as online live broadcast and e-commerce seckill.
                                                                                                                    • Large-scale networking: Cloud Native Network 2.0 supports a maximum of 2000 ECS nodes and 100,000 containers.
                                                                                                                    
+
                                                                                                                    Application Scenarios
                                                                                                                    • High performance requirements and use of other VPC network capabilities: Cloud Native Network 2.0 directly uses VPC, which delivers almost the same performance as the VPC network. Therefore, it applies to scenarios that have high requirements on bandwidth and latency.
                                                                                                                    • Large-scale networking: Cloud Native Network 2.0 supports a maximum of 2000 ECS nodes and 100,000 containers.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    Recommendation for CIDR Block Planning
                                                                                                                    As described in Cluster Network Structure, network addresses in a cluster can be divided into three parts: node network, container network, and service network. When planning network addresses, consider the following aspects:
                                                                                                                    
 
                                                                                                                    • The three CIDR blocks cannot overlap. Otherwise, a conflict occurs. All subnets (including those created from the secondary CIDR block) in the VPC where the cluster resides cannot conflict with the container and Service CIDR blocks.
                                                                                                                    • Ensure that each CIDR block has sufficient IP addresses.
                                                                                                                      • The IP addresses in the node CIDR block must match the cluster scale. Otherwise, nodes cannot be created due to insufficient IP addresses.
                                                                                                                      • The IP addresses in the container CIDR block must match the service scale. Otherwise, pods cannot be created due to insufficient IP addresses.
                                                                                                                      
 
                                                                                                                    
 
                                                                                                                    In the Cloud Native Network 2.0 model, the container CIDR block and node CIDR block share the network addresses in a VPC. It is recommended that the container subnet and node subnet not use the same subnet. Otherwise, containers or nodes may fail to be created due to insufficient IP resources.
                                                                                                                    
 
                                                                                                                    In addition, a subnet can be added to the container CIDR block after a cluster is created to increase the number of available IP addresses. In this case, ensure that the added subnet does not conflict with other subnets in the container CIDR block.
                                                                                                                    
-
                                                                                                                    Figure 2 Configuring CIDR blocks
                                                                                                                    
+
                                                                                                                    Figure 2 Configuring CIDR blocks
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Example of Cloud Native Network 2.0 Access 
                                                                                                                    Create a CCE Turbo cluster, which contains three ECS nodes.
                                                                                                                    
-
                                                                                                                    Access the details page of one node. You can see that the node has one primary NIC and one extended NIC, and both of them are ENIs. The extended NIC belongs to the container CIDR block and is used to mount a sub-ENI to the pod.
                                                                                                                    
+
                                                                                                                    Example of Cloud Native 2.0 Network Access
                                                                                                                    Create a CCE Turbo cluster, which contains three ECS nodes.
                                                                                                                    
+
                                                                                                                    Access the details page of one node. You can see that the node has one primary ENI and one extended ENI, and both of them are ENIs. The extended ENI belongs to the container CIDR block and is used to mount a sub-ENI to the pod.
                                                                                                                    
 
                                                                                                                    Create a Deployment in the cluster.
                                                                                                                    
 
                                                                                                                    kind: Deployment
 apiVersion: apps/v1
@@ -59,8 +59,8 @@ example-5bdc5699b7-gq7xs   1/1     Running   0          7s    10.1.16.63    10.1
 example-5bdc5699b7-h9rvb   1/1     Running   0          7s    10.1.16.125   10.1.0.167   <none>           <none>
 example-5bdc5699b7-s9fts   1/1     Running   0          7s    10.1.16.89    10.1.0.144   <none>           <none>
 example-5bdc5699b7-swq6q   1/1     Running   0          7s    10.1.17.111   10.1.0.167   <none>           <none>
                                                                                                                    
-
                                                                                                                    The IP addresses of all pods are sub-ENIs, which are mounted to the ENI (extended NIC) of the node.
                                                                                                                    
-
                                                                                                                    For example, the extended NIC of node 10.1.0.167 is 10.1.17.172. On the Network Interfaces page of the Network Console, you can see that three sub-ENIs are mounted to the extended NIC 10.1.17.172, which is the IP address of the pod.
                                                                                                                    
+
                                                                                                                    The IP addresses of all pods are sub-ENIs, which are mounted to the ENI (extended ENI) of the node.
                                                                                                                    
+
                                                                                                                    For example, the extended ENI of node 10.1.0.167 is 10.1.17.172. On the Network Interfaces page of the Network Console, you can see that three sub-ENIs are mounted to the extended ENI 10.1.17.172, which is the IP address of the pod.
                                                                                                                    
 
                                                                                                                    In the VPC, the IP address of the pod can be successfully accessed.
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0285.html b/docs/cce/umn/cce_10_0285.html
index 6176fe069..3355f18cb 100644
--- a/docs/cce/umn/cce_10_0285.html
+++ b/docs/cce/umn/cce_10_0285.html
@@ -7,14 +7,18 @@
 
                                                                                                                    • Group them in different clusters for different environments.
                                                                                                                      Resources cannot be shared among different clusters. In addition, services in different environments can access each other only through load balancing.
                                                                                                                      
 
                                                                                                                    • Group them in different namespaces for different environments.
                                                                                                                      Workloads in the same namespace can be mutually accessed by using the Service name. Cross-namespace access can be implemented by using the Service name or namespace name.
                                                                                                                      
 
                                                                                                                      The following figure shows namespaces created for the development, joint debugging, and testing environments, respectively.
                                                                                                                      
-
                                                                                                                      Figure 1 One namespace for one environment
                                                                                                                      
+
                                                                                                                      Figure 1 One namespace for one environment
                                                                                                                      
 
                                                                                                                    
 
                                                                                                                  • Isolating namespaces by application
                                                                                                                    You are advised to use this method if a large number of workloads are deployed in the same environment. For example, in the following figure, different namespaces (APP1 and APP2) are created to logically manage workloads as different groups. Workloads in the same namespace access each other using the Service name, and workloads in different namespaces access each other using the Service name or namespace name.
                                                                                                                    
-
                                                                                                                    Figure 2 Grouping workloads into different namespaces
                                                                                                                    
+
                                                                                                                    Figure 2 Grouping workloads into different namespaces
                                                                                                                    
 
                                                                                                                    • 
 
                                                                                                                    
+
                                                                                                                    Managing Namespace Labels
                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Namespaces.
                                                                                                                    2. Locate the row containing the target namespace and choose More > Manage Label in the Operation column.
                                                                                                                    3. In the dialog box that is displayed, the existing labels of the namespace are displayed. Modify the labels as needed.
                                                                                                                      • Adding a label: Click the add icon, enter the key and value of the label to be added, and click OK.
                                                                                                                        For example, the key is project and the value is cicd, indicating that the namespace is used to deploy CICD.
                                                                                                                        
+
                                                                                                                      • Deleting a label: Click  next the label to be deleted and then OK.
                                                                                                                      
+
                                                                                                                    4. Switch to the Manage Label dialog box again and check the modified labels.
                                                                                                                    
+
                                                                                                                    
 
                                                                                                                    Deleting a Namespace
                                                                                                                    If a namespace is deleted, all resources (such as workloads, jobs, and ConfigMaps) in this namespace will also be deleted. Exercise caution when deleting a namespace. 
                                                                                                                    
-
                                                                                                                    1. Log in to the CCE console and access the cluster console.
                                                                                                                    2. In the navigation pane, choose Namespaces, select the target namespace, and choose More > Delete.
                                                                                                                      Follow the prompts to delete the namespace. The default namespaces cannot be deleted.
                                                                                                                      
+
                                                                                                                      1. Log in to the CCE console and access the cluster console.
                                                                                                                      2. Choose Namespaces in the navigation pane. On the displayed page, click More in the row of the target namespace and choose Delete.
                                                                                                                        Follow the prompts to delete the namespace. The default namespaces cannot be deleted.
                                                                                                                        
 
                                                                                                                      
 
                                                                                                                    
 
                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0287.html b/docs/cce/umn/cce_10_0287.html
index 32a9f7c3c..d12a52777 100644
--- a/docs/cce/umn/cce_10_0287.html
+++ b/docs/cce/umn/cce_10_0287.html
@@ -36,7 +36,7 @@
 
 
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Starting from clusters of v1.21 and later, the default Resource Quotas are created when a namespace is created if you have enabled enable-resource-quota in Cluster Configuration Management. Table 1 lists the resource quotas based on cluster specifications. You can modify them according to your service requirements.
                                                                                                                    
+
                                                                                                                    Starting from clusters of v1.21 and later, the default Resource Quotas are created when a namespace is created if you have enabled enable-resource-quota in Cluster Configuration Management. Table 1 lists the resource quotas based on cluster specifications. You can modify them according to your service requirements.
                                                                                                                    
 
 
                                                                                                                    
@@ -108,9 +108,9 @@
 
                                                                                                                    Table 1 Default resource quotas
                                                                                                                    Cluster Scale
                                                                                                                    
 
                                                                                                                    
 
                                                                                                                    
 
-
                                                                                                                    Notes and Constraints
                                                                                                                    Kubernetes provides optimistic concurrency control (OCC), also known as optimistic locking, for frequent data updates. You can use optimistic locking by defining the resourceVersion field. This field is in the object metadata. This field identifies the internal version number of the object. When the object is modified, this field is modified accordingly. You can use kube-apiserver to check whether an object has been modified. When the API server receives an update request containing the resourceVersion field, the server compares the requested data with the resource version number of the server. If they are different, the object on the server has been modified when the update is submitted. In this case, the API server returns a conflict error (409). You need to obtain the server data, modify the data, and submit the data to the server again. The resource quota limits the total resource consumption of each namespace and records the resource information in the cluster. Therefore, after the enable-resource-quota option is enabled, the probability of resource creation conflicts increases in large-scale concurrency scenarios, affecting the performance of batch resource creation.
                                                                                                                    
+
                                                                                                                    Constraints
                                                                                                                    Kubernetes provides optimistic concurrency control (OCC), also known as optimistic locking, for frequent data updates. You can use optimistic locking by defining the resourceVersion field. This field is in the object metadata. This field identifies the internal version number of the object. When the object is modified, this field is modified accordingly. You can use kube-apiserver to check whether an object has been modified. When the API server receives an update request containing the resourceVersion field, the server compares the requested data with the resource version number of the server. If they are different, the object on the server has been modified when the update is submitted. In this case, the API server returns a conflict error (409). Obtain the server data, modify the data, and submit the data to the server again. The resource quota limits the total resource consumption of each namespace and records the resource information in the cluster. Therefore, after the enable-resource-quota option is enabled, the probability of resource creation conflicts increases in large-scale concurrency scenarios, affecting the performance of batch resource creation.
                                                                                                                    
 
                                                                                                                    
-
                                                                                                                    Procedure
                                                                                                                    1. Log in to the CCE console and access the cluster console.
                                                                                                                    2. In the navigation pane, click Namespaces.
                                                                                                                    3. Click Quota Management next to the target namespace.
                                                                                                                      This operation cannot be performed on system namespaces kube-system and kube-public.
                                                                                                                      
+
                                                                                                                      Procedure
                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                      2. Choose Namespaces in the navigation pane of the cluster console.
                                                                                                                      3. Click Manage Quota next to the target namespace.
                                                                                                                        This operation cannot be performed on system namespaces kube-system and kube-public.
                                                                                                                        
 
                                                                                                                      4. Set the resource quotas and click OK.
                                                                                                                         
                                                                                                                        • After setting CPU and memory quotas for a namespace, you must specify the request and limit values of CPU and memory resources when creating a workload. Otherwise, the workload cannot be created. If the quota of a resource is set to 0, the resource usage is not limited.
                                                                                                                        • Accumulated quota usage includes the resources used by CCE to create default components, such as the Kubernetes Services (which can be viewed using kubectl) created under the default namespace. Therefore, you are advised to set a resource quota greater than expected to reserve resource for creating default components.
                                                                                                                        
 
                                                                                                                        
 
                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0288.html b/docs/cce/umn/cce_10_0288.html
index 5a6ed8d4a..45afd27fe 100644
--- a/docs/cce/umn/cce_10_0288.html
+++ b/docs/cce/umn/cce_10_0288.html
@@ -1,42 +1,42 @@
 
 
 
                                                                                                                      Security Group Policies
                                                                                                                      
-
                                                                                                                      When the Cloud Native Network 2.0 model is used, pods use VPC ENIs or sub-ENIs for networking. You can directly bind security groups and EIPs to pods. CCE provides a custom resource object named SecurityGroup for you to associate security groups with pods in CCE. You can customize workloads with specific security isolation requirements using SecurityGroups.
                                                                                                                      
-
                                                                                                                      Notes and Constraints
                                                                                                                      • This function is supported for CCE Turbo clusters of v1.19 and later. Upgrade your CCE Turbo clusters if their versions are earlier than v1.19.
                                                                                                                      • A workload can be bound to a maximum of five security groups.
                                                                                                                      
+
                                                                                                                      In Cloud Native Network 2.0, pods use VPC ENIs or sub-ENIs for networking. You can directly bind security groups and EIPs to pods. To bind CCE pods with security groups, CCE provides a custom resource object named SecurityGroup. Using this resource object, you can customize security isolation for workloads.
                                                                                                                      
+
                                                                                                                      Constraints
                                                                                                                      • This function is supported for CCE Turbo clusters of v1.19 and later. Upgrade your CCE Turbo clusters if their versions are earlier than v1.19.
                                                                                                                      • A workload can be bound to a maximum of five security groups.
                                                                                                                      
 
                                                                                                                      
-
                                                                                                                      Using the Console
                                                                                                                      1. Log in to the CCE console and access the cluster console.
                                                                                                                      2. In the navigation pane, choose Workloads. On the displayed page, click the name of the target workload.
                                                                                                                      3. Switch to the Security Group Policy tab page and click Create.
                                                                                                                        
+
                                                                                                                        Using the Console
                                                                                                                        1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                        2. In the navigation pane, choose Workloads. On the displayed page, click the desired workload name.
                                                                                                                        3. Switch to the SecurityGroups tab page and click Create.
                                                                                                                          
 
                                                                                                                        4. Set the parameters as described in Table 1.
                                                                                                                          
-
                                                                                                                          Table 1 Configuration parameters
                                                                                                                          Parameter
                                                                                                                          
+
                                                                                                                          
-
-
-
-
-
-
-
-
                                                                                                                          Table 1 Configuration parameters
                                                                                                                          Parameter
                                                                                                                          
 
                                                                                                                          Description
                                                                                                                          
+
                                                                                                                          Description
                                                                                                                          
 
                                                                                                                          Example Value
                                                                                                                          
+
                                                                                                                          Example Value
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          
 
                                                                                                                          Security Group Policy Name
                                                                                                                          
+
                                                                                                                          Security Group Policy Name
                                                                                                                          
 
                                                                                                                          Enter a security policy name.
                                                                                                                          
+
                                                                                                                          Enter a security policy name.
                                                                                                                          
 
                                                                                                                          Enter 1 to 63 characters. The value must start with a lowercase letter and cannot end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.
                                                                                                                          
 
                                                                                                                          security-group
                                                                                                                          
+
                                                                                                                          security-group
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          Associate Security Group
                                                                                                                          
+
                                                                                                                          Associate Security Group
                                                                                                                          
 
                                                                                                                          The selected security group will be bound to the ENI or supplementary ENI of the selected workload. A maximum of five security groups can be selected from the drop-down list. You must select one or multiple security groups to create a SecurityGroup.
                                                                                                                          
+
                                                                                                                          The selected security group will be bound to the ENI or supplementary ENI of the selected workload. A maximum of five security groups can be selected from the drop-down list. You must select one or multiple security groups to create a SecurityGroup.
                                                                                                                          
 
                                                                                                                          If no security group has not been created, click Create Security Group. After the security group is created, click the refresh button.
                                                                                                                          
-
                                                                                                                           NOTICE: 
                                                                                                                          • A maximum of 5 security groups can be selected.
                                                                                                                          • Hover the cursor on  next to the security group name, and you can view details about the security group.
                                                                                                                          
+
                                                                                                                           NOTICE: 
                                                                                                                          • A maximum of five security groups can be selected.
                                                                                                                          • Hover the cursor on  next to the security group name, and you can view details about the security group.
                                                                                                                          
 
                                                                                                                          
 
                                                                                                                          64566556-bd6f-48fb-b2c6-df8f44617953
                                                                                                                          
+
                                                                                                                          64566556-bd6f-48fb-b2c6-df8f44617953
                                                                                                                          
 
                                                                                                                          5451f1b0-bd6f-48fb-b2c6-df8f44617953
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          
                                                                                                                           
 
                                                                                                                          
 
                                                                                                                          
-
                                                                                                                        5. After setting the parameters, click OK.
                                                                                                                          After the security group is created, the system automatically returns to the security group list page where you can see the new security group.
                                                                                                                          
+
                                                                                                                        6. After setting the parameters, click OK.
                                                                                                                          After the security group is created, the system automatically returns to the security group list page where you can see the new security group.
                                                                                                                          
 
                                                                                                                          7. 
 
 
                                                                                                                          Using kubectl
                                                                                                                          1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                          2. Create a description file named securitygroup-demo.yaml.
                                                                                                                            vi securitygroup-demo.yaml
                                                                                                                            
@@ -54,68 +54,68 @@ spec:
   - id: 64566556-bd6f-48fb-b2c6-df8f44617953
   - id: 5451f1b0-bd6f-48fb-b2c6-df8f44617953
 
                                                                                                                            Table 2 describes the parameters in the YAML file.
-
                                                                                                                            Table 2 Description
                                                                                                                            Field
                                                                                                                            
+
                                                                                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -136,7 +136,7 @@ demo                       map[matchLabels:map[app:nginx]]   2m9s
                                                                                                                            
 
                                                                                                                            
-
                                                                                                                            Parent topic: Workloads
                                                                                                                            
+
                                                                                                                            Parent topic: Cloud Native Network 2.0 Settings
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            
 
diff --git a/docs/cce/umn/cce_10_0293.html b/docs/cce/umn/cce_10_0293.html
index dc8e0b534..7232b8f47 100644
--- a/docs/cce/umn/cce_10_0293.html
+++ b/docs/cce/umn/cce_10_0293.html
@@ -7,7 +7,7 @@
 
                                                                                                                              
 
                                                                                                                            • Workload Scaling Mechanisms
                                                                                                                              
 
                                                                                                                              • 
-
                                                                                                                            • Creating an HPA Policy for Workload Auto Scaling
                                                                                                                              
+
                                                                                                                            • HPA
                                                                                                                              
 
                                                                                                                              • 
 
                                                                                                                            • Managing Workload Scaling Policies
                                                                                                                              
 
                                                                                                                              • 
diff --git a/docs/cce/umn/cce_10_0296.html b/docs/cce/umn/cce_10_0296.html
index 161f69442..07053cdf3 100644
--- a/docs/cce/umn/cce_10_0296.html
+++ b/docs/cce/umn/cce_10_0296.html
@@ -1,22 +1,82 @@
 
 
 
                                                                                                                              Node Scaling Mechanisms
                                                                                                                              
-
                                                                                                                              Kubernetes HPA is designed for pods. However, if the cluster resources are insufficient, you can only add nodes. Scaling of cluster nodes could be laborious. Now with clouds, you can add or delete nodes by simply calling APIs.
                                                                                                                              
-
                                                                                                                              autoscaler is a component provided by Kubernetes for auto scaling of cluster nodes based on the pod scheduling status and resource usage.
                                                                                                                              
+
                                                                                                                              HPA is designed for pod-level scaling and can dynamically adjust the number of replicas based on workload metrics. However, if cluster resources are insufficient and new replicas cannot run, you can only scale out the cluster.
                                                                                                                              
+
                                                                                                                              autoscaler is an auto scaling component provided by Kubernetes. It automatically scales in or out nodes in a cluster based on the pod scheduling status and resource usage. It supports multiple scaling modes, such as multi-AZ, multi-pod-specifications, metric triggering, and periodic triggering, to meet the requirements of different node scaling scenarios.
                                                                                                                              
 
                                                                                                                              Prerequisites
                                                                                                                              Before using the node scaling function, you must install the autoscaler add-on of v1.13.8 or later.
                                                                                                                              
 
                                                                                                                              
-
                                                                                                                              How autoscaler Works
                                                                                                                              The cluster autoscaler (CA) goes through two processes.
                                                                                                                              
-
                                                                                                                              • Scale-out: The CA checks all unschedulable pods every 10 seconds and selects a node pool that meets the requirements for scale-out based on the policy you set.
                                                                                                                              • Scale-in: The CA scans all nodes every 10 seconds. If the number of pod requests on a node is less than the user-defined percentage for scale-in, the CA simulates whether the pods on the node can be migrated to other nodes. If yes, the node will be removed after an idle time window.
                                                                                                                              
-
                                                                                                                              As described above, if a cluster node is idle for a period of time (10 minutes by default), scale-in is triggered, and the idle node is removed.
                                                                                                                              
-
                                                                                                                              However, a node cannot be removed from a cluster if the following pods exist:
                                                                                                                              
-
                                                                                                                              1. Pods that do not meet specific requirements set in PodDisruptionBudget
                                                                                                                              2. Pods that cannot be scheduled to other nodes due to constraints such as affinity and anti-affinity policies
                                                                                                                              3. Pods that have the "cluster-autoscaler.kubernetes.io/safe-to-evict": "false" annotation
                                                                                                                              4. Pods (except those created by DaemonSets in the kube-system namespace) that exist in the kube-system namespace on the node
                                                                                                                              5. Pods that are not created by the controller (Deployment/ReplicaSet/job/StatefulSet)
                                                                                                                              
+
                                                                                                                              How autoscaler Works
                                                                                                                              autoscaler goes through two processes.
                                                                                                                              
+
                                                                                                                              • Scale-out: autoscaler checks all unscheduled pods every 10 seconds and selects a node pool that meets the requirements for scale-out based on the policy you set.
                                                                                                                                 
                                                                                                                                When autoscaler checks unscheduled pods for scale outs, it uses the scheduling algorithm consistent with the Kubernetes community version for simulated scheduling calculation. If non-built-in kube-schedulers or other non-Kubernetes community scheduling policies are used for application scheduling, when autoscaler is used to expand the capacity for such applications, the capacity may fail to be expanded or may be expanded more than expected due to inconsistent scheduling algorithms.
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                              • Scale-in: autoscaler scans all nodes every 10 seconds. If the number of pod requests on a node is less than the user-defined percentage for scale-in, autoscaler simulates whether the pods on the node can be migrated to other nodes. If yes, the node will be removed after an idle time window.
                                                                                                                                When a cluster node is idle for a period of time (10 minutes by default), cluster scale-in is triggered, and the node is automatically deleted. However, a node cannot be deleted from a cluster if the following pods exist:
                                                                                                                                • Pods that do not meet specific requirements set in Pod Disruption Budgets (PodDisruptionBudget)
                                                                                                                                • Pods that cannot be scheduled to other nodes due to constraints such as affinity and anti-affinity policies
                                                                                                                                • Pods that have the cluster-autoscaler.kubernetes.io/safe-to-evict: 'false' annotation
                                                                                                                                • Pods (except those created by DaemonSets in the kube-system namespace) that exist in the kube-system namespace on the node
                                                                                                                                • Pods that are not created by the controller (Deployment/ReplicaSet/job/StatefulSet)
                                                                                                                                
+
                                                                                                                                 
                                                                                                                                When a node meets the scale-in conditions, autoscaler adds the DeletionCandidateOfClusterAutoscaler taint to the node in advance to prevent pods from being scheduled to the node. After the autoscaler add-on is uninstalled, if the taint still exists on the node, manually delete it.
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                              
 
                                                                                                                              
 
                                                                                                                              autoscaler Architecture
                                                                                                                              Figure 1 shows the autoscaler architecture and its core modules:
                                                                                                                              
-
                                                                                                                              Figure 1 autoscaler architecture
                                                                                                                              
+
                                                                                                                              Figure 1 autoscaler architecture
                                                                                                                              
 
                                                                                                                              Description
                                                                                                                              
-
                                                                                                                              • Estimator: Evaluates the number of nodes to be added to each node pool to host unschedulable pods.
                                                                                                                              • Simulator: Finds the nodes that meet the scale-in conditions in the scale-in scenario.
                                                                                                                              • Expander: Selects an optimal node from the node pool picked out by the Estimator based on the user-defined policy in the scale-out scenario. Currently, the Expander has the following policies:
                                                                                                                                • Random: Selects a node pool randomly. If you have not specified a policy, Random is set by default.
                                                                                                                                • most-Pods: Selects the node pool that can host the largest number of unschedulable pods after the scale-out. If multiple node pools meet the requirement, a random node pool will be selected.
                                                                                                                                • least-waste: Selects the node pool that has the least CPU or memory resource waste after scale-out.
                                                                                                                                • price: Selects the node pool in which the to-be-added nodes cost least for scale-out.
                                                                                                                                • priority: Selects the node pool with the highest weight. The weights are user-defined.
                                                                                                                                
+
                                                                                                                                • Estimator: Evaluates the number of nodes to be added to each node pool to host unschedulable pods.
                                                                                                                                • Simulator: Finds the nodes that meet the scale-in conditions in the scale-in scenario.
                                                                                                                                • Expander: Selects an optimal node from the node pool picked out by the Estimator based on the user-defined policy in the scale-out scenario. Currently, the Expander has the following policies:
+
                                                                                                                            Table 2 Description
                                                                                                                            Field
                                                                                                                            
 
                                                                                                                            Description
                                                                                                                            
+
                                                                                                                            Description
                                                                                                                            
 
                                                                                                                            Mandatory
                                                                                                                            
+
                                                                                                                            Mandatory
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            
 
                                                                                                                            apiVersion
                                                                                                                            
+
                                                                                                                            apiVersion
                                                                                                                            
 
                                                                                                                            API version. The value is crd.yangtse.cni/v1.
                                                                                                                            
+
                                                                                                                            API version. The value is crd.yangtse.cni/v1.
                                                                                                                            
 
                                                                                                                            Yes
                                                                                                                            
+
                                                                                                                            Yes
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            kind
                                                                                                                            
+
                                                                                                                            kind
                                                                                                                            
 
                                                                                                                            Type of the object to be created.
                                                                                                                            
+
                                                                                                                            Type of the object to be created.
                                                                                                                            
 
                                                                                                                            Yes
                                                                                                                            
+
                                                                                                                            Yes
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            metadata
                                                                                                                            
+
                                                                                                                            metadata
                                                                                                                            
 
                                                                                                                            Metadata definition of the resource object.
                                                                                                                            
+
                                                                                                                            Metadata definition of the resource object.
                                                                                                                            
 
                                                                                                                            Yes
                                                                                                                            
+
                                                                                                                            Yes
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            name
                                                                                                                            
+
                                                                                                                            name
                                                                                                                            
 
                                                                                                                            Name of the SecurityGroup.
                                                                                                                            
+
                                                                                                                            Name of the SecurityGroup.
                                                                                                                            
 
                                                                                                                            Yes
                                                                                                                            
+
                                                                                                                            Yes
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            namespace
                                                                                                                            
+
                                                                                                                            namespace
                                                                                                                            
 
                                                                                                                            Name of the namespace.
                                                                                                                            
+
                                                                                                                            Name of the namespace.
                                                                                                                            
 
                                                                                                                            Yes
                                                                                                                            
+
                                                                                                                            Yes
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            spec
                                                                                                                            
+
                                                                                                                            spec
                                                                                                                            
 
                                                                                                                            Detailed description of the SecurityGroup.
                                                                                                                            
+
                                                                                                                            Detailed description of the SecurityGroup.
                                                                                                                            
 
                                                                                                                            Yes
                                                                                                                            
+
                                                                                                                            Yes
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            podSelector
                                                                                                                            
+
                                                                                                                            podSelector
                                                                                                                            
 
                                                                                                                            Used to define the workload to be associated with security groups in the SecurityGroup.
                                                                                                                            
+
                                                                                                                            Used to define the workload to be associated with security groups in the SecurityGroup.
                                                                                                                            
 
                                                                                                                            Yes
                                                                                                                            
+
                                                                                                                            Yes
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            securityGroups
                                                                                                                            
+
                                                                                                                            securityGroups
                                                                                                                            
 
                                                                                                                            Security group ID.
                                                                                                                            
+
                                                                                                                            Security group ID.
                                                                                                                            
 
                                                                                                                            Yes
                                                                                                                            
+
                                                                                                                            Yes
                                                                                                                            
                                                                                                                             		
 
                                                                                                                            
                                                                                                                             
 
 
                                                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                            Table 1 Expander policies supported by CCE
                                                                                                                            Policy
                                                                                                                            
+
                                                                                                                            Description
                                                                                                                            
+
                                                                                                                            Application Scenario
                                                                                                                            
+
                                                                                                                            Example
                                                                                                                            
+
                                                                                                                            Random
                                                                                                                            
+
                                                                                                                            Randomly selects a schedulable node pool to perform the scale-out.
                                                                                                                            
+
                                                                                                                            This policy is typically used as a basic backup for other complex policies. Only use this policy if the other policies cannot be used.
                                                                                                                            
+
                                                                                                                            Assume that auto scaling is enabled for node pools 1 and 2 in the cluster and the scale-out upper limit is not reached. The policy for scaling out the number of replicas for a workload is as follows:
                                                                                                                            
+
                                                                                                                            1. Pending pods trigger the autoscaler to determine the scale-out process.
                                                                                                                            2. autoscaler simulates the scheduling phase and evaluates that the pending pods can be scheduled to the added nodes in both node pools 1 and 2.
                                                                                                                            3. autoscaler randomly selects node pool 1 or node pool 2 for scale-out.
                                                                                                                            
+
                                                                                                                            most-pods
                                                                                                                            
+
                                                                                                                            A combined policy. It takes precedence over the random policy.
                                                                                                                            
+
                                                                                                                            Preferentially selects the node pool that can schedule the most pods after scale-out. If multiple node pools meet the condition, the random policy is used for further decision-making.
                                                                                                                            
+
                                                                                                                            This policy is based on the maximum number of pods that can be scheduled.
                                                                                                                            
+
                                                                                                                            Assume that auto scaling is enabled for node pools 1 and 2 in the cluster and the scale-out upper limit is not reached. The policy for scaling out the number of replicas for a workload is as follows:
                                                                                                                            
+
                                                                                                                            1. Pending pods trigger the autoscaler to determine the scale-out process.
                                                                                                                            2. autoscaler simulates the scheduling phase and evaluates that some pending pods can be scheduled to the added nodes in both node pools 1 and 2.
                                                                                                                            3. autoscaler evaluates that node pool 1 can schedule 20 new pods and node pool 2 can schedule only 10 new pods after scale-out. Therefore, autoscaler selects node pool 1 for scale-out.
                                                                                                                            
+
                                                                                                                            least-waste
                                                                                                                            
+
                                                                                                                            A combined policy. It takes precedence over the random policy.
                                                                                                                            
+
                                                                                                                            autoscaler evaluates the overall CPU or memory allocation rate of the node pools and selects the node pool with the minimum CPU or memory waste. If multiple node pools meet the condition, the random policy is used for further decision-making.
                                                                                                                            
+
                                                                                                                            This policy uses the minimum waste score of CPU or memory resources as the selection criteria.
                                                                                                                            
+
                                                                                                                            The formula for calculating the minimum waste score (wastedScore) is as follows:
                                                                                                                            
+
                                                                                                                            • wastedCPU = (Total number of CPUs of the nodes to be scaled out – Total number of CPUs of the pods to be scheduled)/Total number of CPUs of the nodes to be scaled out
                                                                                                                            • wastedMemory = (Total memory size of nodes to be scaled out – Total memory size of pods to be scheduled)/Total memory size of nodes to be scaled out
                                                                                                                            • wastedScore  =  wastedCPU + wastedMemory
                                                                                                                            
+
                                                                                                                            Assume that auto scaling is enabled for node pools 1 and 2 in the cluster and the scale-out upper limit is not reached. The policy for scaling out the number of replicas for a workload is as follows:
                                                                                                                            
+
                                                                                                                            1. Pending pods trigger the autoscaler to determine the scale-out process.
                                                                                                                            2. autoscaler simulates the scheduling phase and evaluates that some pending pods can be scheduled to the added nodes in both node pools 1 and 2.
                                                                                                                            3. autoscaler evaluates that the minimum waste score of node pool 1 after scale-out is smaller than that of node pool 2. Therefore, autoscaler selects node pool 1 for scale-out.
                                                                                                                            
+
                                                                                                                            priority
                                                                                                                            
+
                                                                                                                            A combined policy. The priorities for the policies are as follows: priority > least-waste > random.
                                                                                                                            
+
                                                                                                                            It is an enhanced least-waste policy configured based on the node pool or scaling group priority. If multiple node pools meet the condition, the least-waste policy is used for further decision-making.
                                                                                                                            
+
                                                                                                                            This policy allows you to configure and manage the priorities of node pools or scaling groups through the console or API, while the least-waste policy can reduce the resource waste ratio in common scenarios. This policy has wider applicability and is used as the default selection policy.
                                                                                                                            
+
                                                                                                                            Assume that auto scaling is enabled for node pools 1 and 2 in the cluster and the scale-out upper limit is not reached. The policy for scaling out the number of replicas for a workload is as follows:
                                                                                                                            
+
                                                                                                                            1. Pending pods trigger the autoscaler to determine the scale-out process.
                                                                                                                            2. autoscaler simulates the scheduling phase and evaluates that some pending pods can be scheduled to the added nodes in both node pools 1 and 2.
                                                                                                                            3. autoscaler evaluates that node pool 1 has a higher priority than node pool 2. Therefore, autoscaler selects node pool 1 for scale-out.
                                                                                                                            
+
                                                                                                                            
+
                                                                                                                            
 
-
                                                                                                                            Currently, CCE supports all policies except price. By default, CCE add-ons use the least-waste policy.
                                                                                                                            
 
 
 
                                                                                                                            
diff --git a/docs/cce/umn/cce_10_0298.html b/docs/cce/umn/cce_10_0298.html
index 116f47317..1cd8f93d5 100644
--- a/docs/cce/umn/cce_10_0298.html
+++ b/docs/cce/umn/cce_10_0298.html
@@ -1,40 +1,18 @@
 
 
-
                                                                                                                            Creating a CCE Turbo Cluster
                                                                                                                            
-
                                                                                                                            CCE Turbo clusters run on a cloud native infrastructure that features software-hardware synergy to support passthrough networking, high security and reliability, and intelligent scheduling.
                                                                                                                            
-
                                                                                                                            CCE Turbo clusters are paired with the Cloud Native Network 2.0 model for large-scale, high-performance container deployment. Containers are assigned IP addresses from the VPC CIDR block. Containers and nodes can belong to different subnets. Access requests from external networks in a VPC can be directly routed to container IP addresses, which greatly improves networking performance. It is recommended that you go through Cloud Native Network 2.0 to understand the features and network planning of each CIDR block of Cloud Native Network 2.0.
                                                                                                                            
-
                                                                                                                            Notes and Constraints
                                                                                                                            • During the node creation, software packages are downloaded from OBS using the domain name. You need to use a private DNS server to resolve the OBS domain name, and configure the DNS server address of the subnet where the node resides with a private DNS server address. When you create a subnet, the private DNS server is used by default. If you change the subnet DNS, ensure that the DNS server in use can resolve the OBS domain name.
                                                                                                                            • You can create a maximum of 50 clusters in a single region.
                                                                                                                            • CCE Turbo clusters support only Cloud Native Network 2.0. For details about this network model, see Cloud Native Network 2.0.
                                                                                                                            • After a cluster is created, the following items cannot be changed:
                                                                                                                              • Cluster type
                                                                                                                              • Number of master nodes in the cluster
                                                                                                                              • AZ of a master node
                                                                                                                              • Network configuration of the cluster, such as the VPC, subnet, container CIDR block, Service CIDR block, and kube-proxy (forwarding) settings.
                                                                                                                              • Network model. For example, change Tunnel network to VPC network.
                                                                                                                              
-
                                                                                                                            
-
                                                                                                                            
-
                                                                                                                            Procedure
                                                                                                                            1. Log in to the CCE console. Choose Clusters. On the displayed page, click Create next to CCE Turbo cluster.
                                                                                                                            2. Specify cluster parameters.
                                                                                                                              Basic Settings
                                                                                                                              • Cluster Name
                                                                                                                              • Cluster Version: Select the Kubernetes version used by the cluster.
                                                                                                                              • Cluster Scale: Select the maximum number of nodes that can be managed by the cluster. After the creation is complete, only scale-out is supported, but not scale-in.
                                                                                                                              • HA: distribution mode of master nodes. By default, master nodes are randomly distributed in different AZs to improve DR capabilities.
                                                                                                                                You can also expand advanced settings and customize the master node distribution mode. The following modes are supported:
                                                                                                                                • Host: Master nodes are created on different hosts in the same AZ.
                                                                                                                                • Custom: You can determine the location of each master node.
                                                                                                                                
-
                                                                                                                                
-
                                                                                                                              
-
                                                                                                                              
-
                                                                                                                              Network Settings
                                                                                                                              
-
                                                                                                                              The cluster network settings cover nodes, containers, and Services. For details about the cluster networking and container network models, see Overview.
                                                                                                                              
-
                                                                                                                              • Network Model: CCE Turbo clusters support only Cloud Native Network 2.0. For details, see Cloud Native Network 2.0.
                                                                                                                              • VPC: Select the VPC to which the cluster belongs. If no VPC is available, click Create VPC to create one. The value cannot be changed after creation.
                                                                                                                              • Master Node Subnet: Select the subnet where the master node is deployed. If no subnet is available, click Create Subnet to create one. A master node requires at least four IP addresses, which cannot be changed after creation.
                                                                                                                              • Pod Subnet: Select the subnet where the container is located. If no subnet is available, click Create Subnet to create one. The pod subnet determines the maximum number of containers in the cluster. You can add pod subnets after creating the cluster.
                                                                                                                              • Service CIDR Block: CIDR block for Services used by containers in the same cluster to access each other. The value determines the maximum number of Services you can create. The value cannot be changed after creation.
                                                                                                                              
-
                                                                                                                              Advanced Settings
                                                                                                                              
-
                                                                                                                              • Request Forwarding: The IPVS and iptables modes are supported. For details, see Comparing iptables and IPVS.
                                                                                                                              • CPU Manager: For details, see Binding CPU Cores.
                                                                                                                              • Resource Tag:
                                                                                                                                You can add resource tags to classify resources.
                                                                                                                                
-
                                                                                                                                You can create predefined tags in Tag Management Service (TMS). Predefined tags are visible to all service resources that support the tagging function. You can use predefined tags to improve tag creation and resource migration efficiency. 
                                                                                                                                
-
                                                                                                                              • Certificate Authentication:
                                                                                                                                • Default: The X509-based authentication mode is enabled by default. X509 is a commonly used certificate format.
                                                                                                                                • Custom: The cluster can identify users based on the header in the request body for authentication. 
                                                                                                                                  You need to upload your CA root certificate, client certificate, and private key of the client certificate.
                                                                                                                                  
-
                                                                                                                                   
                                                                                                                                  • Upload a file smaller than 1 MB. The CA certificate and client certificate can be in .crt or .cer format. The private key of the client certificate can only be uploaded unencrypted.
                                                                                                                                  • The validity period of the client certificate must be longer than five years.
                                                                                                                                  • The uploaded CA certificate is used for both the authentication proxy and the kube-apiserver aggregation layer configuration. If the certificate is invalid, the cluster cannot be created.
                                                                                                                                  • Starting from v1.25, Kubernetes no longer supports certificate authentication generated using the SHA1WithRSA or ECDSAWithSHA1 algorithm. You are advised to use the SHA256 algorithm.
                                                                                                                                  
-
                                                                                                                                  
-
                                                                                                                                
-
                                                                                                                              • Description: The value can contain a maximum of 200 English characters.
                                                                                                                              
-
                                                                                                                            3. Click Next: Add-on Configuration.
                                                                                                                              Domain Name Resolution: Uses the coredns add-on, installed by default, to resolve domain names and connect to the cloud DNS server.
                                                                                                                              
-
                                                                                                                              Container Storage: The everest add-on is installed by default to provide container storage based on CSI and connect to cloud storage services such as EVS.
                                                                                                                              
-
                                                                                                                              Service log
                                                                                                                              • ICAgent:
                                                                                                                                A log collector provided by Application Operations Management (AOM), reporting logs to AOM and Log Tank Service (LTS) according to the log collection rules you configured.
                                                                                                                                
-
                                                                                                                                You can collect stdout logs as required.
                                                                                                                                
-
                                                                                                                              
-
                                                                                                                              
-
                                                                                                                              Overload Control: If overload control is enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.
                                                                                                                              
-
                                                                                                                            4. After configuring the parameters, click Next: Confirm.
                                                                                                                              It takes about 6 to 10 minutes to create a cluster. You can click Back to Cluster List to perform other operations on the cluster or click Go to Cluster Events to view the cluster details.
                                                                                                                              
-
                                                                                                                            
-
                                                                                                                            
-
                                                                                                                            Related Operations
                                                                                                                            
-
                                                                                                                            
+
                                                                                                                            Creating a Cluster
                                                                                                                            
+
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            
+
+
 
                                                                                                                            
 
                                                                                                                            Parent topic: Clusters
                                                                                                                            
 
                                                                                                                            
diff --git a/docs/cce/umn/cce_10_0300.html b/docs/cce/umn/cce_10_0300.html
index bc335bfc8..7928c84b1 100644
--- a/docs/cce/umn/cce_10_0300.html
+++ b/docs/cce/umn/cce_10_0300.html
@@ -1,20 +1,20 @@
 
 
 
                                                                                                                            Using HPA and CA for Auto Scaling of Workloads and Nodes
                                                                                                                            
-
                                                                                                                            Scenario
                                                                                                                            The best way to handle surging traffic is to automatically adjust the number of machines based on the traffic volume or resource usage, which is called scaling.
                                                                                                                            
-
                                                                                                                            In CCE, the resources that can be used by containers are fixed during application deployment. Therefore, in auto scaling, pods are scaled first. The node resource usage increases only after the number of pods increases. Then, nodes can be scaled based on the node resource usage. How to configure auto scaling in CCE?
                                                                                                                            
+
                                                                                                                            Application Scenarios
                                                                                                                            The best way to handle surging traffic is to automatically adjust the number of machines based on the traffic volume or resource usage, which is called scaling.
                                                                                                                            
+
                                                                                                                            When pods or containers are used for deploying applications, the upper limit of available resources is typically required to set for pods or containers to prevent unlimited usage of node resources during peak hours. However, after the upper limit is reached, an application error may occur. To resolve this issue, scale in the number of pods to share workloads. If the node resource usage increases to a certain extent that newly added pods cannot be scheduled, scale in the number of nodes based on the node resource usage.
                                                                                                                            
 
                                                                                                                            
-
                                                                                                                            Solution
                                                                                                                            Two major auto scaling policies are HPA (Horizontal Pod Autoscaling) and CA (Cluster AutoScaling). HPA is for workload auto scaling and CA is for node auto scaling.
                                                                                                                            
-
                                                                                                                            HPA and CA work with each other. HPA requires sufficient cluster resources for successful scaling. When the cluster resources are insufficient, CA is needed to add nodes. If HPA reduces workloads, the cluster will have a large number of idle resources. In this case, CA needs to release nodes to avoid resource waste.
                                                                                                                            
-
                                                                                                                            As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                                                            Figure 1 HPA and CA working flows
                                                                                                                            
+
                                                                                                                            Solution
                                                                                                                            Two major auto scaling policies are HPA (Horizontal Pod Autoscaling) and CA (Cluster AutoScaling). HPA is for workload auto scaling and CA is for node auto scaling.
                                                                                                                            
+
                                                                                                                            HPA and CA work with each other. HPA requires sufficient cluster resources for successful scaling. When the cluster resources are insufficient, CA is needed to add nodes. If HPA reduces workloads, the cluster will have a large number of idle resources. In this case, CA needs to release nodes to avoid resource waste.
                                                                                                                            
+
                                                                                                                            As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                                                            Figure 1 HPA and CA working flows
                                                                                                                            
 
                                                                                                                            
-
                                                                                                                            Using HPA and CA can easily implement auto scaling in most scenarios. In addition, the scaling process of nodes and pods can be easily observed.
                                                                                                                            
-
                                                                                                                            This section uses an example to describe the auto scaling process using HPA and CA policies together.
                                                                                                                            
+
                                                                                                                            Using HPA and CA can easily implement auto scaling in most scenarios. In addition, the scaling process of nodes and pods can be easily observed.
                                                                                                                            
+
                                                                                                                            This section uses an example to describe the auto scaling process using HPA and CA policies together.
                                                                                                                            
 
                                                                                                                            
-
                                                                                                                            Preparations
                                                                                                                            1. Create a cluster with one node. The node should have 2 cores of CPU and 4 GB of memory, or a higher specification, as well as an EIP to allow external access. If no EIP is bound to the node during node creation, you can manually bind one on the ECS console after creating the node.
                                                                                                                              
-
                                                                                                                            2. Install add-ons for the cluster.
                                                                                                                              • autoscaler: node scaling add-on
                                                                                                                              • metrics-server: an aggregator of resource usage data in a Kubernetes cluster. It can collect measurement data of major Kubernetes resources, such as pods, nodes, containers, and Services.
                                                                                                                              
-
                                                                                                                            3. Log in to the cluster node and run a computing-intensive application. When a user sends a request, the result needs to be calculated before being returned to the user.
                                                                                                                              1. Create a PHP file named index.php to calculate the square root of the request for 1,000,000 times before returning OK!.
                                                                                                                                vi index.php
                                                                                                                                
-
                                                                                                                                Example file content:
                                                                                                                                <?php
+
                                                                                                                                Preparations
                                                                                                                                1. Create a cluster with one node. The node should have 2 cores of CPU and 4 GiB of memory, or a higher specification, as well as an EIP to allow external access. If no EIP is bound to the node during node creation, you can manually bind one on the ECS console after creating the node.
                                                                                                                                  
+
                                                                                                                                2. Install add-ons for the cluster.
                                                                                                                                  • autoscaler: node scaling add-on
                                                                                                                                  • metrics-server: an aggregator of resource usage data in a Kubernetes cluster. It can collect measurement data of major Kubernetes resources, such as pods, nodes, containers, and Services.
                                                                                                                                  
+
                                                                                                                                3. Log in to the cluster node and run a computing-intensive application. When a user sends a request, the result needs to be calculated before being returned to the user.
                                                                                                                                  1. Create a PHP file named index.php to calculate the square root of the request for 1,000,000 times before returning OK!.
                                                                                                                                    vi index.php
                                                                                                                                    
+
                                                                                                                                    Example file content:
                                                                                                                                    <?php
   $x = 0.0001;
   for ($i = 0; $i <= 1000000; $i++) {
     $x += sqrt($x);
@@ -22,47 +22,47 @@
   echo "OK!";
 ?>
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                  2. Compile a Dockerfile to build an image.
                                                                                                                                    vi Dockerfile
                                                                                                                                    
-
                                                                                                                                    Example Dockerfile:
                                                                                                                                    FROM php:5-apache
+
                                                                                                                                  3. Compile a Dockerfile to build an image.
                                                                                                                                    vi Dockerfile
                                                                                                                                    
+
                                                                                                                                    Example Dockerfile:
                                                                                                                                    FROM php:5-apache
 COPY index.php /var/www/html/index.php
 RUN chmod a+rx index.php
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                  4. Run the following command to build an image named hpa-example with the tag latest.
                                                                                                                                    docker build -t hpa-example:latest .
                                                                                                                                    
-
                                                                                                                                  5. (Optional) Log in to the SWR console, choose Organization Management in the navigation pane, and click Create Organization in the upper right corner to create an organization.
                                                                                                                                    Skip this step if you already have an organization.
                                                                                                                                    
-
                                                                                                                                  6. In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                                                                  7. Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                                                  8. Tag the hpa-example image.
                                                                                                                                    docker tag [Image name 1:Tag 1] [Image repository address]/[Organization name]/[Image name 2:Tag 2]
                                                                                                                                    
-
                                                                                                                                    • [Image name 1:Tag 1]: name and tag of the local image to be uploaded.
                                                                                                                                    • [Image repository address]: The domain name at the end of the login command in  5 is the image repository address, which can be obtained on the SWR console.
                                                                                                                                    • [Organization name]: name of the organization created in 4.
                                                                                                                                    • [Image name 2:Tag 2]: desired image name and tag to be displayed on the SWR console.
                                                                                                                                    
-
                                                                                                                                    Example:
                                                                                                                                    
-
                                                                                                                                    docker tag hpa-example:latest swr.eu-de.otc.t-systems.com/group/hpa-example:latest
                                                                                                                                    
-
                                                                                                                                  9. Push the image to the image repository.
                                                                                                                                    docker push [Image repository address]/[Organization name]/[Image name 2:Tag 2]
                                                                                                                                    
-
                                                                                                                                    Example:
                                                                                                                                    
-
                                                                                                                                    docker push swr.eu-de.otc.t-systems.com/group/hpa-example:latest
                                                                                                                                    
-
                                                                                                                                    The following information will be returned upon a successful push:
                                                                                                                                    
-
                                                                                                                                    6d6b9812c8ae: Pushed 
+
                                                                                                                                  10. Run the following command to build an image named hpa-example with the tag latest.
                                                                                                                                    docker build -t hpa-example:latest .
                                                                                                                                    
+
                                                                                                                                  11. (Optional) Log in to the SWR console, choose Organization Management in the navigation pane, and click Create Organization in the upper right corner to create an organization.
                                                                                                                                    Skip this step if you already have an organization.
                                                                                                                                    
+
                                                                                                                                  12. In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                                                                  13. Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                                                  14. Add a tag for the hpa-example image.
                                                                                                                                    docker tag {Image name 1:Tag 1}/{Image repository address}/{Organization name}/{Image name 2:Tag 2}
                                                                                                                                    
+
                                                                                                                                    • {Image name 1:Tag 1}: name and tag of the local image to be uploaded.
                                                                                                                                    • {Image repository address}: the domain name at the end of the login command in login command. It can be obtained on the SWR console.
                                                                                                                                    • {Organization name}: name of the created organization.
                                                                                                                                    • {Image name 2:Tag 2}: desired image name and tag to be displayed on the SWR console.
                                                                                                                                    
+
                                                                                                                                    Example:
                                                                                                                                    
+
                                                                                                                                    docker tag hpa-example:latest swr.eu-de.otc.t-systems.com/group/hpa-example:latest
                                                                                                                                    
+
                                                                                                                                  15. Push the image to the image repository.
                                                                                                                                    docker push [Image repository address]/[Organization name]/[Image name 2:Tag 2]
                                                                                                                                    
+
                                                                                                                                    Example:
                                                                                                                                    
+
                                                                                                                                    docker push swr.eu-de.otc.t-systems.com/group/hpa-example:latest
                                                                                                                                    
+
                                                                                                                                    The following information will be returned upon a successful push:
                                                                                                                                    
+
                                                                                                                                    6d6b9812c8ae: Pushed 
 ... 
 fe4c16cbf7a4: Pushed 
 latest: digest: sha256:eb7e3bbd*** size: **
                                                                                                                                    
-
                                                                                                                                    To view the pushed image, go to the SWR console and refresh the My Images page.
                                                                                                                                    
+
                                                                                                                                    To view the pushed image, go to the SWR console and refresh the My Images page.
                                                                                                                                    
 
                                                                                                                                  
 
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                Creating a Node Pool and a Node Scaling Policy
                                                                                                                                1. Log in to the CCE console, access the created cluster, click Nodes on the left, click the Node Pools tab, and click Create Node Pool in the upper right corner.
                                                                                                                                2. Set node pool parameters, add a node with 2 vCPUs and 4 GB memory, and enable auto scaling.
                                                                                                                                  • Nodes: Set it to 1, indicating that one node is created by default when a node pool is created.
                                                                                                                                  • Auto Scaling: Enable the option, meaning that nodes will be automatically created or deleted in the node pool based on the cluster loads.
                                                                                                                                  • Max. Nodes: Set it to 5, indicating the maximum number of nodes in a node pool.
                                                                                                                                  • Specifications: 2 vCPUs | 4 GiB
                                                                                                                                  
-
                                                                                                                                  Retain the defaults for other parameters. For details, see Creating a Node Pool.
                                                                                                                                  
-
                                                                                                                                  
-
                                                                                                                                3. Click Add-ons on the left of the cluster console, click Edit under the autoscaler add-on, modify the add-on configuration, enable Auto node scale-in, and configure scale-in parameters. For example, trigger scale-in when the node resource utilization is less than 50%.
                                                                                                                                  
-
                                                                                                                                  
-
                                                                                                                                  After the preceding configurations, scale-out is performed based on the pending status of the pod and scale-in is triggered when the node resource utilization decreases.
                                                                                                                                  
-
                                                                                                                                4. Click Node Scaling on the left of the cluster console and click Create Node Scaling Policy in the upper right corner. Node scaling policies added here trigger scale-out based on the CPU/memory allocation rate or periodically.
                                                                                                                                  As shown in the following figure, when the cluster CPU allocation rate is greater than 70%, one node will be added. A node scaling policy needs to be associated with a node pool. Multiple node pools can be associated. When you need to scale nodes, node with proper specifications will be added or reduced from the node pool based on the minimum waste principle. For details, see Creating a Node Scaling Policy.
                                                                                                                                  
-
                                                                                                                                  
-
                                                                                                                                  
+
                                                                                                                                  Creating a Node Pool and a Node Scaling Policy
                                                                                                                                  1. Log in to the CCE console, access the created cluster, click Nodes on the left, click the Node Pools tab, and click Create Node Pool in the upper right corner.
                                                                                                                                  2. Set node pool parameters, add a node with 2 vCPUs and 4 GB memory, and enable auto scaling.
                                                                                                                                    • Nodes: Set it to 1, indicating that one node is created by default when a node pool is created.
                                                                                                                                    • Auto Scaling: Enable the option, meaning that nodes will be automatically created or deleted in the node pool based on the cluster loads.
                                                                                                                                    • Max. Nodes: Set it to 5, indicating the maximum number of nodes in a node pool.
                                                                                                                                    • Specifications: 2 vCPUs | 4 GiB
                                                                                                                                    
+
                                                                                                                                    Retain the defaults for other parameters. For details, see Creating a Node Pool.
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                  3. Click Add-ons on the left of the cluster console, click Edit under the autoscaler add-on, modify the add-on configuration, enable Auto node scale-in, and configure scale-in parameters. For example, trigger scale-in when the node resource utilization is less than 50%.
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    After the preceding configurations, scale-out is performed based on the pending status of the pod and scale-in is triggered when the node resource utilization decreases.
                                                                                                                                    
+
                                                                                                                                  4. Click Node Scaling on the left of the cluster console and click Create Node Scaling Policy in the upper right corner. Node scaling policies added here trigger scale-out based on the CPU/memory allocation rate or periodically.
                                                                                                                                    As shown in the following figure, when the cluster CPU allocation rate is greater than 70%, one node will be added. A node scaling policy needs to be associated with a node pool. Multiple node pools can be associated. When you need to scale nodes, node with proper specifications will be added or reduced from the node pool based on the minimum waste principle. For details, see Creating a Node Scaling Policy.
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    
 
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Creating a Workload
                                                                                                                                  Use the hpa-example image to create a Deployment with one replica. The image path is related to the organization uploaded to the SWR repository and needs to be replaced with the actual value.
                                                                                                                                  
-
                                                                                                                                  kind: Deployment
+
                                                                                                                                  Creating a Workload
                                                                                                                                  Use the hpa-example image to create a Deployment with one replica. The image path is related to the organization uploaded to the SWR repository and needs to be replaced with the actual value.
                                                                                                                                  
+
                                                                                                                                  kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: hpa-example
 spec:
-  replicas: 1
+  replicas: 1
   selector:
     matchLabels:
       app: hpa-example
@@ -73,9 +73,9 @@ spec:
     spec:
       containers:
       - name: container-1
-        image: 'hpa-example:latest '  # Replace it with the address of the image you uploaded to SWR.
+        image: 'hpa-example:latest' # Replace it with the address of the image you uploaded to SWR.
         resources:
-          limits:                  # The value of limits must be the same as that of requests to prevent flapping during scaling.
+          limits:                  # The value of limits must be the same as that of requests to prevent flapping during scaling.
             cpu: 500m
             memory: 200Mi
           requests:
@@ -83,8 +83,8 @@ spec:
             memory: 200Mi
       imagePullSecrets:
       - name: default-secret
                                                                                                                                  
-
                                                                                                                                  Then, create a NodePort Service for the workload so that the workload can be accessed from external networks.
                                                                                                                                  
-
                                                                                                                                  kind: Service
+
                                                                                                                                  Then, create a NodePort Service for the workload so that the workload can be accessed from external networks.
                                                                                                                                  
+
                                                                                                                                  kind: Service
 apiVersion: v1
 metadata:
   name: hpa-example
@@ -97,46 +97,48 @@ spec:
       nodePort: 31144
   selector:
     app: hpa-example
-  type: NodePort
                                                                                                                                  
+  type: NodePort
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Creating an HPA Policy
                                                                                                                                  Create an HPA policy. As shown below, the policy is associated with the hpa-example workload, and the target CPU usage is 50%.
                                                                                                                                  
-
                                                                                                                                  There are two other annotations. One annotation defines the CPU thresholds, indicating that scaling is not performed when the CPU usage is between 30% and 70% to prevent impact caused by slight fluctuation. The other is the scaling time window, indicating that after the policy is successfully executed, a scaling operation will not be triggered again in this cooling interval to prevent impact caused by short-term fluctuation.
                                                                                                                                  
-
                                                                                                                                  apiVersion: autoscaling/v2
+
                                                                                                                                  Creating an HPA Policy
                                                                                                                                  Create an HPA policy. As shown below, the policy is associated with the hpa-example workload, and the target CPU usage is 50%.
                                                                                                                                  
+
                                                                                                                                  There are two other annotations. One annotation defines the CPU thresholds, indicating that scaling is not performed when the CPU usage is between 30% and 70% to prevent impact caused by slight fluctuation. The other is the scaling time window, indicating that after the policy is successfully executed, a scaling operation will not be triggered again in this cooling interval to prevent impact caused by short-term fluctuation.
                                                                                                                                  
+
                                                                                                                                  apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
   name: hpa-policy
   annotations:
-    extendedhpa.metrics: '[{"type":"Resource","name":"cpu","targetType":"Utilization","targetRange":{"low":"30","high":"70"}}]'
-    extendedhpa.option: '{"downscaleWindow":"5m","upscaleWindow":"3m"}'
+    extendedhpa.metrics: '[{"type":"Resource","name":"cpu","targetType":"Utilization","targetRange":{"low":"30","high":"70"}}]'
+    extendedhpa.option: '{"downscaleWindow":"5m","upscaleWindow":"3m"}'
 spec:
-  scaleTargetRef:
-    kind: Deployment
-    name: hpa-example
-    apiVersion: apps/v1
+  scaleTargetRef:
+    kind: Deployment
+    name: hpa-example
+    apiVersion: apps/v1
   minReplicas: 1
   maxReplicas: 100
   metrics:
     - type: Resource
-      resource:
-        name: cpu
-        targetAverageUtilization: 50
                                                                                                                                  
-
                                                                                                                                  Set the parameters as follows if you are using the console.
                                                                                                                                  
-
                                                                                                                                  
-
                                                                                                                                  
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 50
                                                                                                                                  
+
                                                                                                                                  Set the parameters as follows if you are using the console.
                                                                                                                                  
+
                                                                                                                                  
+
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Observing the Auto Scaling Process
                                                                                                                                  1. Check the cluster node status. In the following example, there are two nodes.
                                                                                                                                    # kubectl get node
+
                                                                                                                                    Observing the Auto Scaling Process
                                                                                                                                    1. Check the cluster node status. In the following example, there are two nodes.
                                                                                                                                      # kubectl get node
 NAME            STATUS   ROLES    AGE     VERSION
 192.168.0.183   Ready    <none>   2m20s   v1.17.9-r0-CCE21.1.1.3.B001-17.36.8
 192.168.0.26    Ready    <none>   55m     v1.17.9-r0-CCE21.1.1.3.B001-17.36.8
                                                                                                                                      
-
                                                                                                                                      Check the HPA policy. The CPU usage of the target workload is 0%.
                                                                                                                                      
-
                                                                                                                                      # kubectl get hpa hpa-policy
+
                                                                                                                                      Check the HPA policy. The CPU usage of the target workload is 0%.
                                                                                                                                      
+
                                                                                                                                      # kubectl get hpa hpa-policy
 NAME         REFERENCE                TARGETS   MINPODS   MAXPODS   REPLICAS   AGE
 hpa-policy   Deployment/hpa-example   0%/50%    1         100       1          4m
                                                                                                                                      
-
                                                                                                                                    2. Run the following command to access the workload. In the following command, {ip:port} indicates the access address of the workload, which can be queried on the workload details page.
                                                                                                                                      while true;do wget -q -O- http://{ip:port}; done
                                                                                                                                      
-
                                                                                                                                       
                                                                                                                                      If no EIP is displayed, the cluster node has not been assigned any EIP. You need to create one, bind it to the node, and synchronize node data. .
                                                                                                                                      
+
                                                                                                                                    3. Run the following command to access the workload. In the following command, {ip:port} indicates the access address of the workload, which can be queried on the workload details page.
                                                                                                                                      while true;do wget -q -O- http://{ip:port}; done
                                                                                                                                      
+
                                                                                                                                       
                                                                                                                                      If no EIP is displayed, the cluster node has not been assigned any EIP. Allocate one, bind it to the node, and synchronize node data. .
                                                                                                                                      
 
                                                                                                                                      
-
                                                                                                                                      Observe the scaling process of the workload.
                                                                                                                                      
-
                                                                                                                                      # kubectl get hpa hpa-policy --watch
+
                                                                                                                                      Observe the scaling process of the workload.
                                                                                                                                      
+
                                                                                                                                      # kubectl get hpa hpa-policy --watch
 NAME         REFERENCE                TARGETS    MINPODS   MAXPODS   REPLICAS   AGE
 hpa-policy   Deployment/hpa-example   0%/50%     1         100       1          4m
 hpa-policy   Deployment/hpa-example   190%/50%   1         100       1          4m23s
@@ -149,10 +151,10 @@ hpa-policy   Deployment/hpa-example   81%/50%    1         100       7
 hpa-policy   Deployment/hpa-example   57%/50%    1         100       7          9m16s
 hpa-policy   Deployment/hpa-example   51%/50%    1         100       7          10m
 hpa-policy   Deployment/hpa-example   58%/50%    1         100       7          11m
                                                                                                                                      
-
                                                                                                                                      You can see that the CPU usage of the workload is 190% at 4m23s, which exceeds the target value. In this case, scaling is triggered to expand the workload to four replicas/pods. In the subsequent several minutes, the CPU usage does not decrease until 7m16s. This is because the new pods may not be successfully created. The possible cause is that resources are insufficient and the pods are in Pending state. During this period, nodes are added.
                                                                                                                                      
-
                                                                                                                                      At 7m16s, the CPU usage decreases, indicating that the pods are successfully created and start to bear traffic. The CPU usage decreases to 81% at 8m, still greater than the target value (50%) and the high threshold (70%). Therefore, 7 pods are added at 9m16s, and the CPU usage decreases to 51%, which is within the range of 30% to 70%. From then on, the number of pods remains 7.
                                                                                                                                      
-
                                                                                                                                      In the following output, you can see the workload scaling process and the time when the HPA policy takes effect.
                                                                                                                                      
-
                                                                                                                                      # kubectl describe deploy hpa-example
+
                                                                                                                                      You can see that the CPU usage of the workload is 190% at 4m23s, which exceeds the target value. In this case, scaling is triggered to expand the workload to four replicas/pods. In the subsequent several minutes, the CPU usage does not decrease until 7m16s. This is because the new pods may not be successfully created. The possible cause is that resources are insufficient and the pods are in Pending state. During this period, nodes are added.
                                                                                                                                      
+
                                                                                                                                      At 7m16s, the CPU usage decreases, indicating that the pods are successfully created and start to bear traffic. The CPU usage decreases to 81% at 8m, still greater than the target value (50%) and the high threshold (70%). Therefore, 7 pods are added at 9m16s, and the CPU usage decreases to 51%, which is within the range of 30% to 70%. From then on, the number of pods remains 7.
                                                                                                                                      
+
                                                                                                                                      In the following output, you can see the workload scaling process and the time when the HPA policy takes effect.
                                                                                                                                      
+
                                                                                                                                      # kubectl describe deploy hpa-example
 ...
 Events:
   Type    Reason             Age    From                   Message
@@ -167,17 +169,17 @@ Events:
   ----    ------             ----   ----                       -------
   Normal  SuccessfulRescale  20m    horizontal-pod-autoscaler  New size: 4; reason: cpu resource utilization (percentage of request) above target
   Normal  SuccessfulRescale  16m    horizontal-pod-autoscaler  New size: 7; reason: cpu resource utilization (percentage of request) above target
                                                                                                                                      
-
                                                                                                                                      Check the number of nodes. The following output shows that two nodes are added.
                                                                                                                                      
-
                                                                                                                                      # kubectl get node
+
                                                                                                                                      Check the number of nodes. The following output shows that two nodes are added.
                                                                                                                                      
+
                                                                                                                                      # kubectl get node
 NAME            STATUS   ROLES    AGE     VERSION
 192.168.0.120   Ready    <none>   3m5s    v1.17.9-r0-CCE21.1.1.3.B001-17.36.8
 192.168.0.136   Ready    <none>   6m58s   v1.17.9-r0-CCE21.1.1.3.B001-17.36.8
 192.168.0.183   Ready    <none>   18m     v1.17.9-r0-CCE21.1.1.3.B001-17.36.8
 192.168.0.26    Ready    <none>   71m     v1.17.9-r0-CCE21.1.1.3.B001-17.36.8
                                                                                                                                      
-
                                                                                                                                      You can also view the scaling history on the console. For example, the CA policy is executed once when the CPU allocation rate in the cluster is greater than 70%, and the number of nodes in the node pool is increased from 2 to 3. The new node is automatically added by autoscaler based on the pending state of pods in the initial phase of HPA.
                                                                                                                                      
-
                                                                                                                                      The node scaling process is as follows:
                                                                                                                                      
-
                                                                                                                                      1. After the number of pods changes to 4, the pods are in Pending state due to insufficient resources. As a result, the default scale-out policy of the autoscaler add-on is triggered, and the number of nodes is increased by one.
                                                                                                                                      2. The second node scale-out is triggered because the CPU allocation rate in the cluster is greater than 70%. As a result, the number of nodes is increased by one, which is recorded in the scaling history on the console. Scaling based on the allocation rate ensures that the cluster has sufficient resources.
                                                                                                                                      
-
                                                                                                                                    4. Stop accessing the workload and check the number of pods.
                                                                                                                                      # kubectl get hpa hpa-policy --watch
+
                                                                                                                                      You can also view the scaling history on the console. For example, the CA policy is executed once when the CPU allocation rate in the cluster is greater than 70%, and the number of nodes in the node pool is increased from 2 to 3. The new node is automatically added by autoscaler based on the pending state of pods in the initial phase of HPA.
                                                                                                                                      
+
                                                                                                                                      The node scaling process is as follows:
                                                                                                                                      
+
                                                                                                                                      1. After the number of pods changes to 4, the pods are in Pending state due to insufficient resources. As a result, the default scale-out policy of the autoscaler add-on is triggered, and the number of nodes is increased by one.
                                                                                                                                      2. The second node scale-out is triggered because the CPU allocation rate in the cluster is greater than 70%. As a result, the number of nodes is increased by one, which is recorded in the scaling history on the console. Scaling based on the allocation rate ensures that the cluster has sufficient resources.
                                                                                                                                      
+
                                                                                                                                    5. Stop accessing the workload and check the number of pods.
                                                                                                                                      # kubectl get hpa hpa-policy --watch
 NAME         REFERENCE                TARGETS    MINPODS   MAXPODS   REPLICAS   AGE
 hpa-policy   Deployment/hpa-example   50%/50%    1         100       7          12m
 hpa-policy   Deployment/hpa-example   21%/50%    1         100       7          13m
@@ -191,9 +193,9 @@ hpa-policy   Deployment/hpa-example   0%/50%     1         100       3
 hpa-policy   Deployment/hpa-example   0%/50%     1         100       3          23m
 hpa-policy   Deployment/hpa-example   0%/50%     1         100       3          23m
 hpa-policy   Deployment/hpa-example   0%/50%     1         100       1          23m
                                                                                                                                      
-
                                                                                                                                      You can see that the CPU usage is 21% at 13m. The number of pods is reduced to 3 at 18m, and then reduced to 1 at 23m.
                                                                                                                                      
-
                                                                                                                                      In the following output, you can see the workload scaling process and the time when the HPA policy takes effect.
                                                                                                                                      
-
                                                                                                                                      # kubectl describe deploy hpa-example
+
                                                                                                                                      You can see that the CPU usage is 21% at 13m. The number of pods is reduced to 3 at 18m, and then reduced to 1 at 23m.
                                                                                                                                      
+
                                                                                                                                      In the following output, you can see the workload scaling process and the time when the HPA policy takes effect.
                                                                                                                                      
+
                                                                                                                                      # kubectl describe deploy hpa-example
 ...
 Events:
   Type    Reason             Age    From                   Message
@@ -212,11 +214,11 @@ Events:
   Normal  SuccessfulRescale  16m    horizontal-pod-autoscaler  New size: 7; reason: cpu resource utilization (percentage of request) above target
   Normal  SuccessfulRescale  6m45s  horizontal-pod-autoscaler  New size: 3; reason: All metrics below target
   Normal  SuccessfulRescale  90s    horizontal-pod-autoscaler  New size: 1; reason: All metrics below target
                                                                                                                                      
-
                                                                                                                                      You can also view the HPA policy execution history on the console. Wait until the one node is reduced.
                                                                                                                                      
-
                                                                                                                                      The reason why the other two nodes in the node pool are not reduced is that they both have pods in the kube-system namespace (and these pods are not created by DaemonSets). For details, see Node Scaling Mechanisms.
                                                                                                                                      
+
                                                                                                                                      You can also view the HPA policy execution history on the console. Wait until the one node is reduced.
                                                                                                                                      
+
                                                                                                                                      The reason why the other two nodes in the node pool are not reduced is that they both have pods in the kube-system namespace (and these pods are not created by DaemonSets). For details, see Node Scaling Mechanisms.
                                                                                                                                      
 
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    Summary
                                                                                                                                    Using HPA and CA can easily implement auto scaling in most scenarios. In addition, the scaling process of nodes and pods can be easily observed.
                                                                                                                                    
+
                                                                                                                                    Summary
                                                                                                                                    Using HPA and CA can easily implement auto scaling in most scenarios. In addition, the scaling process of nodes and pods can be easily observed.
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0301.html b/docs/cce/umn/cce_10_0301.html
index 2e9c98bd2..d1774be65 100644
--- a/docs/cce/umn/cce_10_0301.html
+++ b/docs/cce/umn/cce_10_0301.html
@@ -1,24 +1,22 @@
 
 
 
                                                                                                                                    Performing In-place Upgrade
                                                                                                                                    
-
                                                                                                                                    Scenario
                                                                                                                                    You can upgrade your clusters to a newer version on the CCE console.
                                                                                                                                    
+
                                                                                                                                    You can upgrade your clusters to a newer version on the CCE console.
                                                                                                                                    
 
                                                                                                                                    Before the upgrade, learn about the target version to which each CCE cluster can be upgraded in what ways, and the upgrade impacts. For details, see Upgrade Overview and Before You Start.
                                                                                                                                    
-
                                                                                                                                    
 
                                                                                                                                    Description
                                                                                                                                    • An in-place upgrade updates the Kubernetes components on cluster nodes, without changing their OS version. 
                                                                                                                                    • Data plane nodes are upgraded in batches. By default, they are prioritized based on their CPU, memory, and PodDisruptionBudgets (PDBs). You can also set the priorities according to your service requirements.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    Precautions
                                                                                                                                    • During the cluster upgrade, the system will automatically upgrade add-ons to a version compatible with the target cluster version. Do not uninstall or reinstall add-ons during the cluster upgrade.
                                                                                                                                    • Before the upgrade, ensure that all add-ons are running. If an add-on fails to be upgraded, rectify the fault and try again.
                                                                                                                                    • During the upgrade, CCE checks the add-on running status. Some add-ons (such as coredns) require at least two nodes to run normally. In this case, at least two nodes must be available for the upgrade.
                                                                                                                                    
+
                                                                                                                                    Precautions
                                                                                                                                    • During the cluster upgrade, the system will automatically upgrade add-ons to a version compatible with the target cluster version. Do not uninstall or reinstall add-ons during the cluster upgrade.
                                                                                                                                    • Before the upgrade, ensure that all add-ons are running. If an add-on fails to be upgraded, rectify the fault and try again.
                                                                                                                                    • During the upgrade, CCE checks the add-on running status. Some add-ons (such as CoreDNS) require at least two nodes to run normally. In this case, at least two nodes must be available for the upgrade.
                                                                                                                                    
 
                                                                                                                                    For more information, see Before You Start.
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    Procedure
                                                                                                                                    The cluster upgrade goes through check, backup, configuration and upgrade, and verification.
                                                                                                                                    
-
                                                                                                                                    1. Log in to the CCE console and access the cluster console.
                                                                                                                                    2. In the navigation pane, choose Cluster Upgrade. You can view the recommended version on the right.
                                                                                                                                    3. Select the cluster version to be upgraded and click Check.
                                                                                                                                       
                                                                                                                                      • If your cluster has a new minor version, you do not need to select the cluster version. The latest minor version is used by default.
                                                                                                                                      • If your cluster has a new major version, you can select a version as required.
                                                                                                                                      • If your cluster is of the latest version, the check entry will be hidden.
                                                                                                                                      
+
                                                                                                                                      1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                      2. In the navigation pane, choose Cluster Upgrade.
                                                                                                                                      3. Select the cluster version to be upgraded and click Check.
                                                                                                                                         
                                                                                                                                        • If your cluster has a new minor version, you do not need to select the cluster version. The latest minor version is used by default.
                                                                                                                                        • If your cluster has a new major version, you can select a version as required.
                                                                                                                                        • If your cluster is of the latest version, the check entry will be hidden.
                                                                                                                                        
 
                                                                                                                                        
-
                                                                                                                                        
-
                                                                                                                                      4. Click Start Check and confirm the check. If there are abnormal or risky items in the cluster, handle the exceptions based on the check results displayed on the page and check again.
                                                                                                                                        • Exceptions: View the solution displayed on the page, handle the exceptions and check again.
                                                                                                                                        • Risk Items: may affect the cluster upgrade. Check the risk description and see whether you may be impacted. If no risk exists, click OK next to the risk item to manually skip this risk item and check again.
                                                                                                                                        
+
                                                                                                                                      5. Perform the pre-upgrade check. Click Start Check and confirm the check. If there are abnormal or risky items in the cluster, handle the exceptions based on the check results displayed on the page and check again.
                                                                                                                                        • Exceptions: View the solution displayed on the page, handle the exceptions and check again.
                                                                                                                                        • Risk Items: may affect the cluster upgrade. Check the risk description and see whether you may be impacted. If no risk exists, click OK next to the risk item to manually skip this risk item and check again.
                                                                                                                                        
 
                                                                                                                                        After the check is passed, click Next: Back Up.
                                                                                                                                        
-
                                                                                                                                        
-
                                                                                                                                      6. (Optional) Manually back up the data. Data is backed up during the upgrade following a default policy. You can click Back Up to manually back up data. If you do not need to manually back up data, click Next: Configure & Upgrade.
                                                                                                                                      7. Configure the upgrade parameters.
                                                                                                                                        • Add-on Upgrade Configuration: Add-ons that have been installed in your cluster are listed. During the cluster upgrade, the system automatically upgrades the add-ons to be compatible with the target cluster version. You can click Set to re-define the add-on parameters.
                                                                                                                                           
                                                                                                                                          If a red dot  is displayed on the right of an add-on, the add-on is incompatible with the target cluster version. During the upgrade, the add-on will be uninstalled and then re-installed. Ensure that the add-on parameters are correctly configured.
                                                                                                                                          
+
                                                                                                                                        • (Optional) Manually back up the cluster data. Data is backed up during the upgrade following a default policy. You can click Back Up to manually back up data. If you do not need to manually back up data, click Next: Configure & Upgrade.
                                                                                                                                          Manual backup will back up the entire master node. The backup process uses the Cloud Backup and Recovery (CBR) service and takes about 20 minutes. If there are many cloud backup tasks at the current site, the backup may take longer. The cluster cannot be upgraded during the backup.
                                                                                                                                          
+
                                                                                                                                        • Configure the upgrade parameters.
                                                                                                                                          • Add-on Upgrade Configuration: Add-ons that have been installed in your cluster are listed. During the cluster upgrade, the system automatically upgrades the add-ons to be compatible with the target cluster version. You can click Set to re-define the add-on parameters.
                                                                                                                                             
                                                                                                                                            If a red dot  is displayed on the right of an add-on, the add-on is incompatible with the target cluster version. During the upgrade, the add-on will be uninstalled and then re-installed. Ensure that the add-on parameters are correctly configured.
                                                                                                                                            
 
                                                                                                                                            
-
                                                                                                                                          • Node Upgrade Configuration: You can set the maximum number of nodes to be upgraded in a batch.
                                                                                                                                          • Node Priority: You can set priorities for nodes to be upgraded. If you do not set this parameter, the system will determine the nodes to upgrade in batches based on specific conditions. Before setting the node upgrade priority, you need to select a node pool. Nodes and node pools will be upgraded according to the priorities you specify.
                                                                                                                                            • Add Upgrade Priority: Add upgrade priorities for node pools.
                                                                                                                                            • Add Node Priority: After adding a node pool priority, you can set the upgrade sequence of nodes in the node pool. The system upgrades nodes in the sequence you specify. If you skip this setting, the system upgrades nodes based on the default policy.
                                                                                                                                            
+
                                                                                                                                          • Node Upgrade Configuration: You can set the maximum number of nodes to be upgraded in a batch.
                                                                                                                                          • Node Priority: You can set priorities for nodes to be upgraded. If you do not set this parameter, the system will determine the nodes to upgrade in batches based on specific conditions. Before setting the node upgrade priority, select a node pool. Nodes and node pools will be upgraded according to the priorities you specify.
                                                                                                                                            • Add Upgrade Priority: Add upgrade priorities for node pools.
                                                                                                                                            • Add Node Priority: After adding a node pool priority, you can set the upgrade sequence of nodes in the node pool. The system upgrades nodes in the sequence you specify. If you skip this setting, the system upgrades nodes based on the default policy.
                                                                                                                                            
 
                                                                                                                                          
 
                                                                                                                                        • After the configuration is complete, click Upgrade and confirm the upgrade. The cluster starts to be upgraded. You can view the process in the lower part of the page.
                                                                                                                                          During the upgrade, you can click Suspend on the right to suspend the cluster upgrade. To continue the upgrade, click Continue. When the progress bar reaches 100%, the cluster upgrade is complete.
                                                                                                                                          
 
                                                                                                                                           
                                                                                                                                          If an upgrade failure message is displayed during the cluster upgrade, rectify the fault as prompted and try again.
                                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0302.html b/docs/cce/umn/cce_10_0302.html
index 61529b00b..1671f93a3 100644
--- a/docs/cce/umn/cce_10_0302.html
+++ b/docs/cce/umn/cce_10_0302.html
@@ -2,106 +2,504 @@
 
 
                                                                                                                                          Before You Start
                                                                                                                                          
 
                                                                                                                                          Before the upgrade, you can check whether your cluster can be upgraded and which versions are available on the CCE console. For details, see Upgrade Overview.
                                                                                                                                          
-
                                                                                                                                          Precautions
                                                                                                                                          • Upgraded clusters cannot be rolled back. Therefore, perform the upgrade during off-peak hours to minimize the impact on your services.
                                                                                                                                          • Do not shut down, restart, or delete nodes during cluster upgrade. Otherwise, the upgrade fails.
                                                                                                                                          • Before upgrading a cluster, disable auto scaling policies to prevent node scaling during the upgrade. Otherwise, the upgrade fails.
                                                                                                                                          • If you locally modify the configuration of a cluster node, the cluster upgrade may fail or the configuration may be lost after the upgrade. Therefore, modify the configurations on the CCE console (cluster or node pool list page) so that they will be automatically inherited during the upgrade.
                                                                                                                                          • During the cluster upgrade, the running workload services will not be interrupted, but access to the API server will be temporarily interrupted.
                                                                                                                                          • Before upgrading the cluster, check whether the cluster is healthy. 
                                                                                                                                          • To ensure data security, you are advised to back up data before upgrading the cluster. During the upgrade, you are not advised to perform any operations on the cluster.
                                                                                                                                          • During the cluster upgrade, the node.kubernetes.io/upgrade taint (the effect is NoSchedule) is added to the node. After the cluster upgrade is complete, the taint is removed. Do not add taints with the same key name on the node. Even if the taints have different effects, they may be deleted by the system by mistake after the upgrade.
                                                                                                                                          
+
                                                                                                                                          Precautions
                                                                                                                                          Before upgrading a cluster, pay attention to the following points:
                                                                                                                                          
+
                                                                                                                                          • Upgrading a cluster cannot be rolled back. Perform an upgrade at a proper time to minimize the impact on your services. To ensure data security, you back up your data before an upgrade.
                                                                                                                                          • Before upgrading a cluster, ensure that no high-risk operations are performed in the cluster. Otherwise, the cluster upgrade may fail or the configuration may be lost after the upgrade. Common high-risk operations include modifying cluster node configurations locally and modifying the configurations of the listeners managed by CCE on the ELB console. Instead, modify configurations on the CCE console so that the modifications can be automatically inherited during the upgrade.
                                                                                                                                          • Before upgrading a cluster, ensure the cluster is working properly. 
                                                                                                                                          • Before upgrading a cluster, learn about the features and differences of each cluster version in Kubernetes Release Notes to prevent exceptions due to the use of an incompatible cluster version. For example, check whether any APIs deprecated in the target version are used in the cluster. Otherwise, calling the APIs may fail after the upgrade. For details, see Deprecated APIs.
                                                                                                                                          
+
                                                                                                                                          During a cluster upgrade, pay attention to the following points that may affect your services:
                                                                                                                                          
+
                                                                                                                                          • During a cluster upgrade, do not perform any operation on the cluster. Do not stop, restart, or delete nodes during cluster upgrade. Otherwise, the upgrade will fail.
                                                                                                                                          • During a cluster upgrade, the running workloads will not be interrupted, but access to the API server will be temporarily interrupted.
                                                                                                                                          • During a cluster upgrade, the node.kubernetes.io/upgrade taint (equivalent to NoSchedule) will be added to the nodes in the cluster. The taint will be removed after the cluster is upgraded. Do not add taints with the same key name on a node. Even if the taints have different effects, they may be deleted by the system by mistake after the upgrade.
                                                                                                                                          
 
                                                                                                                                          
-
                                                                                                                                          Notes and Constraints
                                                                                                                                          • Currently, only CCE clusters consisting of VM nodes and CCE Turbo clusters can be upgraded. 
                                                                                                                                          • Currently, clusters using private images cannot be upgraded.
                                                                                                                                          • After the cluster is upgraded, if the containerd vulnerability of the container engine is fixed in Cluster Version Release Notes, you need to manually restart containerd for the upgrade to take effect. The same applies to the existing pods.
                                                                                                                                          • If initContainer or Istio is used in the in-place upgrade of a cluster of v1.15, pay attention to the following restrictions:
                                                                                                                                            In kubelet 1.16 and later versions, QoS classes are different from those in earlier versions. In kubelet 1.15 and earlier versions, only containers in spec.containers are counted. In kubelet 1.16 and later versions, containers in both spec.containers and spec.initContainers are counted. The QoS class of a pod will change after the upgrade. As a result, the container in the pod restarts. You are advised to modify the QoS class of the service container before the upgrade to avoid this problem. For details, see Table 1.
                                                                                                                                            
+
                                                                                                                                            Constraints
                                                                                                                                            • CCE clusters and CCE Turbo clusters with VM nodes can be upgraded.
                                                                                                                                            • If there are any nodes created using a private image, the cluster cannot be upgraded.
                                                                                                                                            • After the cluster is upgraded, if the containerd vulnerability of the container engine is fixed in Kubernetes Release Notes, manually restart containerd for the upgrade to take effect. The same applies to the existing pods.
                                                                                                                                            • If you mount the docker.sock file on a node to a pod using the hostPath mode, that is, the Docker in Docker scenario, Docker will restart during the upgrade, but the docker.sock file does not change. As a result, your services may malfunction. You are advised to mount the docker.sock file by mounting the directory.
                                                                                                                                            • When clusters using the tunnel network model are upgraded to v1.19.16-r4, v1.21.7-r0, v1.23.5-r0, v1.25.1-r0, or later, the SNAT rule whose destination address is the container CIDR block but the source address is not the container CIDR block will be removed. If you have configured VPC routes to directly access all pods outside the cluster, only the pods on the corresponding nodes can be directly accessed after the upgrade.
                                                                                                                                            
+
                                                                                                                                            
+
                                                                                                                                            Deprecated APIs
                                                                                                                                            With the evolution of Kubernetes APIs, APIs are periodically reorganized or upgraded, and old APIs are deprecated and finally deleted. The following tables list the deprecated APIs in each Kubernetes community version. For details about more deprecated APIs, see Deprecated API Migration Guide.
                                                                                                                                            
+
+
                                                                                                                                             
                                                                                                                                            When an API is deprecated, the existing resources are not affected. However, when you create or edit the resources, the API version will be intercepted.
                                                                                                                                            
+
                                                                                                                                            
 
-
                                                                                                                                            Table 1 QoS class changes before and after the upgrade
                                                                                                                                            Init Container (Calculated Based on spec.initContainers)
                                                                                                                                            
+
                                                                                                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                            Table 1 Deprecated APIs in Kubernetes v1.25
                                                                                                                                            Resource Name
                                                                                                                                            
 
                                                                                                                                            Service Container (Calculated Based on spec.containers)
                                                                                                                                            
+
                                                                                                                                            Deprecated API Version
                                                                                                                                            
 
                                                                                                                                            Pod (Calculated Based on spec.containers and spec.initContainers)
                                                                                                                                            
+
                                                                                                                                            Substitute API Version
                                                                                                                                            
 
                                                                                                                                            Impacted or Not
                                                                                                                                            
+
                                                                                                                                            Change Description
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            
 
                                                                                                                                            Guaranteed
                                                                                                                                            
+
                                                                                                                                            CronJob
                                                                                                                                            
 
                                                                                                                                            Besteffort
                                                                                                                                            
+
                                                                                                                                            batch/v1beta1
                                                                                                                                            
 
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            batch/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.21.)
                                                                                                                                            
 
                                                                                                                                            Yes
                                                                                                                                            
+
                                                                                                                                            None
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            Guaranteed
                                                                                                                                            
+
                                                                                                                                            EndpointSlice
                                                                                                                                            
 
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            discovery.k8s.io/v1beta1
                                                                                                                                            
 
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            discovery.k8s.io/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.21.)
                                                                                                                                            
 
                                                                                                                                            No
                                                                                                                                            
+
                                                                                                                                            Pay attention to the following changes:
                                                                                                                                            
+
                                                                                                                                            • In each endpoint, the topology["kubernetes.io/hostname"] field has been deprecated. Replace it with the nodeName field.
                                                                                                                                            • In each endpoint, the topology["kubernetes.io/zone"] field has been deprecated. Replace it with the zone field.
                                                                                                                                            • The topology field is replaced with deprecatedTopology and cannot be written in v1.
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            Guaranteed
                                                                                                                                            
+
                                                                                                                                            Event
                                                                                                                                            
 
                                                                                                                                            Guaranteed
                                                                                                                                            
+
                                                                                                                                            events.k8s.io/v1beta1
                                                                                                                                            
 
                                                                                                                                            Guaranteed
                                                                                                                                            
+
                                                                                                                                            events.k8s.io/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.19.)
                                                                                                                                            
 
                                                                                                                                            No
                                                                                                                                            
+
                                                                                                                                            Pay attention to the following changes:
                                                                                                                                            
+
                                                                                                                                            • The type field can only be set to Normal or Warning.
                                                                                                                                            • The involvedObject field is renamed regarding.
                                                                                                                                            • The action, reason, reportingController, and reportingInstance fields are mandatory for creating a new events.k8s.io/v1 event.
                                                                                                                                            • Use eventTime instead of the deprecated firstTimestamp field (this field has been renamed deprecatedFirstTimestamp and is not allowed to appear in the new events.k8s.io/v1 event object).
                                                                                                                                            • Use series.lastObservedTime instead of the deprecated lastTimestamp field (this field has been renamed deprecatedLastTimestamp and is not allowed to appear in the new events.k8s.io/v1 event object).
                                                                                                                                            • Use series.count instead of the deprecated count field (this field has been renamed deprecatedCount and is not allowed to appear in the new events.k8s.io/v1 event object).
                                                                                                                                            • Use reportingController instead of the deprecated source.component field (this field has been renamed deprecatedSource.component and is not allowed to appear in the new events.k8s.io/v1 event object).
                                                                                                                                            • Use reportingInstance instead of the deprecated source.host field (this field has been renamed deprecatedSource.host and is not allowed to appear in the new events.k8s.io/v1 event object).
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            Besteffort
                                                                                                                                            
+
                                                                                                                                            HorizontalPodAutoscaler
                                                                                                                                            
 
                                                                                                                                            Besteffort
                                                                                                                                            
+
                                                                                                                                            autoscaling/v2beta1
                                                                                                                                            
 
                                                                                                                                            Besteffort
                                                                                                                                            
+
                                                                                                                                            autoscaling/v2
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.23.)
                                                                                                                                            
 
                                                                                                                                            No
                                                                                                                                            
+
                                                                                                                                            None
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            Besteffort
                                                                                                                                            
+
                                                                                                                                            PodDisruptionBudget
                                                                                                                                            
 
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            policy/v1beta1
                                                                                                                                            
 
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            policy/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.21.)
                                                                                                                                            
 
                                                                                                                                            No
                                                                                                                                            
+
                                                                                                                                            If spec.selector is set to null ({}) in PodDisruptionBudget of policy/v1, all pods in the namespace are selected. (In policy/v1beta1, an empty spec.selector means that no pod will be selected.) If spec.selector is not specified, pod will be selected in neither API version.
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            Besteffort
                                                                                                                                            
+
                                                                                                                                            PodSecurityPolicy
                                                                                                                                            
 
                                                                                                                                            Guaranteed
                                                                                                                                            
+
                                                                                                                                            policy/v1beta1
                                                                                                                                            
 
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            None
                                                                                                                                            
 
                                                                                                                                            Yes
                                                                                                                                            
+
                                                                                                                                            Since v1.25, the PodSecurityPolicy resource no longer provides APIs of the policy/v1beta1 version, and the PodSecurityPolicy access controller is deleted.
                                                                                                                                            
+
                                                                                                                                            Replace it with Configuring Pod Security Admission.
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            RuntimeClass
                                                                                                                                            
 
                                                                                                                                            Besteffort
                                                                                                                                            
+
                                                                                                                                            node.k8s.io/v1beta1
                                                                                                                                            
 
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            node.k8s.io/v1 (This API is available since v1.20.)
                                                                                                                                            
 
                                                                                                                                            Yes
                                                                                                                                            
-
                                                                                                                                            Burstable
                                                                                                                                            
-
                                                                                                                                            Burstable
                                                                                                                                            
-
                                                                                                                                            Burstable
                                                                                                                                            
-
                                                                                                                                            No
                                                                                                                                            
-
                                                                                                                                            Burstable
                                                                                                                                            
-
                                                                                                                                            Guaranteed
                                                                                                                                            
-
                                                                                                                                            Burstable
                                                                                                                                            
-
                                                                                                                                            Yes
                                                                                                                                            
+
                                                                                                                                            None
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            
                                                                                                                                             
 
                                                                                                                                            
 
                                                                                                                                            
+
+
                                                                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                            Table 2 Deprecated APIs in Kubernetes v1.22
                                                                                                                                            Resource Name
                                                                                                                                            
+
                                                                                                                                            Deprecated API Version
                                                                                                                                            
+
                                                                                                                                            Substitute API Version
                                                                                                                                            
+
                                                                                                                                            Change Description
                                                                                                                                            
+
                                                                                                                                            MutatingWebhookConfiguration
                                                                                                                                            
+
                                                                                                                                            ValidatingWebhookConfiguration
                                                                                                                                            
+
                                                                                                                                            admissionregistration.k8s.io/v1beta1
                                                                                                                                            
+
                                                                                                                                            admissionregistration.k8s.io/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.16.)
                                                                                                                                            
+
                                                                                                                                            • The default value of webhooks[*].failurePolicy is changed from Ignore to Fail in v1.
                                                                                                                                            • The default value of webhooks[*].matchPolicy is changed from Exact to Equivalent in v1.
                                                                                                                                            • The default value of webhooks[*].timeoutSeconds is changed from 30s to 10s in v1.
                                                                                                                                            • The default value of webhooks[*].sideEffects is deleted, and this field must be specified. In v1, the value can only be None or NoneOnDryRun.
                                                                                                                                            • The default value of webhooks[*].admissionReviewVersions is deleted. In v1, this field must be specified. (AdmissionReview v1 and v1beta1 are supported.)
                                                                                                                                            • webhooks[*].name must be unique in the list of objects created through admissionregistration.k8s.io/v1.
                                                                                                                                            
+
                                                                                                                                            CustomResourceDefinition
                                                                                                                                            
+
                                                                                                                                            apiextensions.k8s.io/v1beta1
                                                                                                                                            
+
                                                                                                                                            apiextensions/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.16.)
                                                                                                                                            
+
                                                                                                                                            • The default value of spec.scope is no longer Namespaced. This field must be explicitly specified.
                                                                                                                                            • spec.version is deleted from v1. Use spec.versions instead.
                                                                                                                                            • spec.validation is deleted from v1. Use spec.versions[*].schema instead.
                                                                                                                                            • spec.subresources is deleted from v1. Use spec.versions[*].subresources instead.
                                                                                                                                            • spec.additionalPrinterColumns is deleted from v1. Use spec.versions[*].additionalPrinterColumns instead.
                                                                                                                                            • spec.conversion.webhookClientConfig is moved to spec.conversion.webhook.clientConfig in v1.
                                                                                                                                            • spec.conversion.conversionReviewVersions is moved to spec.conversion.webhook.conversionReviewVersions in v1.
                                                                                                                                            
+
                                                                                                                                            • spec.versions[*].schema.openAPIV3Schema becomes a mandatory field when the CustomResourceDefinition object of the v1 version is created, and its value must be a structural schema.
                                                                                                                                            • spec.preserveUnknownFields: true cannot be specified when the CustomResourceDefinition object of the v1 version is created. This configuration must be specified using x-kubernetes-preserve-unknown-fields: true in the schema definition.
                                                                                                                                            • In v1, the JSONPath field in the additionalPrinterColumns entry is renamed jsonPath (patch #66531).
                                                                                                                                            
+
                                                                                                                                            APIService
                                                                                                                                            
+
                                                                                                                                            apiregistration/v1beta1
                                                                                                                                            
+
                                                                                                                                            apiregistration.k8s.io/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.10.)
                                                                                                                                            
+
                                                                                                                                            None
                                                                                                                                            
+
                                                                                                                                            TokenReview
                                                                                                                                            
+
                                                                                                                                            authentication.k8s.io/v1beta1
                                                                                                                                            
+
                                                                                                                                            authentication.k8s.io/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.6.)
                                                                                                                                            
+
                                                                                                                                            None
                                                                                                                                            
+
                                                                                                                                            LocalSubjectAccessReview
                                                                                                                                            
+
                                                                                                                                            SelfSubjectAccessReview
                                                                                                                                            
+
                                                                                                                                            SubjectAccessReview
                                                                                                                                            
+
                                                                                                                                            SelfSubjectRulesReview
                                                                                                                                            
+
                                                                                                                                            authorization.k8s.io/v1beta1
                                                                                                                                            
+
                                                                                                                                            authorization.k8s.io/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.16.)
                                                                                                                                            
+
                                                                                                                                            spec.group was renamed spec.groups in v1 (patch #32709).
                                                                                                                                            
+
                                                                                                                                            CertificateSigningRequest
                                                                                                                                            
+
                                                                                                                                            certificates.k8s.io/v1beta1
                                                                                                                                            
+
                                                                                                                                            certificates.k8s.io/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.19.)
                                                                                                                                            
+
                                                                                                                                            Pay attention to the following changes in certificates.k8s.io/v1:
                                                                                                                                            • For an API client that requests a certificate:
                                                                                                                                              • spec.signerName becomes a mandatory field (see Known Kubernetes Signers). In addition, the certificates.k8s.io/v1 API cannot be used to create requests whose signer is kubernetes.io/legacy-unknown.
                                                                                                                                              • spec.usages now becomes a mandatory field, which cannot contain duplicate string values and can contain only known usage strings.
                                                                                                                                              
+
                                                                                                                                            • For an API client that needs to approve or sign a certificate:
                                                                                                                                              • status.conditions cannot contain duplicate types.
                                                                                                                                              • The status.conditions[*].status field is now mandatory.
                                                                                                                                              • The status.certificate must be PEM-encoded and can contain only the CERTIFICATE data block.
                                                                                                                                              
 
                                                                                                                                            
 
                                                                                                                                            
+
                                                                                                                                            Lease
                                                                                                                                            
+
                                                                                                                                            coordination.k8s.io/v1beta1
                                                                                                                                            
+
                                                                                                                                            coordination.k8s.io/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.14.)
                                                                                                                                            
+
                                                                                                                                            None
                                                                                                                                            
+
                                                                                                                                            Ingress
                                                                                                                                            
+
                                                                                                                                            networking.k8s.io/v1beta1
                                                                                                                                            
+
                                                                                                                                            extensions/v1beta1
                                                                                                                                            
+
                                                                                                                                            networking.k8s.io/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.19.)
                                                                                                                                            
+
                                                                                                                                            • The spec.backend field is renamed spec.defaultBackend.
                                                                                                                                            • The serviceName field of the backend is renamed service.name.
                                                                                                                                            • The backend servicePort field represented by a number is renamed service.port.number.
                                                                                                                                            • The backend servicePort field represented by a string is renamed service.port.name.
                                                                                                                                            • The pathType field is mandatory for all paths to be specified. The options are Prefix, Exact, and ImplementationSpecific. To match the behavior of not defining the path type in v1beta1, use ImplementationSpecific.
                                                                                                                                            
+
                                                                                                                                            IngressClass
                                                                                                                                            
+
                                                                                                                                            networking.k8s.io/v1beta1
                                                                                                                                            
+
                                                                                                                                            networking.k8s.io/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.19.)
                                                                                                                                            
+
                                                                                                                                            None
                                                                                                                                            
+
                                                                                                                                            ClusterRole
                                                                                                                                            
+
                                                                                                                                            ClusterRoleBinding
                                                                                                                                            
+
                                                                                                                                            Role
                                                                                                                                            
+
                                                                                                                                            RoleBinding
                                                                                                                                            
+
                                                                                                                                            rbac.authorization.k8s.io/v1beta1
                                                                                                                                            
+
                                                                                                                                            rbac.authorization.k8s.io/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.8.)
                                                                                                                                            
+
                                                                                                                                            None
                                                                                                                                            
+
                                                                                                                                            PriorityClass
                                                                                                                                            
+
                                                                                                                                            scheduling.k8s.io/v1beta1
                                                                                                                                            
+
                                                                                                                                            scheduling.k8s.io/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.14.)
                                                                                                                                            
+
                                                                                                                                            None
                                                                                                                                            
+
                                                                                                                                            CSIDriver
                                                                                                                                            
+
                                                                                                                                            CSINode
                                                                                                                                            
+
                                                                                                                                            StorageClass
                                                                                                                                            
+
                                                                                                                                            VolumeAttachment
                                                                                                                                            
+
                                                                                                                                            storage.k8s.io/v1beta1
                                                                                                                                            
+
                                                                                                                                            storage.k8s.io/v1
                                                                                                                                            
+
                                                                                                                                            • CSIDriver is available in storage.k8s.io/v1 since v1.19.
                                                                                                                                            • CSINode is available in storage.k8s.io/v1 since v1.17.
                                                                                                                                            • StorageClass is available in storage.k8s.io/v1 since v1.6.
                                                                                                                                            • VolumeAttachment is available in storage.k8s.io/v1 since v1.13.
                                                                                                                                            
+
                                                                                                                                            
+
                                                                                                                                            
+
+
                                                                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                            Table 3 Deprecated APIs in Kubernetes v1.16
                                                                                                                                            Resource Name
                                                                                                                                            
+
                                                                                                                                            Deprecated API Version
                                                                                                                                            
+
                                                                                                                                            Substitute API Version
                                                                                                                                            
+
                                                                                                                                            Change Description
                                                                                                                                            
+
                                                                                                                                            NetworkPolicy
                                                                                                                                            
+
                                                                                                                                            extensions/v1beta1
                                                                                                                                            
+
                                                                                                                                            networking.k8s.io/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.8.)
                                                                                                                                            
+
                                                                                                                                            None
                                                                                                                                            
+
                                                                                                                                            DaemonSet
                                                                                                                                            
+
                                                                                                                                            extensions/v1beta1
                                                                                                                                            
+
                                                                                                                                            apps/v1beta2
                                                                                                                                            
+
                                                                                                                                            apps/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.9.)
                                                                                                                                            
+
                                                                                                                                            • The spec.templateGeneration field is deleted.
                                                                                                                                            • spec.selector is now a mandatory field and cannot be changed after the object is created. The label of an existing template can be used as a selector for seamless migration.
                                                                                                                                            • The default value of spec.updateStrategy.type is changed to RollingUpdate (the default value in the extensions/v1beta1 API version is OnDelete).
                                                                                                                                            
+
                                                                                                                                            Deployment
                                                                                                                                            
+
                                                                                                                                            extensions/v1beta1
                                                                                                                                            
+
                                                                                                                                            apps/v1beta1
                                                                                                                                            
+
                                                                                                                                            apps/v1beta2
                                                                                                                                            
+
                                                                                                                                            apps/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.9.)
                                                                                                                                            
+
                                                                                                                                            • The spec.rollbackTo field is deleted.
                                                                                                                                            • spec.selector is now a mandatory field and cannot be changed after the Deployment is created. The label of an existing template can be used as a selector for seamless migration.
                                                                                                                                            • The default value of spec.progressDeadlineSeconds is changed to 600 seconds (the default value in extensions/v1beta1 is unlimited).
                                                                                                                                            • The default value of spec.revisionHistoryLimit is changed to 10. (In the apps/v1beta1 API version, the default value of this field is 2. In the extensions/v1beta1 API version, all historical records are retained by default.)
                                                                                                                                            • The default values of maxSurge and maxUnavailable are changed to 25%. (In the extensions/v1beta1 API version, these fields default to 1.)
                                                                                                                                            
+
                                                                                                                                            StatefulSet
                                                                                                                                            
+
                                                                                                                                            apps/v1beta1
                                                                                                                                            
+
                                                                                                                                            apps/v1beta2
                                                                                                                                            
+
                                                                                                                                            apps/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.9.)
                                                                                                                                            
+
                                                                                                                                            • spec.selector is now a mandatory field and cannot be changed after the StatefulSet is created. The label of an existing template can be used as a selector for seamless migration.
                                                                                                                                            • The default value of spec.updateStrategy.type is changed to RollingUpdate (the default value in the apps/v1beta1 API version is OnDelete).
                                                                                                                                            
+
                                                                                                                                            ReplicaSet
                                                                                                                                            
+
                                                                                                                                            extensions/v1beta1
                                                                                                                                            
+
                                                                                                                                            apps/v1beta1
                                                                                                                                            
+
                                                                                                                                            apps/v1beta2
                                                                                                                                            
+
                                                                                                                                            apps/v1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.9.)
                                                                                                                                            
+
                                                                                                                                            spec.selector is now a mandatory field and cannot be changed after the object is created. The label of an existing template can be used as a selector for seamless migration.
                                                                                                                                            
+
                                                                                                                                            PodSecurityPolicy
                                                                                                                                            
+
                                                                                                                                            extensions/v1beta1
                                                                                                                                            
+
                                                                                                                                            policy/v1beta1
                                                                                                                                            
+
                                                                                                                                            (This API is available since v1.10.)
                                                                                                                                            
+
                                                                                                                                            PodSecurityPolicy for the policy/v1beta1 API version will be removed in v1.25.
                                                                                                                                            
+
                                                                                                                                            
+
                                                                                                                                            
+
+
                                                                                                                                            Version Differences
                                                                                                                                            
+
                                                                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                            Upgrade Path
                                                                                                                                            
+
                                                                                                                                            Version Difference
                                                                                                                                            
+
                                                                                                                                            Self-Check
                                                                                                                                            
+
                                                                                                                                            v1.19 to v1.21
                                                                                                                                            
+
                                                                                                                                            The bug of exec probe timeouts is fixed in Kubernetes 1.21. Before this bug is fixed, the exec probe does not consider the timeoutSeconds field. Instead, the probe will run indefinitely, even beyond its configured deadline. It will stop until the result is returned. If this field is not specified, the default value 1 is used. This field takes effect after the upgrade. If the probe runs over 1 second, the application health check may fail and the application may restart frequently.
                                                                                                                                            
+
                                                                                                                                            Before the upgrade, check whether the timeout is properly set for the exec probe.
                                                                                                                                            
+
                                                                                                                                            kube-apiserver of CCE 1.19 or later requires that the Subject Alternative Names (SANs) field be configured for the certificate of your webhook server. Otherwise, kube-apiserver fails to call the webhook server after the upgrade, and containers cannot be started properly.
                                                                                                                                            
+
                                                                                                                                            Root cause: X.509 CommonName is discarded in Go 1.15. kube-apiserver of CCE 1.19 is compiled using Go 1.15. If your webhook certificate does not have SANs, kube-apiserver does not process the CommonName field of the X.509 certificate as the host name by default. As a result, the authentication fails.
                                                                                                                                            
+
                                                                                                                                            Before the upgrade, check whether the SAN field is configured in the certificate of your webhook server.
                                                                                                                                            
+
                                                                                                                                            • If you do not have your own webhook server, you can skip this check.
                                                                                                                                            • If the field is not set, you are advised to use the SAN field to specify the IP address and domain name supported by the certificate.
                                                                                                                                            
+
                                                                                                                                            v1.15 to v1.19
                                                                                                                                            
+
                                                                                                                                            The control plane of CCE clusters of v1.19 is incompatible with kubelet v1.15. If a node fails to be upgraded or the node to be upgraded restarts after the master node is successfully upgraded, there is a high probability that the node is in the NotReady status.
                                                                                                                                            
+
                                                                                                                                            This is because the node failed to be upgraded restarts the kubelet and trigger the node registration. In clusters of v1.15, the default registration tags (failure-domain.beta.kubernetes.io/is-baremetal and kubernetes.io/availablezone) are regarded as invalid tags by the clusters of v1.19.
                                                                                                                                            
+
                                                                                                                                            The valid tags in the clusters of v1.19 are node.kubernetes.io/baremetal and failure-domain.beta.kubernetes.io/zone.
                                                                                                                                            
+
                                                                                                                                            1. In normal cases, this scenario is not triggered.
                                                                                                                                            2. After the master node is upgraded, do not suspend the upgrade so the node can be quickly upgraded.
                                                                                                                                            3. If a node fails to be upgraded and cannot be restored, evict applications on the node as soon as possible. Contact technical support and skip the node upgrade. After the upgrade is complete, reset the node.
                                                                                                                                            
+
                                                                                                                                            In CCE 1.15 and 1.19 clusters, the Docker storage driver file system is switched from XFS to Ext4. As a result, the import package sequence in the pods of the upgraded Java application may be abnormal, causing pod exceptions.
                                                                                                                                            
+
                                                                                                                                            Before the upgrade, check the Docker configuration file /etc/docker/daemon.json on the node. Check whether the value of dm.fs is xfs.
                                                                                                                                            
+
                                                                                                                                            • If the value is ext4 or the storage driver is Overlay, you can skip the next steps.
                                                                                                                                            • If the value is xfs, you are advised to deploy applications in the cluster of the new version in advance to test whether the applications are compatible with the new cluster version.
                                                                                                                                            
+
                                                                                                                                            {
+      "storage-driver": "devicemapper",
+      "storage-opts": [
+      "dm.thinpooldev=/dev/mapper/vgpaas-thinpool",
+      "dm.use_deferred_removal=true",
+      "dm.fs=xfs",
+      "dm.use_deferred_deletion=true"
+      ]
+}
                                                                                                                                            
+
                                                                                                                                            kube-apiserver of CCE 1.19 or later requires that the Subject Alternative Names (SANs) field be configured for the certificate of your webhook server. Otherwise, kube-apiserver fails to call the webhook server after the upgrade, and containers cannot be started properly.
                                                                                                                                            
+
                                                                                                                                            Root cause: X.509 CommonName is discarded in Go 1.15. kube-apiserver of CCE 1.19 is compiled using Go 1.15. The CommonName field is processed as the host name. As a result, the authentication fails.
                                                                                                                                            
+
                                                                                                                                            Before the upgrade, check whether the SAN field is configured in the certificate of your webhook server.
                                                                                                                                            
+
                                                                                                                                            • If you do not have your own webhook server, you can skip this check.
                                                                                                                                            • If the field is not set, you are advised to use the SAN field to specify the IP address and domain name supported by the certificate.
                                                                                                                                            
+
                                                                                                                                             NOTICE: 
                                                                                                                                            To mitigate the impact of version differences on cluster upgrade, CCE performs special processing during the upgrade from 1.15 to 1.19 and still supports certificates without SANs. However, no special processing is required for subsequent upgrades. You are advised to rectify your certificate as soon as possible.
                                                                                                                                            
+
                                                                                                                                            
+
                                                                                                                                            In clusters of v1.17.17 and later, CCE automatically creates pod security policies (PSPs) for you, which restrict the creation of pods with unsafe configurations, for example, pods for which net.core.somaxconn under a sysctl is configured in the security context.
                                                                                                                                            
+
                                                                                                                                            After an upgrade, you can allow insecure system configurations as required. For details, see Configuring a Pod Security Policy.
                                                                                                                                            
+
                                                                                                                                            If initContainer or Istio is used in the in-place upgrade of a cluster of v1.15, pay attention to the following restrictions:
                                                                                                                                            
+
                                                                                                                                            In kubelet 1.16 and later versions, QoS classes are different from those in earlier versions. In kubelet 1.15 and earlier versions, only containers in spec.containers are counted. In kubelet 1.16 and later versions, containers in both spec.containers and spec.initContainers are counted. The QoS class of a pod will change after the upgrade. As a result, the container in the pod restarts.
                                                                                                                                            
+
                                                                                                                                            You are advised to modify the QoS class of the service container before the upgrade to avoid this problem. For details, see Table 4.
                                                                                                                                            
+
                                                                                                                                            v1.13 to v1.15
                                                                                                                                            
+
                                                                                                                                            After a VPC network cluster is upgraded, the master node occupies an extra CIDR block due to the upgrade of network components. If no container CIDR block is available for the new node, the pod scheduled to the node cannot run.
                                                                                                                                            
+
                                                                                                                                            Generally, this problem occurs when the nodes in the cluster are about to fully occupy the container CIDR block. For example, the container CIDR block is 10.0.0.0/16, the number of available IP addresses is 65,536, and the VPC network is allocated a CIDR block with the fixed size (using the mask to determine the maximum number of container IP addresses allocated to each node). If the upper limit is 128, the cluster supports a maximum of 512 (65536/128) nodes, including the three master nodes. After the cluster is upgraded, each of the three master nodes occupies one CIDR block. As a result, 506 nodes are supported.
                                                                                                                                            
+
                                                                                                                                            
+
                                                                                                                                            
+
+
                                                                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                            Table 4 QoS class changes before and after the upgrade
                                                                                                                                            Init Container (Calculated Based on spec.initContainers)
                                                                                                                                            
+
                                                                                                                                            Service Container (Calculated Based on spec.containers)
                                                                                                                                            
+
                                                                                                                                            Pod (Calculated Based on spec.containers and spec.initContainers)
                                                                                                                                            
+
                                                                                                                                            Impacted or Not
                                                                                                                                            
+
                                                                                                                                            Guaranteed
                                                                                                                                            
+
                                                                                                                                            Besteffort
                                                                                                                                            
+
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            Yes
                                                                                                                                            
+
                                                                                                                                            Guaranteed
                                                                                                                                            
+
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            No
                                                                                                                                            
+
                                                                                                                                            Guaranteed
                                                                                                                                            
+
                                                                                                                                            Guaranteed
                                                                                                                                            
+
                                                                                                                                            Guaranteed
                                                                                                                                            
+
                                                                                                                                            No
                                                                                                                                            
+
                                                                                                                                            Besteffort
                                                                                                                                            
+
                                                                                                                                            Besteffort
                                                                                                                                            
+
                                                                                                                                            Besteffort
                                                                                                                                            
+
                                                                                                                                            No
                                                                                                                                            
+
                                                                                                                                            Besteffort
                                                                                                                                            
+
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            No
                                                                                                                                            
+
                                                                                                                                            Besteffort
                                                                                                                                            
+
                                                                                                                                            Guaranteed
                                                                                                                                            
+
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            Yes
                                                                                                                                            
+
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            Besteffort
                                                                                                                                            
+
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            Yes
                                                                                                                                            
+
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            No
                                                                                                                                            
+
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            Guaranteed
                                                                                                                                            
+
                                                                                                                                            Burstable
                                                                                                                                            
+
                                                                                                                                            Yes
                                                                                                                                            
+
                                                                                                                                            
+
                                                                                                                                            
+
                                                                                                                                            
 
                                                                                                                                            Upgrade Backup
                                                                                                                                            How to back up a node:
                                                                                                                                            
 
                                                                                                                                            • etcd database backup: CCE automatically backs up the etcd database during the cluster upgrade.
                                                                                                                                            • Master node backup (recommended, manual confirmation required): On the upgrade confirmation page, click Backup to back up the entire master node of the cluster. The backup process uses the Cloud Backup and Recovery (CBR) service and takes about 20 minutes. If there are many cloud backup tasks at the current site, the backup time may be prolonged.
                                                                                                                                            
 
                                                                                                                                            
diff --git a/docs/cce/umn/cce_10_0305.html b/docs/cce/umn/cce_10_0305.html
deleted file mode 100644
index 1181c559f..000000000
--- a/docs/cce/umn/cce_10_0305.html
+++ /dev/null
@@ -1,22 +0,0 @@
-
-
-
                                                                                                                                            Storage Management: FlexVolume (Deprecated)
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0306.html b/docs/cce/umn/cce_10_0306.html
deleted file mode 100644
index 419beaf92..000000000
--- a/docs/cce/umn/cce_10_0306.html
+++ /dev/null
@@ -1,58 +0,0 @@
-
-
-
                                                                                                                                            FlexVolume Overview
                                                                                                                                            
-
                                                                                                                                            In container storage, you can use different types of volumes and mount them to containers in pods as many as you want.
                                                                                                                                            
-
                                                                                                                                            In CCE, container storage is backed both by Kubernetes-native objects, such as emptyDir, hostPath, secret, and ConfigMap, and by cloud storage services.
                                                                                                                                            
-
                                                                                                                                            CCE clusters of 1.13 and earlier versions use the storage-driver add-on to connect to cloud storage services to support Kubernetes FlexVolume driver for container storage. The FlexVolume driver has been deprecated in favor of the Container Storage Interface (CSI). The everest add-on for CSI is installed in CCE clusters of 1.15 and later versions by default. For details, see Overview.
                                                                                                                                            
-
                                                                                                                                             
                                                                                                                                            • In CCE clusters earlier than Kubernetes 1.13, end-to-end capacity expansion of container storage is not supported, and the PVC capacity is inconsistent with the storage capacity.
                                                                                                                                            • In a cluster of v1.13 or earlier, when an upgrade or bug fix is available for storage functionalities, you only need to install or upgrade the storage-driver add-on. Upgrading the cluster or creating a cluster is not required.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            • For clusters created in CCE, Kubernetes v1.15.11 is a transitional version in which the FlexVolume plug-in (storage-driver) is compatible with the CSI plug-in (everest). Clusters of v1.17 and later versions do not support FlexVolume anymore. You need to use the everest add-on.
                                                                                                                                            • The FlexVolume plug-in will be maintained by Kubernetes developers, but new functionality will only be added to CSI. You are advised not to create storage that connects to the FlexVolume plug-in (storage-driver) in CCE anymore. Otherwise, the storage resources may not function normally.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Checking Storage Add-ons
                                                                                                                                            1. Log in to the CCE console.
                                                                                                                                            2. In the navigation tree on the left, click Add-ons.
                                                                                                                                            3. Click the Add-on Instance tab.
                                                                                                                                            4. Select a cluster in the upper right corner. The default storage add-on installed during cluster creation is displayed.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Differences Between CSI and FlexVolume Plug-ins
                                                                                                                                            
-
                                                                                                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                            Table 1 CSI and FlexVolume
                                                                                                                                            Kubernetes Solution
                                                                                                                                            
-
                                                                                                                                            CCE Add-on
                                                                                                                                            
-
                                                                                                                                            Feature
                                                                                                                                            
-
                                                                                                                                            Recommendation
                                                                                                                                            
-
                                                                                                                                            CSI
                                                                                                                                            
-
                                                                                                                                            Everest
                                                                                                                                            
-
                                                                                                                                            CSI was developed as a standard for exposing arbitrary block and file storage storage systems to containerized workloads. Using CSI, third-party storage providers can deploy plugins exposing new storage systems in Kubernetes without having to touch the core Kubernetes code. In CCE, the everest add-on is installed by default in clusters of Kubernetes v1.15 and later to connect to storage services (EVS, OBS, SFS, and SFS Turbo).
                                                                                                                                            
-
                                                                                                                                            The everest add-on consists of two parts:
                                                                                                                                            
-
                                                                                                                                            • everest-csi-controller for storage volume creation, deletion, capacity expansion, and cloud disk snapshots
                                                                                                                                            • everest-csi-driver for mounting, unmounting, and formatting storage volumes on nodes
                                                                                                                                            
-
                                                                                                                                            For details, see everest.
                                                                                                                                            
-
                                                                                                                                            The everest add-on is installed by default in clusters of v1.15 and later. CCE will mirror the Kubernetes community by providing continuous support for updated CSI capabilities.
                                                                                                                                            
-
                                                                                                                                            Flexvolume
                                                                                                                                            
-
                                                                                                                                            storage-driver
                                                                                                                                            
-
                                                                                                                                            FlexVolume is an out-of-tree plugin interface that has existed in Kubernetes since version 1.2 (before CSI). CCE provided FlexVolume volumes through the storage-driver add-on installed in clusters of Kubernetes v1.13 and earlier versions. This add-on connects clusters to storage services (EVS, OBS, SFS, and SFS Turbo).
                                                                                                                                            
-
                                                                                                                                            For details, see storage-driver.
                                                                                                                                            
-
                                                                                                                                            For the created clusters of v1.13 or earlier, the installed FlexVolume plug-in (CCE add-on storage-driver) can still be used. CCE stops providing update support for this add-on, and you are advised to upgrade these clusters.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                             
                                                                                                                                            • A cluster can use only one type of storage plug-ins.
                                                                                                                                            • The FlexVolume plug-in cannot be replaced by the CSI plug-in in clusters of v1.13 or earlier. You can only upgrade these clusters. For details, see Cluster Upgrade.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0307.html b/docs/cce/umn/cce_10_0307.html
index 259dfcf5e..6afb5a074 100644
--- a/docs/cce/umn/cce_10_0307.html
+++ b/docs/cce/umn/cce_10_0307.html
@@ -1,229 +1,153 @@
 
 
 
                                                                                                                                            Overview
                                                                                                                                            
-
                                                                                                                                            Volume
                                                                                                                                            On-disk files in a container are ephemeral, which will be lost when the container crashes and are difficult to be shared between containers running together in a pod. The Kubernetes volume abstraction solves both of these problems. Volumes cannot be independently created, but defined in the pod spec. All containers in a pod can access its volumes, but the volumes must have been mounted to any directory in a container.
                                                                                                                                            
-
                                                                                                                                            The following figure shows how a storage volume is used between containers in a pod.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            A volume will no longer exist if the pod to which it is mounted does not exist. However, files in the volume may outlive the volume, depending on the volume type.
                                                                                                                                            
+
                                                                                                                                            Container Storage
                                                                                                                                            CCE container storage is implemented based on Kubernetes container storage APIs (CSI). CCE integrates multiple types of cloud storage and covers different application scenarios. CCE is fully compatible with Kubernetes native storage services, such as emptyDir, hostPath, secret, and ConfigMap.
                                                                                                                                            
+
                                                                                                                                            Figure 1 Container storage type
                                                                                                                                            
 
                                                                                                                                            
-
                                                                                                                                            Volume Types
                                                                                                                                            Volumes can be classified into local volumes and cloud volumes.
                                                                                                                                            
-
                                                                                                                                            • Local volumes
                                                                                                                                              CCE supports the following five types of local volumes. For details about how to use them, see Using Local Disks as Storage Volumes.
                                                                                                                                              • emptyDir: an empty volume used for temporary storage
                                                                                                                                              • hostPath: mounts a directory on a host (node) to your container for reading data from the host.
                                                                                                                                              • ConfigMap: references the data stored in a ConfigMap for use by containers.
                                                                                                                                              • Secret: references the data stored in a secret for use by containers.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            • Cloud volumes 
                                                                                                                                              CCE supports the following types of cloud volumes:
                                                                                                                                              
-
                                                                                                                                              • EVS
                                                                                                                                              • SFS Turbo
                                                                                                                                              • OBS
                                                                                                                                              • SFS
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            CSI
                                                                                                                                            You can use Kubernetes Container Storage Interface (CSI) to develop plug-ins to support specific storage volumes.
                                                                                                                                            
-
                                                                                                                                            CCE developed the storage add-on everest for you to use cloud storage services, such as EVS and OBS. You can install this add-on when creating a cluster.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            PV and PVC
                                                                                                                                            Kubernetes provides PersistentVolumes (PVs) and PersistentVolumeClaims (PVCs) to abstract details of how storage is provided from how it is consumed. You can request specific size of storage when needed, just like pods can request specific levels of resources (CPU and memory).
                                                                                                                                            
-
                                                                                                                                            • PV: A PV is a persistent storage volume in a cluster. Same as a node, a PV is a cluster-level resource. 
                                                                                                                                            • PVC: A PVC describes a workload's request for storage resources. This request consumes existing PVs in the cluster. If there is no PV available, underlying storage and PVs are dynamically created. When creating a PVC, you need to describe the attributes of the requested persistent storage, such as the size of the volume and the read/write permissions.
                                                                                                                                            
-
                                                                                                                                            You can bind PVCs to PVs in a pod so that the pod can use storage resources. The following figure shows the relationship between PVs and PVCs.
                                                                                                                                            
-
                                                                                                                                            Figure 1 PVC-to-PV binding
                                                                                                                                            
-
                                                                                                                                            PVs describes storage resources in the cluster. PVCs are requests for those resources. The following sections will describe how to use kubectl to connect to storage resources.
                                                                                                                                            
-
                                                                                                                                            If you do not want to create storage resources or PVs manually, you can use StorageClasses.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            StorageClass
                                                                                                                                            StorageClass describes the storage class used in the cluster. You need to specify StorageClass when creating a PVC or PV. As of now, CCE provides storage classes such as csi-disk, csi-nas, and csi-obs by default. When defining a PVC, you can use a StorageClassName to create a PV of the corresponding type and automatically create underlying storage resources.
                                                                                                                                            
-
                                                                                                                                            You can run the following command to query the storage classes that CCE supports. You can use the CSI plug-in provided by CCE to customize a storage class, which functions similarly as the default storage classes in CCE.
                                                                                                                                            
-
                                                                                                                                            # kubectl get sc
-NAME                PROVISIONER                     AGE
-csi-disk            everest-csi-provisioner         17d          # Storage class for EVS disks
-csi-disk-topology   everest-csi-provisioner         17d          # Storage class for EVS disks with delayed binding
-csi-nas             everest-csi-provisioner         17d          # Storage class for SFS file systems
-csi-obs             everest-csi-provisioner         17d          # Storage class for OBS buckets
                                                                                                                                            
-
                                                                                                                                            After a StorageClass is set, PVs can be automatically created and maintained. You only need to specify the StorageClass when creating a PVC, which greatly reduces the workload.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Cloud Services for Container Storage
                                                                                                                                            CCE allows you to mount local and cloud storage volumes listed in Volume Types to your pods. Their features are described below.
                                                                                                                                            
-
                                                                                                                                            Figure 2 Volume types supported by CCE
                                                                                                                                            
-
-
                                                                                                                                            
-
                                                                                                                                            Table 1 Detailed description of cloud storage services
                                                                                                                                            Dimension
                                                                                                                                            
+
                                                                                                                                            CCE allows you to mount cloud storage volumes to your pods. Their features are described below.
+
                                                                                                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                            Table 1 Cloud storage comparison
                                                                                                                                            Dimension
                                                                                                                                            
 
                                                                                                                                            EVS
                                                                                                                                            
+
                                                                                                                                            EVS
                                                                                                                                            
 
                                                                                                                                            SFS
                                                                                                                                            
+
                                                                                                                                            SFS
                                                                                                                                            
 
                                                                                                                                            OBS
                                                                                                                                            
+
                                                                                                                                            SFS Turbo
                                                                                                                                            
 
                                                                                                                                            SFS Turbo
                                                                                                                                            
+
                                                                                                                                            OBS
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            
 
                                                                                                                                            Definition
                                                                                                                                            
+
                                                                                                                                            Definition
                                                                                                                                            
 
                                                                                                                                            EVS offers scalable block storage for cloud servers. With high reliability, high performance, and rich specifications, EVS disks can be used for distributed file systems, dev/test environments, data warehouses, and high-performance computing (HPC) applications.
                                                                                                                                            
+
                                                                                                                                            EVS offers scalable block storage for cloud servers. With high reliability, high performance, and rich specifications, EVS disks can be used for distributed file systems, dev/test environments, data warehouses, and high-performance computing (HPC) applications.
                                                                                                                                            
 
                                                                                                                                            Expandable to petabytes, SFS provides fully hosted shared file storage, highly available and stable to handle data- and bandwidth-intensive applications in HPC, media processing, file sharing, content management, and web services.
                                                                                                                                            
+
                                                                                                                                            Expandable to petabytes, SFS provides fully hosted shared file storage, highly available and stable to handle data- and bandwidth-intensive applications in HPC, media processing, file sharing, content management, and web services.
                                                                                                                                            
 
                                                                                                                                            
 
                                                                                                                                            OBS is a stable, secure, and easy-to-use object storage service that lets you inexpensively store data of any format and size. You can use it in enterprise backup/archiving, video on demand (VoD), video surveillance, and many other scenarios.
                                                                                                                                            
+
                                                                                                                                            Expandable to 320 TB, SFS Turbo provides a fully hosted shared file storage, which is highly available and stable, to support small files and applications requiring low latency and high IOPS. You can use SFS Turbo in high-traffic websites, log storage, compression/decompression, DevOps, enterprise OA, and containerized applications.
                                                                                                                                            
 
                                                                                                                                            Expandable to 320 TB, SFS Turbo provides a fully hosted shared file storage, highly available and stable to support small files and applications requiring low latency and high IOPS. You can use SFS Turbo in high-traffic websites, log storage, compression/decompression, DevOps, enterprise OA, and containerized applications.
                                                                                                                                            
+
                                                                                                                                            Object Storage Service (OBS) provides massive, secure, and cost-effective data storage for you to store data of any type and size. You can use it in enterprise backup/archiving, video on demand (VoD), video surveillance, and many other scenarios.
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            Data storage logic
                                                                                                                                            
+
                                                                                                                                            Data storage logic
                                                                                                                                            
 
                                                                                                                                            Stores binary data and cannot directly store files. To store files, you need to format the file system first.
                                                                                                                                            
+
                                                                                                                                            Stores binary data and cannot directly store files. To store files, format the file system first.
                                                                                                                                            
 
                                                                                                                                            Stores files and sorts and displays data in the hierarchy of files and folders.
                                                                                                                                            
+
                                                                                                                                            Stores files and sorts and displays data in the hierarchy of files and folders.
                                                                                                                                            
 
                                                                                                                                            Stores objects. Files directly stored automatically generate the system metadata, which can also be customized by users.
                                                                                                                                            
+
                                                                                                                                            Stores files and sorts and displays data in the hierarchy of files and folders.
                                                                                                                                            
 
                                                                                                                                            Stores files and sorts and displays data in the hierarchy of files and folders.
                                                                                                                                            
+
                                                                                                                                            Stores objects. Files directly stored automatically generate the system metadata, which can also be customized by users.
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            Services
                                                                                                                                            
+
                                                                                                                                            Access mode
                                                                                                                                            
 
                                                                                                                                            Accessible only after being mounted to ECSs or BMSs and initialized.
                                                                                                                                            
+
                                                                                                                                            Accessible only after being mounted to ECSs or BMSs and initialized.
                                                                                                                                            
 
                                                                                                                                            Mounted to ECSs or BMSs using network protocols. A network address must be specified or mapped to a local directory for access.
                                                                                                                                            
+
                                                                                                                                            Mounted to ECSs or BMSs using network protocols. A network address must be specified or mapped to a local directory for access.
                                                                                                                                            
 
                                                                                                                                            Accessible through the Internet or Direct Connect (DC). You need to specify the bucket address and use transmission protocols such as HTTP and HTTPS.
                                                                                                                                            
+
                                                                                                                                            Supports the Network File System (NFS) protocol (NFSv3 only). You can seamlessly integrate existing applications and tools with SFS Turbo.
                                                                                                                                            
 
                                                                                                                                            Supports the Network File System (NFS) protocol (NFSv3 only). You can seamlessly integrate existing applications and tools with SFS Turbo.
                                                                                                                                            
+
                                                                                                                                            Accessible through the Internet or Direct Connect (DC). Specify the bucket address and use transmission protocols such as HTTP or HTTPS.
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            Static provisioning
                                                                                                                                            
+
                                                                                                                                            Static provisioning
                                                                                                                                            
 
                                                                                                                                            Supported
                                                                                                                                            
+
                                                                                                                                            Supported. For details, see Using an Existing EVS Disk Through a Static PV.
                                                                                                                                            
 
                                                                                                                                            Supported
                                                                                                                                            
+
                                                                                                                                            Supported. For details, see Using an Existing SFS File System Through a Static PV.
                                                                                                                                            
 
                                                                                                                                            Supported
                                                                                                                                            
+
                                                                                                                                            Supported. For details, see Using an Existing SFS Turbo File System Through a Static PV.
                                                                                                                                            
 
                                                                                                                                            Supported
                                                                                                                                            
+
                                                                                                                                            Supported. For details, see Using an Existing OBS Bucket Through a Static PV.
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            Dynamic provisioning
                                                                                                                                            
+
                                                                                                                                            Dynamic provisioning
                                                                                                                                            
 
                                                                                                                                            Supported
                                                                                                                                            
+
                                                                                                                                            Supported. For details, see Using an EVS Disk Through a Dynamic PV.
                                                                                                                                            
 
                                                                                                                                            Supported
                                                                                                                                            
+
                                                                                                                                            Supported. For details, see Using an SFS File System Through a Dynamic PV.
                                                                                                                                            
 
                                                                                                                                            Supported
                                                                                                                                            
+
                                                                                                                                            Not supported
                                                                                                                                            
 
                                                                                                                                            Not supported
                                                                                                                                            
+
                                                                                                                                            Supported. For details, see Using an OBS Bucket Through a Dynamic PV.
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            Features
                                                                                                                                            
+
                                                                                                                                            Features
                                                                                                                                            
 
                                                                                                                                            Non-shared storage. Each volume can be mounted to only one node.
                                                                                                                                            
+
                                                                                                                                            Non-shared storage. Each volume can be mounted to only one node.
                                                                                                                                            
 
                                                                                                                                            Shared storage featuring high performance and throughput
                                                                                                                                            
+
                                                                                                                                            Shared storage featuring high performance and throughput
                                                                                                                                            
 
                                                                                                                                            Shared, user-mode file system
                                                                                                                                            
+
                                                                                                                                            Shared storage featuring high performance and bandwidth
                                                                                                                                            
 
                                                                                                                                            Shared storage featuring high performance and bandwidth
                                                                                                                                            
+
                                                                                                                                            Shared, user-mode file system
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            Usage
                                                                                                                                            
+
                                                                                                                                            Usage
                                                                                                                                            
 
                                                                                                                                            HPC, enterprise core cluster applications, enterprise application systems, and dev/test
                                                                                                                                            
+
                                                                                                                                            HPC, enterprise core cluster applications, enterprise application systems, and dev/test
                                                                                                                                            
 
                                                                                                                                             NOTE: 
                                                                                                                                            HPC apps here require high-speed and high-IOPS storage, such as industrial design and energy exploration.
                                                                                                                                            
 
                                                                                                                                            
 
                                                                                                                                            HPC, media processing, content management, web services, big data, and analysis applications
                                                                                                                                            
+
                                                                                                                                            HPC, media processing, content management, web services, big data, and analysis applications
                                                                                                                                            
 
                                                                                                                                             NOTE: 
                                                                                                                                            HPC apps here require high bandwidth and shared file storage, such as gene sequencing and image rendering.
                                                                                                                                            
 
                                                                                                                                            
 
                                                                                                                                            Big data analysis, static website hosting, online video on demand (VoD), gene sequencing, intelligent video surveillance, backup and archiving, and enterprise cloud boxes (web disks)
                                                                                                                                            
+
                                                                                                                                            High-traffic websites, log storage, DevOps, and enterprise OA
                                                                                                                                            
 
                                                                                                                                            High-traffic websites, log storage, DevOps, and enterprise OA
                                                                                                                                            
+
                                                                                                                                            Big data analytics, static website hosting, online video on demand (VoD), gene sequencing, intelligent video surveillance, backup and archiving, and enterprise cloud boxes (web disks)
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            Capacity
                                                                                                                                            
+
                                                                                                                                            Capacity
                                                                                                                                            
 
                                                                                                                                            TB
                                                                                                                                            
+
                                                                                                                                            TB
                                                                                                                                            
 
                                                                                                                                            SFS 1.0: PB
                                                                                                                                            
+
                                                                                                                                            SFS 1.0: PB
                                                                                                                                            
 
                                                                                                                                            EB
                                                                                                                                            
+
                                                                                                                                            General-purpose: TB
                                                                                                                                            
 
                                                                                                                                            TB
                                                                                                                                            
+
                                                                                                                                            EB
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            Latency
                                                                                                                                            
+
                                                                                                                                            Latency
                                                                                                                                            
 
                                                                                                                                            1-2 ms
                                                                                                                                            
+
                                                                                                                                            1–2 ms
                                                                                                                                            
 
                                                                                                                                            SFS 1.0: 3-20 ms
                                                                                                                                            
+
                                                                                                                                            SFS 1.0: 3–20 ms
                                                                                                                                            
 
                                                                                                                                            10 ms 
                                                                                                                                            
+
                                                                                                                                            General-purpose: 1–5 ms
                                                                                                                                            
 
                                                                                                                                            1-2 ms
                                                                                                                                            
+
                                                                                                                                            10 ms
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            IOPS/TPS
                                                                                                                                            
+
                                                                                                                                            IOPS/TPS
                                                                                                                                            
 
                                                                                                                                            33,000 for a single disk
                                                                                                                                            
+
                                                                                                                                            33,000 for a single disk
                                                                                                                                            
 
                                                                                                                                            SFS 1.0: 2K
                                                                                                                                            
+
                                                                                                                                            SFS 1.0: 2,000
                                                                                                                                            
 
                                                                                                                                            Tens of millions
                                                                                                                                            
+
                                                                                                                                            General-purpose: up to 100,000
                                                                                                                                            
 
                                                                                                                                            100K
                                                                                                                                            
+
                                                                                                                                            Tens of millions
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            Bandwidth
                                                                                                                                            
+
                                                                                                                                            Bandwidth
                                                                                                                                            
 
                                                                                                                                            MB/s
                                                                                                                                            
+
                                                                                                                                            MB/s
                                                                                                                                            
 
                                                                                                                                            SFS 1.0: GB/s
                                                                                                                                            
+
                                                                                                                                            SFS 1.0: GB/s
                                                                                                                                            
 
                                                                                                                                            TB/s
                                                                                                                                            
+
                                                                                                                                            General-purpose: up to GB/s
                                                                                                                                            
 
                                                                                                                                            GB/s
                                                                                                                                            
+
                                                                                                                                            TB/s
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            
                                                                                                                                             
 
                                                                                                                                            
 
                                                                                                                                            
 
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            Secure containers do not support OBS volumes.
                                                                                                                                            
-
                                                                                                                                            • A single user can create a maximum of 100 OBS buckets on the console. If you have a large number of CCE workloads and you want to mount an OBS bucket to every workload, you may easily run out of buckets. In this scenario, you are advised to use OBS through the OBS API or SDK and do not mount OBS buckets to the workload on the console.
                                                                                                                                            • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                                                              For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volume mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                                                              
-
                                                                                                                                            • When you uninstall a subpath in a cluster of v1.19 or earlier, all folders in the subpath are traversed. If there are a large number of folders, the traversal takes a long time, so does the volume unmount. You are advised not to create too many folders in the subpath.
                                                                                                                                            • The maximum size of a single file in OBS mounted to a CCE cluster is far smaller than that defined by obsfs.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Notice on Using Add-ons
                                                                                                                                            • To use the CSI plug-in (the everest add-on in CCE), your cluster must be using Kubernetes 1.15 or later. This add-on is installed by default when you create a cluster of v1.15 or later. The FlexVolume plug-in (the storage-driver add-on in CCE) is installed by default when you create a cluster of v1.13 or earlier.
                                                                                                                                            • If your cluster is upgraded from v1.13 to v1.15, storage-driver is replaced by everest (v1.1.6 or later) for container storage. The takeover does not affect the original storage functions.
                                                                                                                                            • In version 1.2.0 of the everest add-on, key authentication is optimized when OBS is used. After the everest add-on is upgraded from a version earlier than 1.2.0, you need to restart all workloads that use OBS in the cluster. Otherwise, workloads may not be able to use OBS.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Differences Between CSI and FlexVolume Plug-ins
                                                                                                                                            
-
                                                                                                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                            Table 2 CSI and FlexVolume
                                                                                                                                            Kubernetes Solution
                                                                                                                                            
-
                                                                                                                                            CCE Add-on
                                                                                                                                            
-
                                                                                                                                            Feature
                                                                                                                                            
-
                                                                                                                                            Recommendation
                                                                                                                                            
-
                                                                                                                                            CSI
                                                                                                                                            
-
                                                                                                                                            Everest
                                                                                                                                            
-
                                                                                                                                            CSI was developed as a standard for exposing arbitrary block and file storage storage systems to containerized workloads. Using CSI, third-party storage providers can deploy plugins exposing new storage systems in Kubernetes without having to touch the core Kubernetes code. In CCE, the everest add-on is installed by default in clusters of Kubernetes v1.15 and later to connect to storage services (EVS, OBS, SFS, and SFS Turbo).
                                                                                                                                            
-
                                                                                                                                            The everest add-on consists of two parts:
                                                                                                                                            
-
                                                                                                                                            • everest-csi-controller for storage volume creation, deletion, capacity expansion, and cloud disk snapshots
                                                                                                                                            • everest-csi-driver for mounting, unmounting, and formatting storage volumes on nodes
                                                                                                                                            
-
                                                                                                                                            For details, see everest.
                                                                                                                                            
-
                                                                                                                                            The everest add-on is installed by default in clusters of v1.15 and later. CCE will mirror the Kubernetes community by providing continuous support for updated CSI capabilities.
                                                                                                                                            
-
                                                                                                                                            Flexvolume
                                                                                                                                            
-
                                                                                                                                            storage-driver
                                                                                                                                            
-
                                                                                                                                            FlexVolume is an out-of-tree plugin interface that has existed in Kubernetes since version 1.2 (before CSI). CCE provided FlexVolume volumes through the storage-driver add-on installed in clusters of Kubernetes v1.13 and earlier versions. This add-on connects clusters to storage services (EVS, OBS, SFS, and SFS Turbo).
                                                                                                                                            
-
                                                                                                                                            For details, see storage-driver.
                                                                                                                                            
-
                                                                                                                                            For the created clusters of v1.13 or earlier, the installed FlexVolume plug-in (CCE add-on storage-driver) can still be used. CCE stops providing update support for this add-on, and you are advised to upgrade these clusters.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                             
                                                                                                                                            • A cluster can use only one type of storage plug-ins.
                                                                                                                                            • The FlexVolume plug-in cannot be replaced by the CSI plug-in in clusters of v1.13 or earlier. You can only upgrade these clusters. For details, see Cluster Upgrade.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Checking Storage Add-ons
                                                                                                                                            1. Log in to the CCE console.
                                                                                                                                            2. In the navigation tree on the left, click Add-ons.
                                                                                                                                            3. Click the Add-on Instance tab.
                                                                                                                                            4. Select a cluster in the upper right corner. The default storage add-on installed during cluster creation is displayed.
                                                                                                                                            
+
                                                                                                                                            Documentation
                                                                                                                                            
 
                                                                                                                                            
 
                                                                                                                                            
 
                                                                                                                                            
diff --git a/docs/cce/umn/cce_10_0309.html b/docs/cce/umn/cce_10_0309.html
deleted file mode 100644
index 0a3dfac7c..000000000
--- a/docs/cce/umn/cce_10_0309.html
+++ /dev/null
@@ -1,21 +0,0 @@
-
-
-
                                                                                                                                            Using EVS Disks as Storage Volumes
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0310.html b/docs/cce/umn/cce_10_0310.html
deleted file mode 100644
index 5d193bf0b..000000000
--- a/docs/cce/umn/cce_10_0310.html
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
-
                                                                                                                                            Overview
                                                                                                                                            
-
                                                                                                                                            To achieve persistent storage, CCE allows you to mount the storage volumes created from Elastic Volume Service (EVS) disks to a path of a container. When the container is migrated, the mounted EVS volumes are also migrated. By using EVS volumes, you can mount the remote file directory of storage system into a container so that data in the data volume is permanently preserved even when the container is deleted.
                                                                                                                                            
-
                                                                                                                                            Figure 1 Mounting EVS volumes to CCE
                                                                                                                                            
-
                                                                                                                                            Description
                                                                                                                                            • User-friendly: Similar to formatting disks for on-site servers in traditional layouts, you can format block storage (disks) mounted to cloud servers, and create file systems on them.
                                                                                                                                            • Data isolation: Each server uses an independent block storage device (disk).
                                                                                                                                            • Private network: User can access data only in private networks of data centers.
                                                                                                                                            • Capacity and performance: The capacity of a single volume is limited (TB-level), but the performance is excellent (ms-level read/write I/O latency).
                                                                                                                                            • Restriction: EVS disks that have partitions or have non-ext4 file systems cannot be imported.
                                                                                                                                            • Applications: HPC, enterprise core applications running in clusters, enterprise application systems, and development and testing. These volumes are often used by single-pod Deployments and jobs, or exclusively by each pod in a StatefulSet. EVS disks are non-shared storage and cannot be attached to multiple nodes at the same time. If two pods are configured to use the same EVS disk and the two pods are scheduled to different nodes, one pod cannot be started because the EVS disk cannot be attached to it.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0312.html b/docs/cce/umn/cce_10_0312.html
deleted file mode 100644
index 39bb7f80b..000000000
--- a/docs/cce/umn/cce_10_0312.html
+++ /dev/null
@@ -1,71 +0,0 @@
-
-
-
                                                                                                                                            (kubectl) Automatically Creating an EVS Disk
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            The following configuration example applies to clusters of Kubernetes 1.13 or earlier.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Procedure
                                                                                                                                            1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                            2. Run the following commands to configure the pvc-evs-auto-example.yaml file, which is used to create a PVC.
                                                                                                                                              touch pvc-evs-auto-example.yaml
                                                                                                                                              
-
                                                                                                                                              vi pvc-evs-auto-example.yaml
                                                                                                                                              
-
                                                                                                                                              Example YAML file for clusters of v1.9, v1.11, and v1.13:
                                                                                                                                              apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: pvc-evs-auto-example
-  namespace: default
-  annotations:
-    volume.beta.kubernetes.io/storage-class: sas
-  labels:
-    failure-domain.beta.kubernetes.io/region: eu-de
-    failure-domain.beta.kubernetes.io/zone: eu-de-01
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 10Gi
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 1 Key parameters
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              volume.beta.kubernetes.io/storage-class
                                                                                                                                              
-
                                                                                                                                              EVS disk type. The value is in lowercase.
                                                                                                                                              
-
                                                                                                                                              failure-domain.beta.kubernetes.io/region
                                                                                                                                              
-
                                                                                                                                              Region where the cluster is located.
                                                                                                                                              
-
                                                                                                                                              failure-domain.beta.kubernetes.io/zone
                                                                                                                                              
-
                                                                                                                                              AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                              
-
                                                                                                                                              storage
                                                                                                                                              
-
                                                                                                                                              Storage capacity in the unit of Gi.
                                                                                                                                              
-
                                                                                                                                              accessModes
                                                                                                                                              
-
                                                                                                                                              Read/write mode of the volume.
                                                                                                                                              
-
                                                                                                                                              You can set this parameter to ReadWriteMany (shared volume) and ReadWriteOnce (non-shared volume).
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            3. Run the following command to create a PVC.
                                                                                                                                              kubectl create -f pvc-evs-auto-example.yaml
                                                                                                                                              
-
                                                                                                                                              After the command is executed, an EVS disk is created in the partition where the cluster is located. Choose Storage > EVS to view the EVS disk. Alternatively, you can view the EVS disk based on the volume name on the EVS console.
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0313.html b/docs/cce/umn/cce_10_0313.html
deleted file mode 100644
index d6217c8b8..000000000
--- a/docs/cce/umn/cce_10_0313.html
+++ /dev/null
@@ -1,539 +0,0 @@
-
-
-
                                                                                                                                            (kubectl) Creating a PV from an Existing EVS Disk
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            The following configuration example applies to clusters of Kubernetes 1.13 or earlier.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Procedure
                                                                                                                                            1. Log in to the EVS console, create an EVS disk, and record the volume ID, capacity, and disk type of the EVS disk.
                                                                                                                                            2. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                            3. Create two YAML files for creating the PersistentVolume (PV) and PersistentVolumeClaim (PVC). Assume that the file names are pv-evs-example.yaml and pvc-evs-example.yaml.
                                                                                                                                              touch pv-evs-example.yaml pvc-evs-example.yaml
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Kubernetes Cluster Version
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              YAML Example
                                                                                                                                              
-
                                                                                                                                              1.11.7 ≤ K8s version ≤ 1.13
                                                                                                                                              
-
                                                                                                                                              Clusters from v1.11.7 to v1.13
                                                                                                                                              
-
                                                                                                                                              Example YAML
                                                                                                                                              
-
                                                                                                                                              1.11 ≤ K8s version < 1.11.7
                                                                                                                                              
-
                                                                                                                                              Clusters from v1.11 to v1.11.7
                                                                                                                                              
-
                                                                                                                                              Example YAML
                                                                                                                                              
-
                                                                                                                                              K8s version = 1.9
                                                                                                                                              
-
                                                                                                                                              Clusters of v1.9
                                                                                                                                              
-
                                                                                                                                              Example YAML
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Clusters from v1.11.7 to v1.13
                                                                                                                                              
-
                                                                                                                                              • Example YAML file for the PV:
                                                                                                                                                apiVersion: v1 
-kind: PersistentVolume 
-metadata: 
-  labels: 
-    failure-domain.beta.kubernetes.io/region: eu-de
-    failure-domain.beta.kubernetes.io/zone:  eu-de-01
-  annotations:
-    pv.kubernetes.io/provisioned-by: flexvolume-huawei.com/fuxivol
-  name: pv-evs-example 
-spec: 
-  accessModes: 
-  - ReadWriteOnce 
-  capacity: 
-    storage: 10Gi 
-  claimRef:
-    apiVersion: v1
-    kind: PersistentVolumeClaim
-    name: pvc-evs-example
-    namespace: default
-  flexVolume: 
-    driver: huawei.com/fuxivol 
-    fsType: ext4 
-    options:
-      disk-mode: SCSI
-      fsType: ext4 
-      volumeID: 0992dbda-6340-470e-a74e-4f0db288ed82 
-  persistentVolumeReclaimPolicy: Delete 
-  storageClassName: sas
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 1 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                failure-domain.beta.kubernetes.io/region
                                                                                                                                                
-
                                                                                                                                                Region where the cluster is located.
                                                                                                                                                
-
                                                                                                                                                failure-domain.beta.kubernetes.io/zone
                                                                                                                                                
-
                                                                                                                                                AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                EVS volume capacity in the unit of Gi.
                                                                                                                                                
-
                                                                                                                                                storageClassName
                                                                                                                                                
-
                                                                                                                                                EVS disk type. Supported values: Common I/O (SATA), High I/O (SAS), and Ultra-high I/O (SSD)
                                                                                                                                                
-
                                                                                                                                                driver
                                                                                                                                                
-
                                                                                                                                                Storage driver.
                                                                                                                                                
-
                                                                                                                                                For EVS disks, set this parameter to huawei.com/fuxivol.
                                                                                                                                                
-
                                                                                                                                                volumeID
                                                                                                                                                
-
                                                                                                                                                Volume ID of the EVS disk.
                                                                                                                                                
-
                                                                                                                                                To obtain the volume ID, log in to the CCE console, choose Resource Management > Storage, click the PVC name in the EVS tab page, and copy the PVC ID on the PVC details page.
                                                                                                                                                
-
                                                                                                                                                disk-mode
                                                                                                                                                
-
                                                                                                                                                Device type of the EVS disk. The value is VBD or SCSI.
                                                                                                                                                
-
                                                                                                                                                For CCE clusters earlier than v1.11.7, you do not need to set this field. The value defaults to VBD.
                                                                                                                                                
-
                                                                                                                                                This field is mandatory for CCE clusters from v1.11.7 to v1.13 that use Linux x86. As the EVS volumes dynamically provisioned by a PVC are created from SCSI EVS disks, you are advised to choose SCSI when manually creating volumes (static PVs). Volumes in the VBD mode can still be used after cluster upgrades.
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.apiVersion
                                                                                                                                                
-
                                                                                                                                                The value is fixed at v1.
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.kind
                                                                                                                                                
-
                                                                                                                                                The value is fixed at PersistentVolumeClaim.
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.name
                                                                                                                                                
-
                                                                                                                                                PVC name. The value is the same as the name of the PVC created in the next step.
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.namespace
                                                                                                                                                
-
                                                                                                                                                Namespace of the PVC. The value is the same as the namespace of the PVC created in the next step.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              • Example YAML file for the PVC:
                                                                                                                                                apiVersion: v1  
-kind: PersistentVolumeClaim  
-metadata:  
-  annotations:  
-    volume.beta.kubernetes.io/storage-class: sas
-    volume.beta.kubernetes.io/storage-provisioner: flexvolume-huawei.com/fuxivol 
-  labels: 
-    failure-domain.beta.kubernetes.io/region: eu-de
-    failure-domain.beta.kubernetes.io/zone: eu-de-01     
-  name: pvc-evs-example 
-  namespace: default  
-spec:  
-  accessModes:  
-  - ReadWriteOnce  
-  resources:  
-    requests:  
-      storage: 10Gi
-  volumeName: pv-evs-example
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 2 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-class
                                                                                                                                                
-
                                                                                                                                                Storage class, which must be the same as that of the existing PV.
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-provisioner
                                                                                                                                                
-
                                                                                                                                                The field must be set to flexvolume-huawei.com/fuxivol.
                                                                                                                                                
-
                                                                                                                                                failure-domain.beta.kubernetes.io/region
                                                                                                                                                
-
                                                                                                                                                Region where the cluster is located.
                                                                                                                                                
-
                                                                                                                                                failure-domain.beta.kubernetes.io/zone
                                                                                                                                                
-
                                                                                                                                                AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                Requested capacity in the PVC, in Gi.
                                                                                                                                                
-
                                                                                                                                                The value must be the same as the storage size of the existing PV.
                                                                                                                                                
-
                                                                                                                                                volumeName
                                                                                                                                                
-
                                                                                                                                                Name of the PV.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              
-
                                                                                                                                              Clusters from v1.11 to v1.11.7
                                                                                                                                              
-
                                                                                                                                              • Example YAML file for the PV:
                                                                                                                                                apiVersion: v1 
-kind: PersistentVolume 
-metadata: 
-  labels: 
-    failure-domain.beta.kubernetes.io/region: eu-de
-    failure-domain.beta.kubernetes.io/zone:  
-  name: pv-evs-example 
-spec: 
-  accessModes: 
-  - ReadWriteOnce
-  capacity: 
-    storage: 10Gi 
-  flexVolume: 
-    driver: huawei.com/fuxivol 
-    fsType: ext4 
-    options:
-      fsType: ext4 
-      volumeID: 0992dbda-6340-470e-a74e-4f0db288ed82 
-  persistentVolumeReclaimPolicy: Delete 
-  storageClassName: sas
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 3 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                failure-domain.beta.kubernetes.io/region
                                                                                                                                                
-
                                                                                                                                                Region where the cluster is located.
                                                                                                                                                
-
                                                                                                                                                failure-domain.beta.kubernetes.io/zone
                                                                                                                                                
-
                                                                                                                                                AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                EVS volume capacity in the unit of Gi.
                                                                                                                                                
-
                                                                                                                                                storageClassName
                                                                                                                                                
-
                                                                                                                                                EVS disk type. Supported values: Common I/O (SATA), High I/O (SAS), and Ultra-high I/O (SSD)
                                                                                                                                                
-
                                                                                                                                                driver
                                                                                                                                                
-
                                                                                                                                                Storage driver.
                                                                                                                                                
-
                                                                                                                                                For EVS disks, set this parameter to huawei.com/fuxivol.
                                                                                                                                                
-
                                                                                                                                                volumeID
                                                                                                                                                
-
                                                                                                                                                Volume ID of the EVS disk.
                                                                                                                                                
-
                                                                                                                                                To obtain the volume ID, log in to the CCE console, choose Resource Management > Storage, click the PVC name in the EVS tab page, and copy the PVC ID on the PVC details page.
                                                                                                                                                
-
                                                                                                                                                disk-mode
                                                                                                                                                
-
                                                                                                                                                Device type of the EVS disk. The value is VBD or SCSI.
                                                                                                                                                
-
                                                                                                                                                For CCE clusters earlier than v1.11.7, you do not need to set this field. The default value is VBD.
                                                                                                                                                
-
                                                                                                                                                This field is mandatory for CCE clusters from v1.11.7 to v1.13 that use Linux x86. As the EVS volumes dynamically provisioned by a PVC are created from SCSI EVS disks, you are advised to choose SCSI when manually creating volumes (static PVs). Volumes in the VBD mode can still be used after cluster upgrades.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              • Example YAML file for the PVC:
                                                                                                                                                apiVersion: v1  
-kind: PersistentVolumeClaim  
-metadata:  
-  annotations:  
-    volume.beta.kubernetes.io/storage-class: sas
-    volume.beta.kubernetes.io/storage-provisioner: flexvolume-huawei.com/fuxivol 
-  labels: 
-    failure-domain.beta.kubernetes.io/region: eu-de
-    failure-domain.beta.kubernetes.io/zone: eu-de-01     
-  name: pvc-evs-example 
-  namespace: default  
-spec:  
-  accessModes:  
-  - ReadWriteOnce
-  resources:  
-    requests:  
-      storage: 10Gi
-  volumeName: pv-evs-example
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 4 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-class
                                                                                                                                                
-
                                                                                                                                                Storage class. The value can be sas or ssd. The value must be the same as that of the existing PV.
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-provisioner
                                                                                                                                                
-
                                                                                                                                                The field must be set to flexvolume-huawei.com/fuxivol.
                                                                                                                                                
-
                                                                                                                                                failure-domain.beta.kubernetes.io/region
                                                                                                                                                
-
                                                                                                                                                Region where the cluster is located.
                                                                                                                                                
-
                                                                                                                                                failure-domain.beta.kubernetes.io/zone
                                                                                                                                                
-
                                                                                                                                                AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                Requested capacity in the PVC, in Gi.
                                                                                                                                                
-
                                                                                                                                                The value must be the same as the storage size of the existing PV.
                                                                                                                                                
-
                                                                                                                                                volumeName
                                                                                                                                                
-
                                                                                                                                                Name of the PV.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              
-
                                                                                                                                              Clusters of v1.9
                                                                                                                                              
-
                                                                                                                                              • Example YAML file for the PV:
                                                                                                                                                apiVersion: v1 
-kind: PersistentVolume 
-metadata: 
-  labels: 
-    failure-domain.beta.kubernetes.io/region: eu-de
-    failure-domain.beta.kubernetes.io/zone:  
-  name: pv-evs-example 
-  namespace: default 
-spec: 
-  accessModes: 
-  - ReadWriteOnce
-  capacity: 
-    storage: 10Gi 
-  flexVolume: 
-    driver: huawei.com/fuxivol 
-    fsType: ext4 
-    options: 
-      fsType: ext4 
-      kubernetes.io/namespace: default 
-      volumeID: 0992dbda-6340-470e-a74e-4f0db288ed82 
-  persistentVolumeReclaimPolicy: Delete 
-  storageClassName: sas
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 5 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                failure-domain.beta.kubernetes.io/region
                                                                                                                                                
-
                                                                                                                                                Region where the cluster is located.
                                                                                                                                                
-
                                                                                                                                                failure-domain.beta.kubernetes.io/zone
                                                                                                                                                
-
                                                                                                                                                AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                EVS volume capacity in the unit of Gi.
                                                                                                                                                
-
                                                                                                                                                storageClassName
                                                                                                                                                
-
                                                                                                                                                EVS disk type. Supported values: Common I/O (SATA), High I/O (SAS), and Ultra-high I/O (SSD)
                                                                                                                                                
-
                                                                                                                                                driver
                                                                                                                                                
-
                                                                                                                                                Storage driver.
                                                                                                                                                
-
                                                                                                                                                For EVS disks, set this parameter to huawei.com/fuxivol.
                                                                                                                                                
-
                                                                                                                                                volumeID
                                                                                                                                                
-
                                                                                                                                                Volume ID of the EVS disk.
                                                                                                                                                
-
                                                                                                                                                To obtain the volume ID, log in to the CCE console, choose Resource Management > Storage, click the PVC name in the EVS tab page, and copy the PVC ID on the PVC details page.
                                                                                                                                                
-
                                                                                                                                                disk-mode
                                                                                                                                                
-
                                                                                                                                                Device type of the EVS disk. The value is VBD or SCSI.
                                                                                                                                                
-
                                                                                                                                                For CCE clusters earlier than v1.11.7, you do not need to set this field. The default value is VBD.
                                                                                                                                                
-
                                                                                                                                                This field is mandatory for CCE clusters from v1.11.7 to v1.13 that use Linux x86. As the EVS volumes dynamically provisioned by a PVC are created from SCSI EVS disks, you are advised to choose SCSI when manually creating volumes (static PVs). Volumes in the VBD mode can still be used after cluster upgrades.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              • Example YAML file for the PVC:
                                                                                                                                                apiVersion: v1  
-kind: PersistentVolumeClaim  
-metadata:  
-  annotations:  
-    volume.beta.kubernetes.io/storage-class: sas
-    volume.beta.kubernetes.io/storage-provisioner: flexvolume-huawei.com/fuxivol 
-  labels: 
-    failure-domain.beta.kubernetes.io/region: eu-de
-    failure-domain.beta.kubernetes.io/zone: 
-  name: pvc-evs-example 
-  namespace: default  
-spec:  
-  accessModes:  
-  - ReadWriteOnce 
-  resources:  
-    requests:  
-      storage: 10Gi
-  volumeName: pv-evs-example
-  volumeNamespace: default
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 6 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-class
                                                                                                                                                
-
                                                                                                                                                Storage class, which must be the same as that of the existing PV.
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-provisioner
                                                                                                                                                
-
                                                                                                                                                The field must be set to flexvolume-huawei.com/fuxivol.
                                                                                                                                                
-
                                                                                                                                                failure-domain.beta.kubernetes.io/region
                                                                                                                                                
-
                                                                                                                                                Region where the cluster is located.
                                                                                                                                                
-
                                                                                                                                                failure-domain.beta.kubernetes.io/zone
                                                                                                                                                
-
                                                                                                                                                AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                Requested capacity in the PVC, in Gi.
                                                                                                                                                
-
                                                                                                                                                The value must be the same as the storage size of the existing PV.
                                                                                                                                                
-
                                                                                                                                                volumeName
                                                                                                                                                
-
                                                                                                                                                Name of the PV.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              
-
                                                                                                                                            4. Create the PV.
                                                                                                                                              kubectl create -f pv-evs-example.yaml
                                                                                                                                              
-
                                                                                                                                            5. Create the PVC.
                                                                                                                                              kubectl create -f pvc-evs-example.yaml
                                                                                                                                              
-
                                                                                                                                              After the operation is successful, choose Resource Management > Storage to view the created PVC. You can also view the EVS disk by name on the EVS console.
                                                                                                                                              
-
                                                                                                                                            6. (Optional) Add the metadata associated with the cluster to ensure that the EVS disk associated with the mounted static PV is not deleted when the node or cluster is deleted.
                                                                                                                                               
                                                                                                                                              If you skip this step in this example or when creating a static PV or PVC, ensure that the EVS disk associated with the static PV has been unbound from the node before you delete the node.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              1. Obtain the tenant token. For details, see Obtaining a User Token.
                                                                                                                                              2. Obtain the EVS access address EVS_ENDPOINT. For details, see Regions and Endpoints.
                                                                                                                                                
-
                                                                                                                                              3. Add the metadata associated with the cluster to the EVS disk backing the static PV.
                                                                                                                                                curl -X POST ${EVS_ENDPOINT}/v2/${project_id}/volumes/${volume_id}/metadata --insecure \
-    -d '{"metadata":{"cluster_id": "${cluster_id}", "namespace": "${pvc_namespace}"}}' \
-    -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8' \
-    -H 'X-Auth-Token:${TOKEN}'
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 7 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                EVS_ENDPOINT
                                                                                                                                                
-
                                                                                                                                                EVS access address. Set this parameter to the value obtained in 6.b.
                                                                                                                                                
-
                                                                                                                                                project_id
                                                                                                                                                
-
                                                                                                                                                Project ID.
                                                                                                                                                
-
                                                                                                                                                volume_id
                                                                                                                                                
-
                                                                                                                                                ID of the associated EVS disk. Set this parameter to volume_id of the static PV to be created. You can also log in to the EVS console, click the name of the EVS disk to be imported, and obtain the ID from Summary on the disk details page.
                                                                                                                                                
-
                                                                                                                                                cluster_id
                                                                                                                                                
-
                                                                                                                                                ID of the cluster where the EVS PV is to be created. On the CCE console, choose Resource Management > Clusters. Click the name of the cluster to be associated. On the cluster details page, obtain the cluster ID.
                                                                                                                                                
-
                                                                                                                                                pvc_namespace
                                                                                                                                                
-
                                                                                                                                                Namespace where the PVC is to be bound.
                                                                                                                                                
-
                                                                                                                                                TOKEN
                                                                                                                                                
-
                                                                                                                                                User token. Set this parameter to the value obtained in 6.a.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                For example, run the following commands:
                                                                                                                                                
-
                                                                                                                                                curl -X POST https://evs.eu-de.otc.t-systems.com:443/v2/060576866680d5762f52c0150e726aa7/volumes/69c9619d-174c-4c41-837e-31b892604e14/metadata --insecure \
-    -d '{"metadata":{"cluster_id": "71e8277e-80c7-11ea-925c-0255ac100442", "namespace": "default"}}' \
-    -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8' \
-    -H 'X-Auth-Token:MIIPe******IsIm1ldG
                                                                                                                                                
-
                                                                                                                                                After the request is executed, run the following commands to check whether the EVS disk has been associated with the metadata of the cluster:
                                                                                                                                                
-
                                                                                                                                                curl -X GET ${EVS_ENDPOINT}/v2/${project_id}/volumes/${volume_id}/metadata --insecure \
-    -H 'X-Auth-Token:${TOKEN}'
                                                                                                                                                
-
                                                                                                                                                For example, run the following commands:
                                                                                                                                                
-
                                                                                                                                                curl -X GET https://evs.eu-de.otc.t-systems.com/v2/060576866680d5762f52c0150e726aa7/volumes/69c9619d-174c-4c41-837e-31b892604e14/metadata --insecure \
-    -H 'X-Auth-Token:MIIPeAYJ***9t1c31ASaQ=='
                                                                                                                                                
-
                                                                                                                                                The command output displays the current metadata of the EVS disk.
                                                                                                                                                
-
                                                                                                                                                {
-    "metadata": {
-        "namespace": "default",
-        "cluster_id": "71e8277e-80c7-11ea-925c-0255ac100442",
-        "hw:passthrough": "true"
-    }
-}
                                                                                                                                                
-
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0314.html b/docs/cce/umn/cce_10_0314.html
deleted file mode 100644
index a1bec27a2..000000000
--- a/docs/cce/umn/cce_10_0314.html
+++ /dev/null
@@ -1,174 +0,0 @@
-
-
-
                                                                                                                                            (kubectl) Creating a Pod Mounted with an EVS Volume
                                                                                                                                            
-
                                                                                                                                            Scenario
                                                                                                                                            After an EVS volume is created or imported to CCE, you can mount it to a workload.
                                                                                                                                            
-
                                                                                                                                             
                                                                                                                                            EVS disks cannot be attached across AZs. Before mounting a volume, you can run the kubectl get pvc command to query the available PVCs in the AZ where the current cluster is located.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            The following configuration example applies to clusters of Kubernetes 1.13 or earlier.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Procedure
                                                                                                                                            1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                            2. Run the following commands to configure the evs-deployment-example.yaml file, which is used to create a Deployment.
                                                                                                                                              touch evs-deployment-example.yaml
                                                                                                                                              
-
                                                                                                                                              vi evs-deployment-example.yaml
                                                                                                                                              
-
                                                                                                                                              Example of mounting an EVS volume to a Deployment (PVC-based, shared volume):
                                                                                                                                              apiVersion: apps/v1 
-kind: Deployment 
-metadata: 
-  name: evs-deployment-example 
-  namespace: default 
-spec: 
-  replicas: 1 
-  selector: 
-    matchLabels: 
-      app: evs-deployment-example 
-  template: 
-    metadata: 
-      labels: 
-        app: evs-deployment-example 
-    spec: 
-      containers: 
-      - image: nginx
-        name: container-0 
-        volumeMounts: 
-        - mountPath: /tmp 
-          name: pvc-evs-example 
-      imagePullSecrets:
-        - name: default-secret
-      restartPolicy: Always 
-      volumes: 
-      - name: pvc-evs-example 
-        persistentVolumeClaim: 
-          claimName: pvc-evs-auto-example
                                                                                                                                              
-
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 1 Key parameters
                                                                                                                                              Parent Parameter
                                                                                                                                              
-
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              spec.template.spec.containers.volumeMounts
                                                                                                                                              
-
                                                                                                                                              name
                                                                                                                                              
-
                                                                                                                                              Name of the volume mounted to the container.
                                                                                                                                              
-
                                                                                                                                              spec.template.spec.containers.volumeMounts
                                                                                                                                              
-
                                                                                                                                              mountPath
                                                                                                                                              
-
                                                                                                                                              Mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                              
-
                                                                                                                                              spec.template.spec.volumes
                                                                                                                                              
-
                                                                                                                                              name
                                                                                                                                              
-
                                                                                                                                              Name of the volume.
                                                                                                                                              
-
                                                                                                                                              spec.template.spec.volumes.persistentVolumeClaim
                                                                                                                                              
-
                                                                                                                                              claimName
                                                                                                                                              
-
                                                                                                                                              Name of an existing PVC.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                               
                                                                                                                                              spec.template.spec.containers.volumeMounts.name and spec.template.spec.volumes.name must be consistent because they have a mapping relationship.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Mounting an EVS volume to a StatefulSet (PVC template-based, non-shared volume):
                                                                                                                                              
-
                                                                                                                                              Example YAML:
                                                                                                                                              apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: deploy-evs-sas-in
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: deploy-evs-sata-in
-  template:
-    metadata:
-      labels:
-        app: deploy-evs-sata-in
-        failure-domain.beta.kubernetes.io/region: eu-de
-        failure-domain.beta.kubernetes.io/zone: eu-de-01
-    spec:
-      containers:
-        - name: container-0
-          image: 'nginx:1.12-alpine-perl'
-          volumeMounts:
-            - name: bs-sas-mountoptionpvc
-              mountPath: /tmp
-      imagePullSecrets:
-        - name: default-secret
-  volumeClaimTemplates:
-    - metadata:
-        name: bs-sas-mountoptionpvc
-        annotations:
-          volume.beta.kubernetes.io/storage-class: sas
-          volume.beta.kubernetes.io/storage-provisioner: flexvolume-huawei.com/fuxivol
-      spec:
-        accessModes:
-          - ReadWriteOnce
-        resources:
-          requests:
-            storage: 10Gi
-  serviceName: wwww
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 2 Key parameters
                                                                                                                                              Parent Parameter
                                                                                                                                              
-
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              metadata
                                                                                                                                              
-
                                                                                                                                              name
                                                                                                                                              
-
                                                                                                                                              Name of the created workload.
                                                                                                                                              
-
                                                                                                                                              spec.template.spec.containers
                                                                                                                                              
-
                                                                                                                                              image
                                                                                                                                              
-
                                                                                                                                              Image of the workload.
                                                                                                                                              
-
                                                                                                                                              spec.template.spec.containers.volumeMount
                                                                                                                                              
-
                                                                                                                                              mountPath
                                                                                                                                              
-
                                                                                                                                              Mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                              
-
                                                                                                                                              spec
                                                                                                                                              
-
                                                                                                                                              serviceName
                                                                                                                                              
-
                                                                                                                                              Service corresponding to the workload. For details about how to create a Service, see Creating a StatefulSet.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                               
                                                                                                                                              spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name must be consistent because they have a mapping relationship.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            3. Run the following command to create the pod:
                                                                                                                                              kubectl create -f evs-deployment-example.yaml
                                                                                                                                              
-
                                                                                                                                              After the creation is complete, log in to the CCE console. In the navigation pane, choose Resource Management > Storage > EVS. Then, click the PVC name. On the PVC details page, you can view the binding relationship between the EVS volume and the PVC.
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0315.html b/docs/cce/umn/cce_10_0315.html
deleted file mode 100644
index 614816237..000000000
--- a/docs/cce/umn/cce_10_0315.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
-
-
                                                                                                                                            Using SFS File Systems as Storage Volumes
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0316.html b/docs/cce/umn/cce_10_0316.html
deleted file mode 100644
index c4259a8b1..000000000
--- a/docs/cce/umn/cce_10_0316.html
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
-
                                                                                                                                            Overview
                                                                                                                                            
-
                                                                                                                                            CCE allows you to mount a volume created from a Scalable File Service (SFS) file system to a container to store data persistently. SFS volumes are commonly used in ReadWriteMany scenarios, such as media processing, content management, big data analysis, and workload process analysis.
                                                                                                                                            
-
                                                                                                                                            Figure 1 Mounting SFS volumes to CCE
                                                                                                                                            
-
                                                                                                                                            Description
                                                                                                                                            • Standard file protocols: You can mount file systems as volumes to servers, the same as using local directories.
                                                                                                                                            • Data sharing: The same file system can be mounted to multiple servers, so that data can be shared.
                                                                                                                                            • Private network: User can access data only in private networks of data centers.
                                                                                                                                            • Capacity and performance: The capacity of a single file system is high (PB level) and the performance is excellent (ms-level read/write I/O latency).
                                                                                                                                            • Use cases: Deployments/StatefulSets in the ReadWriteMany mode and jobs created for high-performance computing (HPC), media processing, content management, web services, big data analysis, and workload process analysis
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0318.html b/docs/cce/umn/cce_10_0318.html
deleted file mode 100644
index 1a9ba0f36..000000000
--- a/docs/cce/umn/cce_10_0318.html
+++ /dev/null
@@ -1,62 +0,0 @@
-
-
-
                                                                                                                                            (kubectl) Automatically Creating an SFS Volume
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            The following configuration example applies to clusters of Kubernetes 1.13 or earlier.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Procedure
                                                                                                                                            1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                            2. Run the following commands to configure the pvc-sfs-auto-example.yaml file, which is used to create a PVC.
                                                                                                                                              touch pvc-sfs-auto-example.yaml
                                                                                                                                              
-
                                                                                                                                              vi pvc-sfs-auto-example.yaml
                                                                                                                                              
-
                                                                                                                                              Example YAML file:
                                                                                                                                              apiVersion: v1 
-kind: PersistentVolumeClaim 
-metadata: 
-  annotations: 
-    volume.beta.kubernetes.io/storage-class: nfs-rw
-  name: pvc-sfs-auto-example 
-  namespace: default 
-spec: 
-  accessModes: 
-  - ReadWriteMany 
-  resources: 
-    requests: 
-      storage: 10Gi
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 1 Key parameters
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              volume.beta.kubernetes.io/storage-class
                                                                                                                                              
-
                                                                                                                                              File storage class. Currently, the standard file protocol type (nfs-rw) is supported.
                                                                                                                                              
-
                                                                                                                                              name
                                                                                                                                              
-
                                                                                                                                              Name of the PVC to be created.
                                                                                                                                              
-
                                                                                                                                              accessModes
                                                                                                                                              
-
                                                                                                                                              Only ReadWriteMany is supported. ReadWriteOnly is not supported.
                                                                                                                                              
-
                                                                                                                                              storage
                                                                                                                                              
-
                                                                                                                                              Storage capacity in the unit of Gi.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            3. Run the following command to create a PVC:
                                                                                                                                              kubectl create -f pvc-sfs-auto-example.yaml
                                                                                                                                              
-
                                                                                                                                              After the command is executed, a file system is created in the VPC to which the cluster belongs. Choose Storage > SFS on the CCE console or log in to the SFS console to view the file system.
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0319.html b/docs/cce/umn/cce_10_0319.html
deleted file mode 100644
index b5c75a50d..000000000
--- a/docs/cce/umn/cce_10_0319.html
+++ /dev/null
@@ -1,279 +0,0 @@
-
-
-
                                                                                                                                            (kubectl) Creating a PV from an Existing SFS File System
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            The following configuration example applies to clusters of Kubernetes 1.13 or earlier.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Procedure
                                                                                                                                            1. Log in to the SFS console, create a file system, and record the file system ID, shared path, and capacity.
                                                                                                                                            2. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                            3. Create two YAML files for creating the PV and PVC. Assume that the file names are pv-sfs-example.yaml and pvc-sfs-example.yaml.
                                                                                                                                              touch pv-sfs-example.yaml pvc-sfs-example.yaml
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Kubernetes Cluster Version
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              YAML Example
                                                                                                                                              
-
                                                                                                                                              1.11 ≤ K8s version < 1.13
                                                                                                                                              
-
                                                                                                                                              Clusters from v1.11 to v1.13
                                                                                                                                              
-
                                                                                                                                              Example YAML
                                                                                                                                              
-
                                                                                                                                              K8s version = 1.9
                                                                                                                                              
-
                                                                                                                                              Clusters of v1.9
                                                                                                                                              
-
                                                                                                                                              Example YAML
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Clusters from v1.11 to v1.13
                                                                                                                                              
-
                                                                                                                                              • Example YAML file for the PV:
                                                                                                                                                apiVersion: v1 
-kind: PersistentVolume 
-metadata: 
-  name: pv-sfs-example 
-  annotations:
-    pv.kubernetes.io/provisioned-by: flexvolume-huawei.com/fuxinfs
-spec: 
-  accessModes: 
-  - ReadWriteMany 
-  capacity: 
-    storage: 10Gi 
-  claimRef:
-    apiVersion: v1
-    kind: PersistentVolumeClaim
-    name: pvc-sfs-example
-    namespace: default
-  flexVolume: 
-    driver: huawei.com/fuxinfs 
-    fsType: nfs 
-    options: 
-      deviceMountPath: <your_deviceMountPath>  # Shared storage path of your file.
-      fsType: nfs 
-      volumeID: f6976f9e-2493-419b-97ca-d7816008d91c 
-  persistentVolumeReclaimPolicy: Delete 
-  storageClassName: nfs-rw
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 1 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                driver
                                                                                                                                                
-
                                                                                                                                                Storage driver used to mount the volume. Set the driver to huawei.com/fuxinfs for the file system.
                                                                                                                                                
-
                                                                                                                                                deviceMountPath
                                                                                                                                                
-
                                                                                                                                                Shared path of the file system.
                                                                                                                                                
-
                                                                                                                                                On the management console, choose Service List > Storage > Scalable File Service. You can obtain the shared path of the file system from the Mount Address column.
                                                                                                                                                
-
                                                                                                                                                volumeID
                                                                                                                                                
-
                                                                                                                                                File system ID.
                                                                                                                                                
-
                                                                                                                                                To obtain the ID, log in to the CCE console, choose Resource Management > Storage, click the PVC name in the SFS tab page, and copy the PVC ID on the PVC details page.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                File system size.
                                                                                                                                                
-
                                                                                                                                                storageClassName
                                                                                                                                                
-
                                                                                                                                                Read/write mode supported by the file system. Currently, nfs-rw and nfs-ro are supported.
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.apiVersion
                                                                                                                                                
-
                                                                                                                                                The value is fixed at v1.
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.kind
                                                                                                                                                
-
                                                                                                                                                The value is fixed at PersistentVolumeClaim.
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.name
                                                                                                                                                
-
                                                                                                                                                The value is the same as the name of the PVC created in the next step.
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.namespace
                                                                                                                                                
-
                                                                                                                                                Namespace of the PVC. The value is the same as the namespace of the PVC created in the next step.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              • Example YAML file for the PVC:
                                                                                                                                                apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  annotations:
-    volume.beta.kubernetes.io/storage-class: nfs-rw
-    volume.beta.kubernetes.io/storage-provisioner: flexvolume-huawei.com/fuxinfs
-  name: pvc-sfs-example
-  namespace: default
-spec:
-  accessModes:
-  - ReadWriteMany
-  resources:
-    requests:
-      storage: 10Gi
-  volumeName: pv-sfs-example
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 2 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-class
                                                                                                                                                
-
                                                                                                                                                Read/write mode supported by the file system. nfs-rw and nfs-ro are supported. The value must be the same as that of the existing PV.
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-provisioner
                                                                                                                                                
-
                                                                                                                                                Must be set to flexvolume-huawei.com/fuxinfs.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                Storage capacity, in the unit of Gi. The value must be the same as the storage size of the existing PV.
                                                                                                                                                
-
                                                                                                                                                volumeName
                                                                                                                                                
-
                                                                                                                                                Name of the PV.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              
-
                                                                                                                                              Clusters of v1.9
                                                                                                                                              
-
                                                                                                                                              • Example YAML file for the PV:
                                                                                                                                                apiVersion: v1 
-kind: PersistentVolume 
-metadata: 
-  name: pv-sfs-example 
-  namespace: default 
-spec: 
-  accessModes: 
-  - ReadWriteMany 
-  capacity: 
-    storage: 10Gi 
-  flexVolume: 
-    driver: huawei.com/fuxinfs 
-    fsType: nfs 
-    options: 
-      deviceMountPath: <your_deviceMountPath>  # Shared storage path of your file.
-      fsType: nfs 
-      kubernetes.io/namespace: default 
-      volumeID: f6976f9e-2493-419b-97ca-d7816008d91c 
-  persistentVolumeReclaimPolicy: Delete 
-  storageClassName: nfs-rw
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 3 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                driver
                                                                                                                                                
-
                                                                                                                                                Storage driver used to mount the volume. Set the driver to huawei.com/fuxinfs for the file system.
                                                                                                                                                
-
                                                                                                                                                deviceMountPath
                                                                                                                                                
-
                                                                                                                                                Shared path of the file system.
                                                                                                                                                
-
                                                                                                                                                On the management console, choose Service List > Storage > Scalable File Service. You can obtain the shared path of the file system from the Mount Address column.
                                                                                                                                                
-
                                                                                                                                                volumeID
                                                                                                                                                
-
                                                                                                                                                File system ID.
                                                                                                                                                
-
                                                                                                                                                To obtain the ID, log in to the CCE console, choose Resource Management > Storage, click the PVC name in the SFS tab page, and copy the PVC ID on the PVC details page.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                File system size.
                                                                                                                                                
-
                                                                                                                                                storageClassName
                                                                                                                                                
-
                                                                                                                                                Read/write mode supported by the file system. Currently, nfs-rw and nfs-ro are supported.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              • Example YAML file for the PVC:
                                                                                                                                                apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  annotations:
-    volume.beta.kubernetes.io/storage-class: nfs-rw
-    volume.beta.kubernetes.io/storage-provisioner: flexvolume-huawei.com/fuxinfs
-  name: pvc-sfs-example
-  namespace: default
-spec:
-  accessModes:
-  - ReadWriteMany
-  resources:
-    requests:
-      storage: 10Gi
-  volumeName: pv-sfs-example
-  volumeNamespace: default
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 4 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-class
                                                                                                                                                
-
                                                                                                                                                Read/write mode supported by the file system. nfs-rw and nfs-ro are supported. The value must be the same as that of the existing PV.
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-provisioner
                                                                                                                                                
-
                                                                                                                                                The field must be set to flexvolume-huawei.com/fuxinfs.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                Storage capacity, in the unit of Gi. The value must be the same as the storage size of the existing PV.
                                                                                                                                                
-
                                                                                                                                                volumeName
                                                                                                                                                
-
                                                                                                                                                Name of the PV.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              
-
                                                                                                                                               
                                                                                                                                              The VPC to which the file system belongs must be the same as the VPC of the ECS VM to which the workload is planned.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            4. Create the PV.
                                                                                                                                              kubectl create -f pv-sfs-example.yaml
                                                                                                                                              
-
                                                                                                                                            5. Create the PVC.
                                                                                                                                              kubectl create -f pvc-sfs-example.yaml
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0320.html b/docs/cce/umn/cce_10_0320.html
deleted file mode 100644
index 68063f6e0..000000000
--- a/docs/cce/umn/cce_10_0320.html
+++ /dev/null
@@ -1,166 +0,0 @@
-
-
-
                                                                                                                                            (kubectl) Creating a Deployment Mounted with an SFS Volume
                                                                                                                                            
-
                                                                                                                                            Scenario
                                                                                                                                            After an SFS volume is created or imported to CCE, you can mount the volume to a workload.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            The following configuration example applies to clusters of Kubernetes 1.13 or earlier.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Procedure
                                                                                                                                            1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                            2. Run the following commands to configure the sfs-deployment-example.yaml file, which is used to create a pod.
                                                                                                                                              touch sfs-deployment-example.yaml
                                                                                                                                              
-
                                                                                                                                              vi sfs-deployment-example.yaml
                                                                                                                                              
-
                                                                                                                                              Example of mounting an SFS volume to a Deployment (PVC-based, shared volume):
                                                                                                                                              apiVersion: apps/v1 
-kind: Deployment 
-metadata: 
-  name: sfs-deployment-example                                # Workload name
-  namespace: default 
-spec: 
-  replicas: 1 
-  selector: 
-    matchLabels: 
-      app: sfs-deployment-example 
-  template: 
-    metadata: 
-      labels: 
-        app: sfs-deployment-example 
-    spec: 
-      containers: 
-      - image: nginx 
-        name: container-0 
-        volumeMounts: 
-        - mountPath: /tmp                                # Mount path 
-          name: pvc-sfs-example 
-      imagePullSecrets:
-        - name: default-secret
-      restartPolicy: Always 
-      volumes: 
-      - name: pvc-sfs-example 
-        persistentVolumeClaim: 
-          claimName: pvc-sfs-auto-example                # PVC name
                                                                                                                                              
-
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 1 Key parameters
                                                                                                                                              Parent Parameter
                                                                                                                                              
-
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              metadata
                                                                                                                                              
-
                                                                                                                                              name
                                                                                                                                              
-
                                                                                                                                              Name of the pod to be created.
                                                                                                                                              
-
                                                                                                                                              spec.template.spec.containers.volumeMounts
                                                                                                                                              
-
                                                                                                                                              mountPath
                                                                                                                                              
-
                                                                                                                                              Mount path in the container. In this example, the mount path is /tmp.
                                                                                                                                              
-
                                                                                                                                              spec.template.spec.volumes.persistentVolumeClaim
                                                                                                                                              
-
                                                                                                                                              claimName
                                                                                                                                              
-
                                                                                                                                              Name of an existing PVC.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                               
                                                                                                                                              spec.template.spec.containers.volumeMounts.name and spec.template.spec.volumes.name must be consistent because they have a mapping relationship.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Example of mounting an SFS volume to a StatefulSet (PVC template-based, dedicated volume):
                                                                                                                                              
-
                                                                                                                                              Example YAML:
                                                                                                                                              apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: deploy-sfs-nfs-rw-in
-  namespace: default
-  labels:
-    appgroup: ''
-spec:
-  replicas: 2
-  selector:
-    matchLabels:
-      app: deploy-sfs-nfs-rw-in
-  template:
-    metadata:
-      labels:
-        app: deploy-sfs-nfs-rw-in
-    spec:
-      containers:
-        - name: container-0
-          image: 'nginx:1.12-alpine-perl'
-          volumeMounts:
-            - name: bs-nfs-rw-mountoptionpvc
-              mountPath: /aaa
-      imagePullSecrets:
-        - name: default-secret
-  volumeClaimTemplates:
-    - metadata:
-        name: bs-nfs-rw-mountoptionpvc
-        annotations:
-          volume.beta.kubernetes.io/storage-class: nfs-rw
-          volume.beta.kubernetes.io/storage-provisioner: flexvolume-huawei.com/fuxinfs
-      spec:
-        accessModes:
-          - ReadWriteMany
-        resources:
-          requests:
-            storage: 1Gi
-  serviceName: wwww
                                                                                                                                              
-
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 2 Key parameters
                                                                                                                                              Parent Parameter
                                                                                                                                              
-
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              metadata
                                                                                                                                              
-
                                                                                                                                              name
                                                                                                                                              
-
                                                                                                                                              Name of the created workload.
                                                                                                                                              
-
                                                                                                                                              spec.template.spec.containers
                                                                                                                                              
-
                                                                                                                                              image
                                                                                                                                              
-
                                                                                                                                              Image of the workload.
                                                                                                                                              
-
                                                                                                                                              spec.template.spec.containers.volumeMount
                                                                                                                                              
-
                                                                                                                                              mountPath
                                                                                                                                              
-
                                                                                                                                              Mount path in the container. In this example, the mount path is /tmp.
                                                                                                                                              
-
                                                                                                                                              spec
                                                                                                                                              
-
                                                                                                                                              serviceName
                                                                                                                                              
-
                                                                                                                                              Service corresponding to the workload. For details about how to create a Service, see Creating a StatefulSet.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                               
                                                                                                                                              spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name must be consistent because they have a mapping relationship.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            3. Run the following command to create the pod:
                                                                                                                                              kubectl create -f sfs-deployment-example.yaml
                                                                                                                                              
-
                                                                                                                                              After the creation is complete, log in to the CCE console. In the navigation pane, choose Resource Management > Storage > SFS. Click the PVC name. On the PVC details page, you can view the binding relationship between SFS and PVC.
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0321.html b/docs/cce/umn/cce_10_0321.html
deleted file mode 100644
index 4ff7dd8cc..000000000
--- a/docs/cce/umn/cce_10_0321.html
+++ /dev/null
@@ -1,108 +0,0 @@
-
-
-
                                                                                                                                            (kubectl) Creating a StatefulSet Mounted with an SFS Volume
                                                                                                                                            
-
                                                                                                                                            Scenario
                                                                                                                                            CCE allows you to use an existing SFS volume to create a StatefulSet through a PersistentVolumeClaim (PVC).
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            The following configuration example applies to clusters of Kubernetes 1.13 or earlier.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Procedure
                                                                                                                                            1. Create an SFS volume by referring to (kubectl) Automatically Creating an SFS Volume and record the volume name.
                                                                                                                                            2. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                            3. Create a YAML file for creating the workload. Assume that the file name is sfs-statefulset-example.yaml.
                                                                                                                                              touch sfs-statefulset-example.yaml
                                                                                                                                              
-
                                                                                                                                              vi sfs-statefulset-example.yaml
                                                                                                                                              
-
                                                                                                                                              Example YAML:
                                                                                                                                              
-
                                                                                                                                              apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: sfs-statefulset-example
-  namespace: default
-spec:
-  replicas: 2
-  selector:
-    matchLabels:
-      app: sfs-statefulset-example
-  serviceName: qwqq
-  template:
-    metadata:
-      annotations:
-        metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"","path":"","port":"","names":""}]'
-        pod.alpha.kubernetes.io/initialized: "true"
-      labels:
-        app: sfs-statefulset-example
-    spec:
-      affinity: {}
-      containers:
-      - image: nginx:latest
-        name: container-0
-        volumeMounts:
-        - mountPath: /tmp
-          name: pvc-sfs-example
-      imagePullSecrets:
-      - name: default-secret
-      volumes:
-        - name: pvc-sfs-example
-          persistentVolumeClaim:
-            claimName: cce-sfs-demo
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 1 Key parameters
                                                                                                                                              Parent Parameter
                                                                                                                                              
-
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              spec
                                                                                                                                              
-
                                                                                                                                              replicas
                                                                                                                                              
-
                                                                                                                                              Number of pods.
                                                                                                                                              
-
                                                                                                                                              metadata
                                                                                                                                              
-
                                                                                                                                              name
                                                                                                                                              
-
                                                                                                                                              Name of the created workload.
                                                                                                                                              
-
                                                                                                                                              spec.template.spec.containers
                                                                                                                                              
-
                                                                                                                                              image
                                                                                                                                              
-
                                                                                                                                              Image used by the workload.
                                                                                                                                              
-
                                                                                                                                              spec.template.spec.containers.volumeMounts
                                                                                                                                              
-
                                                                                                                                              mountPath
                                                                                                                                              
-
                                                                                                                                              Mount path in the container.
                                                                                                                                              
-
                                                                                                                                              spec
                                                                                                                                              
-
                                                                                                                                              serviceName
                                                                                                                                              
-
                                                                                                                                              Service corresponding to the workload. For details about how to create a Service, see Creating a StatefulSet.
                                                                                                                                              
-
                                                                                                                                              spec.template.spec.volumes.persistentVolumeClaim
                                                                                                                                              
-
                                                                                                                                              claimName
                                                                                                                                              
-
                                                                                                                                              Name of an existing PVC.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                               
                                                                                                                                              spec.template.spec.containers.volumeMounts.name and spec.template.spec.volumes.name must be consistent because they have a mapping relationship.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            4. Create the StatefulSet.
                                                                                                                                              kubectl create -f  sfs-statefulset-example .yaml
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0322.html b/docs/cce/umn/cce_10_0322.html
deleted file mode 100644
index 2baca9461..000000000
--- a/docs/cce/umn/cce_10_0322.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
-
-
                                                                                                                                            Using OBS Buckets as Storage Volumes
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0323.html b/docs/cce/umn/cce_10_0323.html
deleted file mode 100644
index d5f71ee4a..000000000
--- a/docs/cce/umn/cce_10_0323.html
+++ /dev/null
@@ -1,19 +0,0 @@
-
-
-
                                                                                                                                            Overview
                                                                                                                                            
-
                                                                                                                                            CCE allows you to mount a volume created from an Object Storage Service (OBS) bucket to a container to store data persistently. Object storage is commonly used in cloud workloads, data analysis, content analysis, and hotspot objects.
                                                                                                                                            
-
                                                                                                                                            Figure 1 Mounting OBS volumes to CCE
                                                                                                                                            
-
                                                                                                                                            Storage Class
                                                                                                                                            Object storage offers three storage classes, Standard, Infrequent Access, and Archive, to satisfy different requirements for storage performance and costs.
                                                                                                                                            
-
                                                                                                                                            • The Standard storage class features low access latency and high throughput. It is therefore applicable to storing a large number of hot files (frequently accessed every month) or small files (less than 1 MB). The application scenarios include big data analytics, mobile apps, hot videos, and picture processing on social media.
                                                                                                                                            • The Infrequent Access storage class is ideal for storing data that is semi-frequently accessed (less than 12 times a year), with requirements for quick response. The application scenarios include file synchronization or sharing, and enterprise-level backup. It provides the same durability, access latency, and throughput as the Standard storage class but at a lower cost. However, the Infrequent Access storage class has lower availability than the Standard storage class.
                                                                                                                                            • The Archive storage class is suitable for archiving data that is rarely-accessed (averagely once a year). The application scenarios include data archiving and long-term data backup. The Archive storage class is secure and durable at an affordable low cost, which can be used to replace tape libraries. However, it may take hours to restore data from the Archive storage class.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Description
                                                                                                                                            • Standard APIs: With HTTP RESTful APIs, OBS allows you to use client tools or third-party tools to access object storage.
                                                                                                                                            • Data sharing: Servers, embedded devices, and IoT devices can use the same path to access shared object data in OBS.
                                                                                                                                            • Public/Private networks: OBS allows data to be accessed from public networks to meet Internet application requirements.
                                                                                                                                            • Capacity and performance: No capacity limit; high performance (read/write I/O latency within 10 ms).
                                                                                                                                            • Use cases: Deployments/StatefulSets in the ReadOnlyMany mode and jobs created for big data analysis, static website hosting, online video on demand (VoD), gene sequencing, intelligent video surveillance, backup and archiving, and enterprise cloud boxes (web disks). You can create object storage by using the OBS console, tools, and SDKs.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Reference
                                                                                                                                            CCE clusters can also be mounted with OBS buckets of third-party tenants, including OBS parallel file systems (preferred) and OBS object buckets.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0325.html b/docs/cce/umn/cce_10_0325.html
deleted file mode 100644
index 29e2c7b0f..000000000
--- a/docs/cce/umn/cce_10_0325.html
+++ /dev/null
@@ -1,64 +0,0 @@
-
-
-
                                                                                                                                            (kubectl) Automatically Creating an OBS Volume
                                                                                                                                            
-
                                                                                                                                            Scenario
                                                                                                                                            During the use of OBS, expected OBS buckets can be automatically created and mounted as volumes. Currently, standard and infrequent access OBS buckets are supported, which correspond to obs-standard and obs-standard-ia, respectively.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            The following configuration example applies to clusters of Kubernetes 1.13 or earlier.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Procedure
                                                                                                                                            1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                            2. Run the following commands to configure the pvc-obs-auto-example.yaml file, which is used to create a PVC.
                                                                                                                                              touch pvc-obs-auto-example.yaml
                                                                                                                                              
-
                                                                                                                                              vi pvc-obs-auto-example.yaml
                                                                                                                                              
-
                                                                                                                                              Example YAML:
                                                                                                                                              
-
                                                                                                                                              apiVersion: v1 
-kind: PersistentVolumeClaim 
-metadata: 
-  annotations: 
-    volume.beta.kubernetes.io/storage-class: obs-standard  # OBS bucket type. The value can be obs-standard (standard) or obs-standard-ia (infrequent access).
-  name: pvc-obs-auto-example  # PVC name
-  namespace: default 
-spec: 
-  accessModes: 
-  - ReadWriteMany 
-  resources: 
-    requests: 
-      storage: 1Gi   # Storage capacity in the unit of Gi. For OBS buckets, this parameter is used only for verification (fixed to 1, cannot be empty or 0). Any value you set does not take effect for OBS buckets.
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 1 Key parameters
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              volume.beta.kubernetes.io/storage-class
                                                                                                                                              
-
                                                                                                                                              Bucket type. Currently, obs-standard and obs-standard-ia are supported.
                                                                                                                                              
-
                                                                                                                                              name
                                                                                                                                              
-
                                                                                                                                              Name of the PVC to be created.
                                                                                                                                              
-
                                                                                                                                              accessModes
                                                                                                                                              
-
                                                                                                                                              Only ReadWriteMany is supported. ReadWriteOnly is not supported.
                                                                                                                                              
-
                                                                                                                                              storage
                                                                                                                                              
-
                                                                                                                                              Storage capacity in the unit of Gi. For OBS buckets, this field is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for OBS buckets. 
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            3. Run the following command to create a PVC:
                                                                                                                                              kubectl create -f pvc-obs-auto-example.yaml
                                                                                                                                              
-
                                                                                                                                              After the command is executed, an OBS bucket is created in the VPC to which the cluster belongs. You can click the bucket name in Storage > OBS to view the bucket or view it on the OBS console.
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0326.html b/docs/cce/umn/cce_10_0326.html
deleted file mode 100644
index f7f2bb7cc..000000000
--- a/docs/cce/umn/cce_10_0326.html
+++ /dev/null
@@ -1,289 +0,0 @@
-
-
-
                                                                                                                                            (kubectl) Creating a PV from an Existing OBS Bucket
                                                                                                                                            
-
                                                                                                                                            Scenario
                                                                                                                                            CCE allows you to use an existing OBS bucket to create a PersistentVolume (PV). You can create a PersistentVolumeClaim (PVC) and bind it to the PV.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            The following configuration example applies to clusters of Kubernetes 1.13 or earlier.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Procedure
                                                                                                                                            1. Log in to the OBS console, create an OBS bucket, and record the bucket name and storage class.
                                                                                                                                            2. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                            3. Create two YAML files for creating the PV and PVC. Assume that the file names are pv-obs-example.yaml and pvc-obs-example.yaml.
                                                                                                                                              touch pv-obs-example.yaml pvc-obs-example.yaml
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Kubernetes Cluster Version
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              YAML Example
                                                                                                                                              
-
                                                                                                                                              1.11 ≤ K8s version ≤ 1.13
                                                                                                                                              
-
                                                                                                                                              Clusters from v1.11 to v1.13
                                                                                                                                              
-
                                                                                                                                              Example YAML
                                                                                                                                              
-
                                                                                                                                              K8s version = 1.9
                                                                                                                                              
-
                                                                                                                                              Clusters of v1.9
                                                                                                                                              
-
                                                                                                                                              Example YAML
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Clusters from v1.11 to v1.13
                                                                                                                                              
-
                                                                                                                                              • Example YAML file for the PV:
                                                                                                                                                apiVersion: v1 
-kind: PersistentVolume 
-metadata: 
-  name: pv-obs-example 
-  annotations:
-    pv.kubernetes.io/provisioned-by: flexvolume-huawei.com/fuxiobs
-spec: 
-  accessModes: 
-  - ReadWriteMany 
-  capacity: 
-    storage: 1Gi 
-  claimRef:
-    apiVersion: v1
-    kind: PersistentVolumeClaim
-    name: pvc-obs-example
-    namespace: default
-  flexVolume: 
-    driver: huawei.com/fuxiobs 
-    fsType: obs 
-    options: 
-      fsType: obs 
-      region: eu-de
-      storage_class: STANDARD 
-      volumeID: test-obs 
-  persistentVolumeReclaimPolicy: Delete 
-  storageClassName: obs-standard
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 1 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                driver
                                                                                                                                                
-
                                                                                                                                                Storage driver used to mount the volume. Set the driver to huawei.com/fuxiobs for the OBS volume.
                                                                                                                                                
-
                                                                                                                                                storage_class
                                                                                                                                                
-
                                                                                                                                                Storage class, including STANDARD (standard bucket) and STANDARD_IA (infrequent access bucket).
                                                                                                                                                
-
                                                                                                                                                region
                                                                                                                                                
-
                                                                                                                                                Region where the cluster is located.
                                                                                                                                                
-
                                                                                                                                                volumeID
                                                                                                                                                
-
                                                                                                                                                OBS bucket name.
                                                                                                                                                
-
                                                                                                                                                To obtain the name, log in to the CCE console, choose Resource Management > Storage, click the PVC name in the OBS tab page, and copy the PV name on the PV Details tab page.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                Storage capacity in the unit of Gi. The value is fixed at 1Gi.
                                                                                                                                                
-
                                                                                                                                                storageClassName
                                                                                                                                                
-
                                                                                                                                                Storage class supported by OBS, including obs-standard (standard bucket) and obs-standard-ia (infrequent access bucket).
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.apiVersion
                                                                                                                                                
-
                                                                                                                                                The value is fixed at v1.
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.kind
                                                                                                                                                
-
                                                                                                                                                The value is fixed at PersistentVolumeClaim.
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.name
                                                                                                                                                
-
                                                                                                                                                The value is the same as the name of the PVC created in the next step.
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.namespace
                                                                                                                                                
-
                                                                                                                                                The value is the same as the namespace of the PVC created in the next step.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              • Example YAML file for the PVC:
                                                                                                                                                apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  annotations:
-    volume.beta.kubernetes.io/storage-class: obs-standard
-    volume.beta.kubernetes.io/storage-provisioner: flexvolume-huawei.com/fuxiobs
-  name: pvc-obs-example
-  namespace: default
-spec:
-  accessModes:
-  - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
-  volumeName: pv-obs-example
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 2 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-class
                                                                                                                                                
-
                                                                                                                                                Storage class supported by OBS, including obs-standard and obs-standard-ia.
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-provisioner
                                                                                                                                                
-
                                                                                                                                                Must be set to flexvolume-huawei.com/fuxiobs.
                                                                                                                                                
-
                                                                                                                                                volumeName
                                                                                                                                                
-
                                                                                                                                                Name of the PV.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                Storage capacity in the unit of Gi. The value is fixed at 1Gi.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              
-
                                                                                                                                              Clusters of v1.9
                                                                                                                                              
-
                                                                                                                                              • Example YAML file for the PV:
                                                                                                                                                apiVersion: v1 
-kind: PersistentVolume 
-metadata: 
-  name: pv-obs-example 
-  namespace: default  
-spec: 
-  accessModes: 
-  - ReadWriteMany 
-  capacity: 
-    storage: 1Gi 
-  flexVolume: 
-    driver: huawei.com/fuxiobs 
-    fsType: obs 
-    options: 
-      fsType: obs 
-      kubernetes.io/namespace: default 
-      region: eu-de
-      storage_class: STANDARD 
-      volumeID: test-obs 
-  persistentVolumeReclaimPolicy: Delete 
-  storageClassName: obs-standard
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 3 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                driver
                                                                                                                                                
-
                                                                                                                                                Storage driver used to mount the volume. Set the driver to huawei.com/fuxiobs for the OBS volume.
                                                                                                                                                
-
                                                                                                                                                storage_class
                                                                                                                                                
-
                                                                                                                                                Storage class, including STANDARD (standard bucket) and STANDARD_IA (infrequent access bucket).
                                                                                                                                                
-
                                                                                                                                                region
                                                                                                                                                
-
                                                                                                                                                Region where the cluster is located.
                                                                                                                                                
-
                                                                                                                                                volumeID
                                                                                                                                                
-
                                                                                                                                                OBS bucket name.
                                                                                                                                                
-
                                                                                                                                                To obtain the name, log in to the CCE console, choose Resource Management > Storage, click the PVC name in the OBS tab page, and copy the PV name on the PV Details tab page.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                Storage capacity in the unit of Gi. The value is fixed at 1Gi.
                                                                                                                                                
-
                                                                                                                                                storageClassName
                                                                                                                                                
-
                                                                                                                                                Storage class supported by OBS, including obs-standard (standard bucket) and obs-standard-ia (infrequent access bucket).
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              • Example YAML file for the PVC:
                                                                                                                                                apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  annotations:
-    volume.beta.kubernetes.io/storage-class: obs-standard
-    volume.beta.kubernetes.io/storage-provisioner: flexvolume-huawei.com/fuxiobs
-  name: pvc-obs-example
-  namespace: default
-spec:
-  accessModes:
-  - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
-  volumeName: pv-obs-example
-  volumeNamespace: default
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 4 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-class
                                                                                                                                                
-
                                                                                                                                                Storage class supported by OBS, including obs-standard and obs-standard-ia.
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-provisioner
                                                                                                                                                
-
                                                                                                                                                Must be set to flexvolume-huawei.com/fuxiobs.
                                                                                                                                                
-
                                                                                                                                                volumeName
                                                                                                                                                
-
                                                                                                                                                Name of the PV.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                Storage capacity in the unit of Gi. The value is fixed at 1Gi.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              
-
                                                                                                                                            4. Create the PV.
                                                                                                                                              kubectl create -f pv-obs-example.yaml
                                                                                                                                              
-
                                                                                                                                            5. Create the PVC.
                                                                                                                                              kubectl create -f pvc-obs-example.yaml
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0327.html b/docs/cce/umn/cce_10_0327.html
deleted file mode 100644
index 8311cdc83..000000000
--- a/docs/cce/umn/cce_10_0327.html
+++ /dev/null
@@ -1,173 +0,0 @@
-
-
-
                                                                                                                                            (kubectl) Creating a Deployment Mounted with an OBS Volume
                                                                                                                                            
-
                                                                                                                                            Scenario
                                                                                                                                            After an OBS volume is created or imported to CCE, you can mount the volume to a workload.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            The following configuration example applies to clusters of Kubernetes 1.13 or earlier.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Procedure
                                                                                                                                            1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                            2. Run the following commands to configure the obs-deployment-example.yaml file, which is used to create a pod.
                                                                                                                                              touch obs-deployment-example.yaml
                                                                                                                                              
-
                                                                                                                                              vi obs-deployment-example.yaml
                                                                                                                                              
-
                                                                                                                                              Example of mounting an OBS volume to a Deployment (PVC-based, shared volume):
                                                                                                                                              apiVersion: apps/v1 
-kind: Deployment 
-metadata: 
-   name: obs-deployment-example                       # Workload name
-  namespace: default 
-spec: 
-  replicas: 1 
-  selector: 
-    matchLabels: 
-      app: obs-deployment-example 
-  template: 
-    metadata: 
-      labels: 
-        app: obs-deployment-example 
-    spec: 
-      containers: 
-      - image: nginx 
-        name: container-0 
-        volumeMounts: 
-        - mountPath: /tmp                       # Mount path
-          name: pvc-obs-example 
-      restartPolicy: Always
-      imagePullSecrets:
-        - name: default-secret
-      volumes: 
-      - name: pvc-obs-example  
-        persistentVolumeClaim: 
-          claimName: pvc-obs-auto-example       # PVC name
                                                                                                                                              
-
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 1 Key parameters
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              name
                                                                                                                                              
-
                                                                                                                                              Name of the pod to be created.
                                                                                                                                              
-
                                                                                                                                              app
                                                                                                                                              
-
                                                                                                                                              Name of the application running in the pod.
                                                                                                                                              
-
                                                                                                                                              mountPath
                                                                                                                                              
-
                                                                                                                                              Mount path in the container.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                               
                                                                                                                                              spec.template.spec.containers.volumeMounts.name and spec.template.spec.volumes.name must be consistent because they have a mapping relationship.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Example of mounting an OBS volume to a StatefulSet (PVC template-based, dedicated volume):
                                                                                                                                              
-
                                                                                                                                              Example YAML:
                                                                                                                                              apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: deploy-obs-standard-in
-  namespace: default
-  generation: 1
-  labels:
-    appgroup: ''
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: deploy-obs-standard-in
-  template:
-    metadata:
-      labels:
-        app: deploy-obs-standard-in
-      annotations:
-        metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"","path":"","port":"","names":""}]'
-        pod.alpha.kubernetes.io/initialized: 'true'
-    spec:
-      containers:
-        - name: container-0
-          image: 'nginx:1.12-alpine-perl'
-          env:
-            - name: PAAS_APP_NAME
-              value: deploy-obs-standard-in
-            - name: PAAS_NAMESPACE
-              value: default
-            - name: PAAS_PROJECT_ID
-              value: a2cd8e998dca42e98a41f596c636dbda
-          resources: {}
-          volumeMounts:
-            - name: obs-bs-standard-mountoptionpvc
-              mountPath: /tmp
-          terminationMessagePath: /dev/termination-log
-          terminationMessagePolicy: File
-          imagePullPolicy: IfNotPresent
-      restartPolicy: Always
-      terminationGracePeriodSeconds: 30
-      dnsPolicy: ClusterFirst
-      securityContext: {}
-      imagePullSecrets:
-        - name: default-secret
-      affinity: {}
-      schedulerName: default-scheduler
-  volumeClaimTemplates:
-    - metadata:
-        name: obs-bs-standard-mountoptionpvc
-        annotations:
-          volume.beta.kubernetes.io/storage-class: obs-standard
-          volume.beta.kubernetes.io/storage-provisioner: flexvolume-huawei.com/fuxiobs
-      spec:
-        accessModes:
-          - ReadWriteMany
-        resources:
-          requests:
-            storage: 1Gi
-  serviceName: wwww
-  podManagementPolicy: OrderedReady
-  updateStrategy:
-    type: RollingUpdate
-  revisionHistoryLimit: 10
                                                                                                                                              
-
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 2 Key parameters
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              name
                                                                                                                                              
-
                                                                                                                                              Name of the created workload.
                                                                                                                                              
-
                                                                                                                                              image
                                                                                                                                              
-
                                                                                                                                              Image of the workload.
                                                                                                                                              
-
                                                                                                                                              mountPath
                                                                                                                                              
-
                                                                                                                                              Mount path in the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                              
-
                                                                                                                                              serviceName
                                                                                                                                              
-
                                                                                                                                              Service corresponding to the workload. For details about how to create a Service, see Creating a StatefulSet.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                               
                                                                                                                                              spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name must be consistent because they have a mapping relationship.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            3. Run the following command to create the pod:
                                                                                                                                              kubectl create -f obs-deployment-example.yaml
                                                                                                                                              
-
                                                                                                                                              After the creation is complete, choose Storage > OBS on the CCE console and click the PVC name. On the PVC details page, you can view the binding relationship between the OBS service and the PVC.
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0328.html b/docs/cce/umn/cce_10_0328.html
deleted file mode 100644
index c34726714..000000000
--- a/docs/cce/umn/cce_10_0328.html
+++ /dev/null
@@ -1,94 +0,0 @@
-
-
-
                                                                                                                                            (kubectl) Creating a StatefulSet Mounted with an OBS Volume
                                                                                                                                            
-
                                                                                                                                            Scenario
                                                                                                                                            CCE allows you to use an existing OBS volume to create a StatefulSet through a PersistentVolumeClaim (PVC).
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            The following configuration example applies to clusters of Kubernetes 1.13 or earlier.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Procedure
                                                                                                                                            1. Create an OBS volume by referring to (kubectl) Automatically Creating an OBS Volume and obtain the PVC name.
                                                                                                                                            2. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                            3. Create a YAML file for creating the workload. Assume that the file name is obs-statefulset-example.yaml.
                                                                                                                                              touch obs-statefulset-example.yaml
                                                                                                                                              
-
                                                                                                                                              vi obs-statefulset-example.yaml
                                                                                                                                              
-
                                                                                                                                              Example YAML:
                                                                                                                                              
-
                                                                                                                                              apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: obs-statefulset-example
-  namespace: default
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: obs-statefulset-example
-  serviceName: qwqq
-  template:
-    metadata:
-      annotations:
-        metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"","path":"","port":"","names":""}]'
-        pod.alpha.kubernetes.io/initialized: "true"
-      creationTimestamp: null
-      labels:
-        app: obs-statefulset-example
-    spec:
-      affinity: {}
-      containers:	
-        image: nginx:latest
-        imagePullPolicy: Always
-        name: container-0
-        volumeMounts:
-        - mountPath: /tmp
-          name: pvc-obs-example
-      imagePullSecrets:
-      - name: default-secret
-      volumes:
-        - name: pvc-obs-example
-          persistentVolumeClaim:
-            claimName: cce-obs-demo
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 1 Key parameters
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              replicas
                                                                                                                                              
-
                                                                                                                                              Number of pods.
                                                                                                                                              
-
                                                                                                                                              name
                                                                                                                                              
-
                                                                                                                                              Name of the created workload.
                                                                                                                                              
-
                                                                                                                                              image
                                                                                                                                              
-
                                                                                                                                              Image used by the workload.
                                                                                                                                              
-
                                                                                                                                              mountPath
                                                                                                                                              
-
                                                                                                                                              Mount path in the container.
                                                                                                                                              
-
                                                                                                                                              serviceName
                                                                                                                                              
-
                                                                                                                                              Service corresponding to the workload. For details about how to create a Service, see Creating a StatefulSet.
                                                                                                                                              
-
                                                                                                                                              claimName
                                                                                                                                              
-
                                                                                                                                              Name of an existing PVC.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            4. Create the StatefulSet.
                                                                                                                                              kubectl create -f obs-statefulset-example.yaml
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0329.html b/docs/cce/umn/cce_10_0329.html
deleted file mode 100644
index e228da1bb..000000000
--- a/docs/cce/umn/cce_10_0329.html
+++ /dev/null
@@ -1,21 +0,0 @@
-
-
-
                                                                                                                                            Using SFS Turbo File Systems as Storage Volumes
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0330.html b/docs/cce/umn/cce_10_0330.html
deleted file mode 100644
index b4bf1923a..000000000
--- a/docs/cce/umn/cce_10_0330.html
+++ /dev/null
@@ -1,14 +0,0 @@
-
-
-
                                                                                                                                            Overview
                                                                                                                                            
-
                                                                                                                                            CCE allows you to mount a volume created from an SFS Turbo file system to a container to store data persistently. Provisioned on demand and fast, SFS Turbo is suitable for DevOps, container microservices, and enterprise OA scenarios.
                                                                                                                                            
-
                                                                                                                                            Figure 1 Mounting SFS Turbo volumes to CCE
                                                                                                                                            
-
                                                                                                                                            Description
                                                                                                                                            • Standard file protocols: You can mount file systems as volumes to servers, the same as using local directories.
                                                                                                                                            • Data sharing: The same file system can be mounted to multiple servers, so that data can be shared.
                                                                                                                                            • Private network: User can access data only in private networks of data centers.
                                                                                                                                            • Data isolation: The on-cloud storage service provides exclusive cloud file storage, which delivers data isolation and ensures IOPS performance.
                                                                                                                                            • Use cases: Deployments/StatefulSets in the ReadWriteMany mode, DaemonSets, and jobs created for high-traffic websites, log storage, DevOps, and enterprise OA applications
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0332.html b/docs/cce/umn/cce_10_0332.html
deleted file mode 100644
index c6f4c8eff..000000000
--- a/docs/cce/umn/cce_10_0332.html
+++ /dev/null
@@ -1,148 +0,0 @@
-
-
-
                                                                                                                                            (kubectl) Creating a PV from an Existing SFS Turbo File System
                                                                                                                                            
-
                                                                                                                                            Scenario
                                                                                                                                            CCE allows you to use an existing SFS Turbo file system to create a PersistentVolume (PV). After the creation is successful, you can create a PersistentVolumeClaim (PVC) and bind it to the PV.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            The following configuration example applies to clusters of Kubernetes 1.13 or earlier.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Procedure
                                                                                                                                            1. Log in to the SFS console, create a file system, and record the file system ID, shared path, and capacity.
                                                                                                                                            2. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                            3. Create two YAML files for creating the PV and PVC. Assume that the file names are pv-efs-example.yaml and pvc-efs-example.yaml.
                                                                                                                                              touch pv-efs-example.yaml pvc-efs-example.yaml
                                                                                                                                              
-
                                                                                                                                              • Example YAML file for the PV:
                                                                                                                                                apiVersion: v1 
-kind: PersistentVolume 
-metadata: 
-  name: pv-efs-example 
-  annotations:
-    pv.kubernetes.io/provisioned-by: flexvolume-huawei.com/fuxiefs
-spec: 
-  accessModes: 
-  - ReadWriteMany 
-  capacity: 
-    storage: 100Gi 
-  claimRef:
-    apiVersion: v1
-    kind: PersistentVolumeClaim
-    name: pvc-efs-example
-    namespace: default
-  flexVolume: 
-    driver: huawei.com/fuxiefs 
-    fsType: efs 
-    options: 
-      deviceMountPath: <your_deviceMountPath>  # Shared storage path of your SFS Turbo file.
-      fsType: efs 
-      volumeID: 8962a2a2-a583-4b7f-bb74-fe76712d8414 
-  persistentVolumeReclaimPolicy: Delete 
-  storageClassName: efs-standard
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 1 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                driver
                                                                                                                                                
-
                                                                                                                                                Storage driver used to mount the volume. Set it to huawei.com/fuxiefs.
                                                                                                                                                
-
                                                                                                                                                deviceMountPath
                                                                                                                                                
-
                                                                                                                                                Shared path of the SFS Turbo volume.
                                                                                                                                                
-
                                                                                                                                                volumeID
                                                                                                                                                
-
                                                                                                                                                SFS Turbo volume ID.
                                                                                                                                                
-
                                                                                                                                                To obtain the ID, log in to the CCE console, choose Resource Management > Storage, click the PVC name in the SFS Turbo tab page, and copy the PVC ID on the PVC details page.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                File system size.
                                                                                                                                                
-
                                                                                                                                                storageClassName
                                                                                                                                                
-
                                                                                                                                                Volume type supported by SFS Turbo. The value can be efs-standard and efs-performance. Currently, SFS Turbo does not support dynamic creation; therefore, this parameter is not used for now.
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.apiVersion
                                                                                                                                                
-
                                                                                                                                                The value is fixed at v1.
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.kind
                                                                                                                                                
-
                                                                                                                                                The value is fixed at PersistentVolumeClaim.
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.name
                                                                                                                                                
-
                                                                                                                                                The value is the same as the name of the PVC created in the next step.
                                                                                                                                                
-
                                                                                                                                                spec.claimRef.namespace
                                                                                                                                                
-
                                                                                                                                                The value is the same as the namespace of the PVC created in the next step.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              • Example YAML file for the PVC:
                                                                                                                                                apiVersion: v1 
-kind: PersistentVolumeClaim 
-metadata: 
-  annotations: 
-    volume.beta.kubernetes.io/storage-class: efs-standard 
-    volume.beta.kubernetes.io/storage-provisioner: flexvolume-huawei.com/fuxiefs 
-  name: pvc-efs-example 
-  namespace: default 
-spec: 
-  accessModes: 
-  - ReadWriteMany 
-  resources: 
-    requests: 
-      storage: 100Gi 
-  volumeName: pv-efs-example
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 2 Key parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-class
                                                                                                                                                
-
                                                                                                                                                Read/write mode supported by SFS Turbo. The value can be efs-standard or efs-performance. The value must be the same as that of the existing PV.
                                                                                                                                                
-
                                                                                                                                                volume.beta.kubernetes.io/storage-provisioner
                                                                                                                                                
-
                                                                                                                                                The field must be set to flexvolume-huawei.com/fuxiefs.
                                                                                                                                                
-
                                                                                                                                                storage
                                                                                                                                                
-
                                                                                                                                                Storage capacity, in the unit of Gi. The value must be the same as the storage size of the existing PV.
                                                                                                                                                
-
                                                                                                                                                volumeName
                                                                                                                                                
-
                                                                                                                                                Name of the PV.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              
-
                                                                                                                                               
                                                                                                                                              The VPC to which the SFS Turbo file system belongs must be the same as the VPC of the ECS VM planned for the workload. Ports 111, 445, 2049, 2051, and 20048 must be enabled in the security groups.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            4. Create the PV.
                                                                                                                                              kubectl create -f pv-efs-example.yaml
                                                                                                                                              
-
                                                                                                                                            5. Create the PVC.
                                                                                                                                              kubectl create -f pvc-efs-example.yaml
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0333.html b/docs/cce/umn/cce_10_0333.html
deleted file mode 100644
index db3135c9e..000000000
--- a/docs/cce/umn/cce_10_0333.html
+++ /dev/null
@@ -1,76 +0,0 @@
-
-
-
                                                                                                                                            (kubectl) Creating a Deployment Mounted with an SFS Turbo Volume
                                                                                                                                            
-
                                                                                                                                            Scenario
                                                                                                                                            After an SFS Turbo volume is created or imported to CCE, you can mount the volume to a workload.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            The following configuration example applies to clusters of Kubernetes 1.13 or earlier.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Procedure
                                                                                                                                            1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                            2. Run the following commands to configure the efs-deployment-example.yaml file, which is used to create a Deployment:
                                                                                                                                              touch efs-deployment-example.yaml
                                                                                                                                              
-
                                                                                                                                              vi efs-deployment-example.yaml
                                                                                                                                              
-
                                                                                                                                              Example of mounting an SFS Turbo volume to a Deployment (PVC-based, shared volume):
                                                                                                                                              
-
                                                                                                                                              apiVersion: apps/v1  
-kind: Deployment  
-metadata:  
-  name: efs-deployment-example                                # Workload name
-  namespace: default  
-spec:  
-  replicas: 1  
-  selector:  
-    matchLabels:  
-      app: efs-deployment-example  
-  template:  
-    metadata:  
-      labels:  
-        app: efs-deployment-example  
-    spec:  
-      containers:  
-      - image: nginx  
-        name: container-0  
-        volumeMounts:  
-        - mountPath: /tmp                                # Mount path
-          name: pvc-efs-example  
-      restartPolicy: Always
-      imagePullSecrets:
-        - name: default-secret
-      volumes:  
-      - name: pvc-efs-example  
-        persistentVolumeClaim:  
-          claimName: pvc-sfs-auto-example                # PVC name
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 1 Key parameters
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              name
                                                                                                                                              
-
                                                                                                                                              Name of the created Deployment.
                                                                                                                                              
-
                                                                                                                                              app
                                                                                                                                              
-
                                                                                                                                              Name of the application running in the Deployment.
                                                                                                                                              
-
                                                                                                                                              mountPath
                                                                                                                                              
-
                                                                                                                                              Mount path in the container. In this example, the mount path is /tmp.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                               
                                                                                                                                              spec.template.spec.containers.volumeMounts.name and spec.template.spec.volumes.name must be consistent because they have a mapping relationship.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            3. Run the following command to create the pod:
                                                                                                                                              kubectl create -f efs-deployment-example.yaml
                                                                                                                                              
-
                                                                                                                                              After the creation is complete, choose Storage > SFS Turbo on the CCE console and click the PVC name. On the PVC details page, you can view the binding relationship between SFS Turbo and PVC.
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0334.html b/docs/cce/umn/cce_10_0334.html
deleted file mode 100644
index a40fd04d0..000000000
--- a/docs/cce/umn/cce_10_0334.html
+++ /dev/null
@@ -1,119 +0,0 @@
-
-
-
                                                                                                                                            (kubectl) Creating a StatefulSet Mounted with an SFS Turbo Volume
                                                                                                                                            
-
                                                                                                                                            Scenario
                                                                                                                                            CCE allows you to use an existing SFS Turbo volume to create a StatefulSet.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            The following configuration example applies to clusters of Kubernetes 1.13 or earlier.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Procedure
                                                                                                                                            1. Create an SFS Turbo volume and record the volume name.
                                                                                                                                            2. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                            3. Create a YAML file for creating the workload. Assume that the file name is efs-statefulset-example.yaml.
                                                                                                                                              touch efs-statefulset-example.yaml
                                                                                                                                              
-
                                                                                                                                              vi efs-statefulset-example.yaml
                                                                                                                                              
-
                                                                                                                                              Example YAML:
                                                                                                                                              
-
                                                                                                                                              apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: efs-statefulset-example
-  namespace: default
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: efs-statefulset-example
-  template:
-    metadata:
-      annotations:
-        metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"","path":"","port":"","names":""}]'
-        pod.alpha.kubernetes.io/initialized: 'true'
-      labels:
-        app: efs-statefulset-example
-    spec:
-      containers:
-        - image: 'nginx:1.0.0'
-          name: container-0
-          resources:
-            requests: {}
-            limits: {}
-          env:
-            - name: PAAS_APP_NAME
-              value: efs-statefulset-example
-            - name: PAAS_NAMESPACE
-              value: default
-            - name: PAAS_PROJECT_ID
-              value: b18296881cc34f929baa8b9e95abf88b
-          volumeMounts:
-            - name: efs-statefulset-example
-              mountPath: /tmp
-              readOnly: false
-              subPath: ''
-      imagePullSecrets:
-        - name: default-secret
-      terminationGracePeriodSeconds: 30
-      volumes:
-        - persistentVolumeClaim:
-            claimName: cce-efs-import-jnr481gm-3y5o
-          name: efs-statefulset-example
-      affinity: {}
-      tolerations:
-        - key: node.kubernetes.io/not-ready
-          operator: Exists
-          effect: NoExecute
-          tolerationSeconds: 300
-        - key: node.kubernetes.io/unreachable
-          operator: Exists
-          effect: NoExecute
-          tolerationSeconds: 300
-  podManagementPolicy: OrderedReady
-  serviceName: test
-  updateStrategy:
-    type: RollingUpdate
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 1 Key parameters
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              replicas
                                                                                                                                              
-
                                                                                                                                              Number of pods.
                                                                                                                                              
-
                                                                                                                                              name
                                                                                                                                              
-
                                                                                                                                              Name of the created workload.
                                                                                                                                              
-
                                                                                                                                              image
                                                                                                                                              
-
                                                                                                                                              Image used by the workload.
                                                                                                                                              
-
                                                                                                                                              mountPath
                                                                                                                                              
-
                                                                                                                                              Mount path in the container.
                                                                                                                                              
-
                                                                                                                                              serviceName
                                                                                                                                              
-
                                                                                                                                              Service corresponding to the workload. For details about how to create a Service, see Creating a StatefulSet.
                                                                                                                                              
-
                                                                                                                                              claimName
                                                                                                                                              
-
                                                                                                                                              Name of an existing PVC.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                               
                                                                                                                                              spec.template.spec.containers.volumeMounts.name and spec.template.spec.volumes.name must be consistent because they have a mapping relationship.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            4. Create the StatefulSet.
                                                                                                                                              kubectl create -f  efs-statefulset-example.yaml
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            
-
-
diff --git a/docs/cce/umn/cce_10_0336.html b/docs/cce/umn/cce_10_0336.html
index 57a81e491..6d845a30f 100644
--- a/docs/cce/umn/cce_10_0336.html
+++ b/docs/cce/umn/cce_10_0336.html
@@ -1,22 +1,22 @@
 
 
-
                                                                                                                                            Using a Custom AK/SK to Mount an OBS Volume
                                                                                                                                            
-
                                                                                                                                            Scenario
                                                                                                                                            You can solve this issue by using Everest 1.2.8 and later versions to use custom access keys for different IAM users.
                                                                                                                                            
+
                                                                                                                                            Using a Custom Access Key (AK/SK) to Mount an OBS Volume
                                                                                                                                            
+
                                                                                                                                            Scenario
                                                                                                                                            You can solve this issue by using everest 1.2.8 or later to use custom access keys for different IAM users.
                                                                                                                                            
 
                                                                                                                                            
 
                                                                                                                                            Prerequisites
                                                                                                                                            • The everest add-on version must be 1.2.8 or later. 
                                                                                                                                            • The cluster version must be 1.15.11 or later.
                                                                                                                                            
 
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            Custom access keys cannot be configured for secure containers.
                                                                                                                                            
+
                                                                                                                                            Constraints
                                                                                                                                            • When an OBS volume is mounted using a custom access key (AK/SK), the access key cannot be deleted or disabled. Otherwise, the service container cannot access the mounted OBS volume.
                                                                                                                                            • Custom access keys cannot be configured for Kata containers.
                                                                                                                                            
 
                                                                                                                                            
 
                                                                                                                                            Disabling Auto Key Mounting
                                                                                                                                            The key you uploaded is used by default when mounting an OBS volume. That is, all IAM users under your account will use the same key to mount OBS buckets, and they have the same permissions on buckets. This setting does not allow you to configure differentiated permissions for different IAM users.
                                                                                                                                            
-
                                                                                                                                            If you have uploaded the AK/SK, you are advised to disable the automatic mounting of access keys by enabling the disable_auto_mount_secret parameter in the everest add-on to prevent IAM users from performing unauthorized operations. In this way, the access keys uploaded on the console will not be used when creating OBS volumes.
                                                                                                                                            
+
                                                                                                                                            If you have uploaded the AK/SK, disable the automatic mounting of access keys by enabling the disable_auto_mount_secret parameter in the everest add-on to prevent IAM users from performing unauthorized operations. In this way, the access keys uploaded on the console will not be used when creating OBS volumes.
                                                                                                                                            
 
                                                                                                                                             
                                                                                                                                            • When enabling disable-auto-mount-secret, ensure that no OBS volume exists in the cluster. A workload mounted with an OBS volume, when scaled or restarted, will fail to remount the OBS volume because it needs to specify the access key but is prohibited by disable-auto-mount-secret.
                                                                                                                                            • If disable-auto-mount-secret is set to true, an access key must be specified when a PV or PVC is created. Otherwise, the OBS volume fails to be mounted.
                                                                                                                                            
 
                                                                                                                                            
 
                                                                                                                                            kubectl edit ds everest-csi-driver -nkube-system
                                                                                                                                            
 
                                                                                                                                            Search for disable-auto-mount-secret and set it to true.
                                                                                                                                            
-
                                                                                                                                            
+
                                                                                                                                            
 
                                                                                                                                            Run :wq to save the settings and exit. Wait until the pod is restarted.
                                                                                                                                            
 
                                                                                                                                            
-
                                                                                                                                            Obtaining an Access Key
                                                                                                                                            1. Log in to the console.
                                                                                                                                            2. Hover the cursor over the username in the upper right corner and choose My Credentials from the drop-down list.
                                                                                                                                            3. In the navigation pane, choose Access Keys.
                                                                                                                                            4. Click Create Access Key. The Create Access Key dialog box is displayed.
                                                                                                                                            5. Click OK to download the AK/SK.
                                                                                                                                            
+
                                                                                                                                            Obtaining an Access Key
                                                                                                                                            1. Log in to the console.
                                                                                                                                            2. Hover the cursor over the username in the upper right corner and choose My Credentials from the drop-down list.
                                                                                                                                            3. In the navigation pane, choose Access Keys.
                                                                                                                                            4. Click Create Access Key. The Create Access Key dialog box is displayed.
                                                                                                                                            5. Click OK to download the access key.
                                                                                                                                            
 
                                                                                                                                            
 
                                                                                                                                            Creating a Secret Using an Access Key
                                                                                                                                            1. Obtain an access key.
                                                                                                                                            2. Encode the keys using Base64. (Assume that the AK is xxx and the SK is yyy.)
                                                                                                                                              echo -n xxx|base64
                                                                                                                                              
 
                                                                                                                                              echo -n yyy|base64
                                                                                                                                              
@@ -62,7 +62,7 @@ type: cfe/secure-opaque
 
                                                                                                                                            
 
                                                                                                                                            secret.kubernetes.io/used-by: csi
                                                                                                                                            
 
                                                                                                                                            You need to add this label in the YAML file if you want to make it available on the CCE console when you create an OBS PV/PVC.
                                                                                                                                            
+
                                                                                                                                            Add this label in the YAML file if you want to make it available on the CCE console when you create an OBS PV/PVC.
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            
 
                                                                                                                                            type
                                                                                                                                            
@@ -129,7 +129,7 @@ spec:
 
 
                                                                                                                                            
 
                                                                                                                                            
-
                                                                                                                                          • Create the PV.
                                                                                                                                            kubectl create -f pv-example.yaml
                                                                                                                                            
+
                                                                                                                                          • Create a PV.
                                                                                                                                            kubectl create -f pv-example.yaml
                                                                                                                                            
 
                                                                                                                                            After a PV is created, you can create a PVC and associate it with the PV.
                                                                                                                                            
 
                                                                                                                                          • Create a YAML file for the PVC, for example, pvc-example.yaml.
                                                                                                                                            Example YAML file for the PVC:
                                                                                                                                            
 
                                                                                                                                            apiVersion: v1
@@ -171,7 +171,7 @@ spec:
 
 
                                                                                                                                            • 
 
                                                                                                                                            
-
                                                                                                                                          • Create the PVC.
                                                                                                                                            kubectl create -f pvc-example.yaml
                                                                                                                                            
+
                                                                                                                                          • Create a PVC.
                                                                                                                                            kubectl create -f pvc-example.yaml
                                                                                                                                            
 
                                                                                                                                            After the PVC is created, you can create a workload and associate it with the PVC to create volumes.
                                                                                                                                            
 
                                                                                                                                      
 
                                                                                                                                      
@@ -213,7 +213,7 @@ spec:
 
 
                                                                                                                            
 
                                                                                                                            
-
                                                                                                                          3. Create the PVC.
                                                                                                                            kubectl create -f pvc-example.yaml
                                                                                                                            
+
                                                                                                                          4. Create a PVC.
                                                                                                                            kubectl create -f pvc-example.yaml
                                                                                                                            
 
                                                                                                                            After the PVC is created, you can create a workload and associate it with the PVC to create volumes.
                                                                                                                            
 
                                                                                                                          
 
                                                                                                                          
@@ -221,13 +221,13 @@ spec:
 
                                                                                                                          Expected outputs:
                                                                                                                          
 
                                                                                                                          obs-secret-5cd558f76f-vxslv          1/1     Running   0          3m22s
                                                                                                                          
 
                                                                                                                        7. Query the objects in the mount path. In this example, the query is successful.
                                                                                                                          kubectl exec obs-secret-5cd558f76f-vxslv -- ls -l /temp/
                                                                                                                          
-
                                                                                                                        8. Write data into the mount path. In this example, the write operation fails.
                                                                                                                          kubectl exec obs-secret-5cd558f76f-vxslv -- touch /temp/test
                                                                                                                          
+
                                                                                                                        9. Write data into the mount path. In this example, the write operation failed.
                                                                                                                          kubectl exec obs-secret-5cd558f76f-vxslv -- touch /temp/test
                                                                                                                          
 
                                                                                                                          Expected outputs:
                                                                                                                          
 
                                                                                                                          touch: setting times of '/temp/test': No such file or directory
 command terminated with exit code 1
                                                                                                                          
-
                                                                                                                        10. Set the read/write permissions for the IAM user who mounted the OBS volume by referring to the bucket policy configuration.
                                                                                                                          
-
                                                                                                                          
-
                                                                                                                        11. Write data into the mouth path again. In this example, the write operation succeeded.
                                                                                                                          kubectl exec obs-secret-5cd558f76f-vxslv -- touch /temp/test
                                                                                                                          
+
                                                                                                                        12. Set the read/write permissions for the IAM user who mounted the OBS volume by referring to the bucket policy configuration.
                                                                                                                          
+
                                                                                                                          
+
                                                                                                                        13. Write data into the mount path again. In this example, the write operation succeeded.
                                                                                                                          kubectl exec obs-secret-5cd558f76f-vxslv -- touch /temp/test
                                                                                                                          
 
                                                                                                                        14. Check the mount path in the container to see whether the data is successfully written.
                                                                                                                          kubectl exec obs-secret-5cd558f76f-vxslv -- ls -l /temp/
                                                                                                                          
 
                                                                                                                          Expected outputs:
                                                                                                                          
 
                                                                                                                          -rwxrwxrwx 1 root root 0 Jun  7 01:52 test
                                                                                                                          
@@ -237,7 +237,7 @@ command terminated with exit code 1
 
 
                                                                                                                          
 
                                                                                                                          
-
                                                                                                                          Parent topic: Storage
                                                                                                                          
+
                                                                                                                          Parent topic: Object Storage Service (OBS)
                                                                                                                          
 
                                                                                                                          
 
                                                                                                                          
 
diff --git a/docs/cce/umn/cce_10_0337.html b/docs/cce/umn/cce_10_0337.html
index 45ea515a9..b882e3509 100644
--- a/docs/cce/umn/cce_10_0337.html
+++ b/docs/cce/umn/cce_10_0337.html
@@ -1,184 +1,133 @@
 
 
-
                                                                                                                          Setting Mount Options
                                                                                                                          
-
                                                                                                                          Scenario
                                                                                                                          You can mount cloud storage volumes to your containers and use these volumes as local directories.
                                                                                                                          
-
                                                                                                                          This section describes how to set mount options when mounting SFS and OBS volumes. You can set mount options in a PV and bind the PV to a PVC. Alternatively, set mount options in a StorageClass and use the StorageClass to create a PVC. In this way, PVs can be dynamically created and inherit mount options configured in the StorageClass by default.
                                                                                                                          
+
                                                                                                                          Configuring SFS Volume Mount Options
                                                                                                                          
+
                                                                                                                          This section describes how to configure SFS volume mount options. You can configure mount options in a PV and bind the PV to a PVC. Alternatively, configure mount options in a StorageClass and use the StorageClass to create a PVC. In this way, PVs can be dynamically created and inherit mount options configured in the StorageClass by default.
                                                                                                                          
+
                                                                                                                          Prerequisites
                                                                                                                          The everest add-on version must be 1.2.8 or later. The add-on identifies the mount options and transfers them to the underlying storage resources, which determine whether the specified options are valid.
                                                                                                                          
 
                                                                                                                          
-
                                                                                                                          SFS Volume Mount Options
                                                                                                                          The everest add-on in CCE presets the options described in Table 1 for mounting SFS volumes. You can set other mount options if needed. For details, see Mounting an NFS File System to ECSs (Linux).
                                                                                                                          
+
                                                                                                                          Constraints
                                                                                                                          Mount options cannot be configured for Kata containers.
                                                                                                                          
+
                                                                                                                          
+
                                                                                                                          SFS Volume Mount Options
                                                                                                                          The everest add-on in CCE presets the options described in Table 1 for mounting SFS volumes.
                                                                                                                          
 
-
                                                                                                                          Table 1 SFS volume mount options
                                                                                                                          Option
                                                                                                                          
+
                                                                                                                          
-
+
-
-
+
-
-
+
-
-
+
-
-
+
+
+
+
+
                                                                                                                          Table 1 SFS volume mount options
                                                                                                                          Parameter
                                                                                                                          
 
                                                                                                                          Description
                                                                                                                          
+
                                                                                                                          Value
                                                                                                                          
+
                                                                                                                          Description
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          
 
                                                                                                                          vers=3
                                                                                                                          
+
                                                                                                                          keep-original-ownership
                                                                                                                          
 
                                                                                                                          File system version. Currently, only NFSv3 is supported, Value: 3
                                                                                                                          
+
                                                                                                                          Leave it blank.
                                                                                                                          
+
                                                                                                                          Whether to retain the ownership of the file mount point. If this option is used, the everest add-on must be v1.2.63 or v2.1.2 or later.
                                                                                                                          
+
                                                                                                                          • By default, this option is not added. and the mount point ownership is root:root when SFS is mounted.
                                                                                                                          
+
                                                                                                                          • If this option is added, the original ownership of the file system is retained when SFS is mounted.
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          nolock
                                                                                                                          
+
                                                                                                                          vers
                                                                                                                          
 
                                                                                                                          Whether to lock files on the server using the NLM protocol. If nolock is selected, the lock is valid for applications on one host. For applications on another host, the lock is invalid.
                                                                                                                          
+
                                                                                                                          3
                                                                                                                          
+
                                                                                                                          File system version. Currently, only NFSv3 is supported. Value: 3
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          timeo=600
                                                                                                                          
+
                                                                                                                          nolock
                                                                                                                          
 
                                                                                                                          Waiting time before the NFS client retransmits a request. The unit is 0.1 seconds. Recommended value: 600
                                                                                                                          
+
                                                                                                                          Leave it blank.
                                                                                                                          
+
                                                                                                                          Whether to lock files on the server using the NLM protocol. If nolock is selected, the lock is valid for applications on one host. For applications on another host, the lock is invalid.
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          hard/soft
                                                                                                                          
+
                                                                                                                          timeo
                                                                                                                          
 
                                                                                                                          Mounting mode.
                                                                                                                          
-
                                                                                                                          • hard: If the NFS request times out, the client keeps resending the request until the request is successful.
                                                                                                                          • soft: If the NFS request times out, the client returns an error to the invoking program.
                                                                                                                          
-
                                                                                                                          The default value is hard.
                                                                                                                          
+
                                                                                                                          600
                                                                                                                          
+
                                                                                                                          Waiting time before the NFS client retransmits a request. The unit is 0.1 seconds. Recommended value: 600
                                                                                                                          
+
                                                                                                                          hard/soft
                                                                                                                          
+
                                                                                                                          Leave it blank.
                                                                                                                          
+
                                                                                                                          Mount mode.
                                                                                                                          
+
                                                                                                                          • hard: If the NFS request times out, the client keeps resending the request until the request is successful.
                                                                                                                          • soft: If the NFS request times out, the client returns an error to the invoking program.
                                                                                                                          
+
                                                                                                                          The default value is hard.
                                                                                                                          
                                                                                                                           		
 
                                                                                                                          
                                                                                                                           
 
                                                                                                                          
 
                                                                                                                          
+
                                                                                                                          You can set other mount options if needed. For details, see Mounting an NFS File System to ECSs (Linux).
                                                                                                                          
 
-
                                                                                                                          OBS Volume Mount Options
                                                                                                                          When mounting file storage, the everest add-on presets the options described in Table 2 and Table 3 by default. The options in Table 2 are mandatory. 
                                                                                                                          
-
-
                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                          Table 2 Mandatory mount options configured by default
                                                                                                                          Option
                                                                                                                          
-
                                                                                                                          Description
                                                                                                                          
-
                                                                                                                          use_ino
                                                                                                                          
-
                                                                                                                          If enabled, obsfs allocates the inode number. Enabled by default in read/write mode.
                                                                                                                          
-
                                                                                                                          big_writes
                                                                                                                          
-
                                                                                                                          If configured, the maximum size of the cache can be modified.
                                                                                                                          
-
                                                                                                                          nonempty
                                                                                                                          
-
                                                                                                                          Allows non-empty mount paths.
                                                                                                                          
-
                                                                                                                          allow_other
                                                                                                                          
-
                                                                                                                          Allows other users to access the parallel file system.
                                                                                                                          
-
                                                                                                                          no_check_certificate
                                                                                                                          
-
                                                                                                                          Disables server certificate verification.
                                                                                                                          
-
                                                                                                                          enable_noobj_cache
                                                                                                                          
-
                                                                                                                          Enables cache entries for objects that do not exist, which can improve performance. Enabled by default in object bucket read/write mode.
                                                                                                                          
-
                                                                                                                          This option is no longer set by default since everest 1.2.40.
                                                                                                                          
-
                                                                                                                          sigv2
                                                                                                                          
-
                                                                                                                          Specifies the signature version. Used by default in object buckets.
                                                                                                                          
-
                                                                                                                          
-
                                                                                                                          
-
-
                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                          Table 3 Optional mount options configured by default
                                                                                                                          Option
                                                                                                                          
-
                                                                                                                          Description
                                                                                                                          
-
                                                                                                                          max_write=131072
                                                                                                                          
-
                                                                                                                          This parameter is valid only when big_writes is configured. The recommended value is 128 KB.
                                                                                                                          
-
                                                                                                                          ssl_verify_hostname=0
                                                                                                                          
-
                                                                                                                          Disables verifying the SSL certificate based on the host name.
                                                                                                                          
-
                                                                                                                          max_background=100
                                                                                                                          
-
                                                                                                                          Allows setting the maximum number of waiting requests in the background. Used by default in parallel file systems.
                                                                                                                          
-
                                                                                                                          public_bucket=1
                                                                                                                          
-
                                                                                                                          If set to 1, public buckets are mounted anonymously. Enabled by default in object bucket read/write mode.
                                                                                                                          
-
                                                                                                                          
-
                                                                                                                          
-
                                                                                                                          You can log in to the node to which the pod is scheduled and view all mount options used for mounting the OBS volume in the process details.
                                                                                                                          
-
                                                                                                                          • Object bucket: ps -ef | grep s3fs
                                                                                                                            root     22142     1  0 Jun03 ?        00:00:00 /usr/bin/s3fs pvc-82fe2cbe-3838-43a2-8afb-f994e402fb9d /mnt/paas/kubernetes/kubelet/pods/0b13ff68-4c8e-4a1c-b15c-724fd4d64389/volumes/kubernetes.io~csi/pvc-82fe2cbe-3838-43a2-8afb-f994e402fb9d/mount -o url=https://{{endpoint}}:443 -o endpoint=xxxxxx -o passwd_file=/opt/everest-host-connector/1622707954357702943_obstmpcred/pvc-82fe2cbe-3838-43a2-8afb-f994e402fb9d -o nonempty -o big_writes -o enable_noobj_cache -o sigv2 -o allow_other -o no_check_certificate -o ssl_verify_hostname=0 -o max_write=131072 -o multipart_size=20 -o umask=0
                                                                                                                            
-
                                                                                                                          • Parallel file system: ps -ef | grep obsfs
                                                                                                                            root      1355     1  0 Jun03 ?        00:03:16 /usr/bin/obsfs pvc-86720bb9-5aa8-4cde-9231-5253994f8468 /mnt/paas/kubernetes/kubelet/pods/c959a91d-eced-4b41-91c6-96cbd65324f9/volumes/kubernetes.io~csi/pvc-86720bb9-5aa8-4cde-9231-5253994f8468/mount -o url=https://{{endpoint}}:443 -o endpoint=xxxxxx -o passwd_file=/opt/everest-host-connector/1622714415305160399_obstmpcred/pvc-86720bb9-5aa8-4cde-9231-5253994f8468 -o allow_other -o nonempty -o big_writes -o use_ino -o no_check_certificate -o ssl_verify_hostname=0 -o umask=0027 -o max_write=131072 -o max_background=100 -o uid=10000 -o gid=10000
                                                                                                                            
-
                                                                                                                          
-
                                                                                                                          
-
                                                                                                                          Prerequisites
                                                                                                                          • The everest add-on version must be 1.2.8 or later.
                                                                                                                          • The add-on identifies the mount options and transfers them to the underlying storage resources, which determine whether the specified options are valid.
                                                                                                                          
-
                                                                                                                          
-
                                                                                                                          Notes and Constraints
                                                                                                                          Mount options cannot be configured for secure containers.
                                                                                                                          
-
                                                                                                                          
-
                                                                                                                          Setting Mount Options in a PV
                                                                                                                          You can use the mountOptions field to set mount options in a PV. The options you can configure in mountOptions are listed in SFS Volume Mount Options and OBS Volume Mount Options.
                                                                                                                          
-
                                                                                                                          apiVersion: v1
+
                                                                                                                          Configuring Mount Options in a PV
                                                                                                                          You can use the mountOptions field to configure mount options in a PV. The options you can configure in mountOptions are listed in SFS Volume Mount Options.
                                                                                                                          
+
                                                                                                                          1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                          2. Configure mount options in a PV. Example:
                                                                                                                            apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: pv-obs-example
   annotations:
     pv.kubernetes.io/provisioned-by: everest-csi-provisioner
+    everest.io/reclaim-policy: retain-volume-only      # (Optional) The PV is deleted while the underlying volume is retained.
+  name: pv-sfs
 spec:
-  mountOptions:
-  - umask=0027
-  - uid=10000
-  - gid=10000
   accessModes:
-  - ReadWriteMany
+  - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS.
   capacity:
-    storage: 1Gi
-  claimRef:
-    apiVersion: v1
-    kind: PersistentVolumeClaim
-    name: pvc-obs-example
-    namespace: default
+    storage: 1Gi     # SFS volume capacity.
   csi:
-    driver: obs.csi.everest.io
-    fsType: obsfs
+    driver: disk.csi.everest.io   # Dependent storage driver for the mounting.
+    fsType: nfs
+    volumeHandle: <your_volume_id>   # ID of the SFS Capacity-Oriented volume.
     volumeAttributes:
-      everest.io/obs-volume-type: STANDARD
-      everest.io/region: eu-de
+      everest.io/share-export-location: <your_location>  # Shared path of the SFS volume.
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-    volumeHandle: obs-normal-static-pv
-  persistentVolumeReclaimPolicy: Delete
-  storageClassName: csi-obs
                                                                                                                            
-
                                                                                                                            After a PV is created, you can create a PVC and bind it to the PV, and then mount the PV to the container in the workload.
                                                                                                                            
+  persistentVolumeReclaimPolicy: Retain    # Reclaim policy.
+  storageClassName: csi-nas                # Storage class name.
+  mountOptions:                            # Mount options.
+  - vers=3
+  - nolock
+  - timeo=600
+  - hard
                                                                                                                          
+
                                                                                                                        15. After a PV is created, you can create a PVC and bind it to the PV, and then mount the PV to the container in the workload. For details, see Using an Existing SFS File System Through a Static PV.
                                                                                                                        16. Check whether the mount options take effect.
                                                                                                                          In this example, the PVC is mounted to the workload that uses the nginx:latest image. You can run the mount -l command to check whether the mount options take effect.
                                                                                                                          1. View the pod to which the SFS volume has been mounted. In this example, the workload name is web-sfs.
                                                                                                                            kubectl get pod | grep web-sfs
                                                                                                                            
+
                                                                                                                            Command output:
                                                                                                                            
+
                                                                                                                            web-sfs-***   1/1     Running   0             23m
                                                                                                                            
+
                                                                                                                          2. Run the following command to check the mount options (web-sfs-*** is an example pod):
                                                                                                                            kubectl exec -it web-sfs-*** -- mount -l | grep nfs
                                                                                                                            
+
                                                                                                                            If the mounting information in the command output is consistent with the configured mount options, the mount options are set successfully.
                                                                                                                            
+
                                                                                                                            <Your shared path> on /data type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,nolock,noresvport,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=**.**.**.**,mountvers=3,mountport=2050,mountproto=tcp,local_lock=all,addr=**.**.**.**)
                                                                                                                            
+
                                                                                                                          
 
                                                                                                                          
-
                                                                                                                          Setting Mount Options in a StorageClass
                                                                                                                          You can use the mountOptions field to set mount options in a StorageClass. The options you can configure in mountOptions are listed in SFS Volume Mount Options and OBS Volume Mount Options.
                                                                                                                          
-
                                                                                                                          apiVersion: storage.k8s.io/v1
+
                                                                                                                          17. 
+
                                                                                                                          
+
                                                                                                                          Setting Mount Options in a StorageClass
                                                                                                                          You can use the mountOptions field to configure mount options in a StorageClass. The options you can configure in mountOptions are listed in SFS Volume Mount Options.
                                                                                                                          
+
                                                                                                                          1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                          2. Create a customized StorageClass. Example:
                                                                                                                            apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
-  name: csi-obs-mount-option
-mountOptions:
-- umask=0027
-- uid=10000
-- gid=10000
-parameters:
-  csi.storage.k8s.io/csi-driver-name: obs.csi.everest.io
-  csi.storage.k8s.io/fstype: s3fs
-  everest.io/obs-volume-type: STANDARD
+  name: csi-sfs-mount-option
 provisioner: everest-csi-provisioner
+parameters:
+  csi.storage.k8s.io/csi-driver-name: nas.csi.everest.io
+  csi.storage.k8s.io/fstype: nfs
+everest.io/share-access-to: <your_vpc_id> # VPC ID of the cluster.
 reclaimPolicy: Delete
-volumeBindingMode: Immediate
                                                                                                                            
-
                                                                                                                            After the StorageClass is configured, you can use it to create a PVC. By default, the dynamically created PVs inherit the mount options set in the StorageClass.
                                                                                                                            
+volumeBindingMode: Immediate
+mountOptions:                            # Mount options
+- vers=3
+- nolock
+- timeo=600
+- hard
+
                                                                                                                          3. After the StorageClass is configured, you can use it to create a PVC. By default, the dynamically created PVs inherit the mount options configured in the StorageClass. For details, see Using an SFS File System Through a Dynamic PV.
                                                                                                                          4. Check whether the mount options take effect.
                                                                                                                            In this example, the PVC is mounted to the workload that uses the nginx:latest image. You can run the mount -l command to check whether the mount options take effect.
                                                                                                                            1. View the pod to which the SFS volume has been mounted. In this example, the workload name is web-sfs.
                                                                                                                              kubectl get pod | grep web-sfs
                                                                                                                              
+
                                                                                                                              Command output:
                                                                                                                              
+
                                                                                                                              web-sfs-***   1/1     Running   0             23m
                                                                                                                              
+
                                                                                                                            2. Run the following command to check the mount options (web-sfs-*** is an example pod):
                                                                                                                              kubectl exec -it web-sfs-*** -- mount -l | grep nfs
                                                                                                                              
+
                                                                                                                              If the mounting information in the command output is consistent with the configured mount options, the mount options are set successfully.
                                                                                                                              
+
                                                                                                                              <Your shared path> on /data type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,nolock,noresvport,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=**.**.**.**,mountvers=3,mountport=2050,mountproto=tcp,local_lock=all,addr=**.**.**.**)
                                                                                                                              
+
                                                                                                                            
+
                                                                                                                            
+
                                                                                                                          
 
                                                                                                                          
 
 
                                                                                                                          
 
                                                                                                                          
-
                                                                                                                          Parent topic: Storage
                                                                                                                          
+
                                                                                                                          Parent topic: Scalable File Service (SFS)
                                                                                                                          
 
                                                                                                                          
 
                                                                                                                          
 
diff --git a/docs/cce/umn/cce_10_0338.html b/docs/cce/umn/cce_10_0338.html
index df6a512ff..be2564c75 100644
--- a/docs/cce/umn/cce_10_0338.html
+++ b/docs/cce/umn/cce_10_0338.html
@@ -5,11 +5,11 @@
 
                                                                                                                          Removing a node will not delete the server corresponding to the node. You are advised to remove nodes at off-peak hours to avoid impacts on your services.
                                                                                                                          
 
                                                                                                                          After a node is removed from the cluster, the node is still running.
                                                                                                                          
 
-
                                                                                                                          Notes and Constraints
                                                                                                                          • Nodes can be removed only when the cluster is in the Available or Unavailable state.
                                                                                                                          • A CCE node can be removed only when it is in the Active, Abnormal, or Error state.
                                                                                                                          • A CCE node in the Active state can have its OS re-installed and CCE components cleared after it is removed.
                                                                                                                          • If the OS fails to be re-installed after the node is removed, manually re-install the OS. After the re-installation, log in to the node and run the clearance script to clear CCE components. For details, see Handling Failed OS Reinstallation.
                                                                                                                          
+
                                                                                                                          Constraints
                                                                                                                          • Nodes can be removed only when the cluster is in the Available or Unavailable status.
                                                                                                                          • A CCE node can be removed only when it is in the Active, Abnormal, or Error status.
                                                                                                                          • A CCE node in the Active status can have its OS re-installed and CCE components cleared after it is removed.
                                                                                                                          • If the OS fails to be re-installed after the node is removed, manually re-install the OS. After the re-installation, log in to the node and run the clearance script to clear CCE components. For details, see Handling Failed OS Reinstallation.
                                                                                                                          • Removing a node will cause PVC/PV data loss for the local PV associated with the node. These PVCs and PVs cannot be restored or used again. In this scenario, the pod that uses the local PV is evicted from the node. A new pod is created and stays in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled.
                                                                                                                          
 
                                                                                                                          
 
                                                                                                                          Precautions
                                                                                                                          • Removing a node will lead to pod migration, which may affect services. Perform this operation during off-peak hours.
                                                                                                                          • Unexpected risks may occur during the operation. Back up data in advance.
                                                                                                                          • While the node is being deleted, the backend will set the node to the unschedulable state.
                                                                                                                          • After you remove the node and re-install the OS, the original LVM partitions will be cleared and the data managed by LVM will be cleared. Therefore, back up data in advance.
                                                                                                                          
 
                                                                                                                          
-
                                                                                                                          Procedure
                                                                                                                          1. Log in to the CCE console and click the cluster name to access the cluster.
                                                                                                                          2. Choose Nodes from the navigation pane and choose More > Remove in the Operation column of the target node.
                                                                                                                          3. In the dialog box displayed, configure the login information required for re-installing the OS and click Yes. Wait until the node is removed.
                                                                                                                            After the node is removed, workload pods on the node are automatically migrated to other available nodes.
                                                                                                                            
+
                                                                                                                            Procedure
                                                                                                                            1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                            2. Choose Nodes from the navigation pane and choose More > Remove in the Operation column of the target node.
                                                                                                                            3. In the dialog box displayed, configure the login information required for re-installing the OS and click Yes. Wait until the node is removed.
                                                                                                                              After the node is removed, workload pods on the node are automatically migrated to other available nodes.
                                                                                                                              
 
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            Handling Failed OS Reinstallation
                                                                                                                            You can perform the following steps to re-install the OS and clear the CCE components on the node if previous attempts fail:
                                                                                                                            
@@ -39,7 +39,7 @@ lsblk
 
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            
-
                                                                                                                            Parent topic: Nodes
                                                                                                                            
+
                                                                                                                            Parent topic: Management Nodes
                                                                                                                            
 
                                                                                                                            
 
                                                                                                                            
 
diff --git a/docs/cce/umn/cce_10_0341.html b/docs/cce/umn/cce_10_0341.html
index 161a694f6..3f88c3e5d 100644
--- a/docs/cce/umn/cce_10_0341.html
+++ b/docs/cce/umn/cce_10_0341.html
@@ -1,50 +1,102 @@
 
 
 
                                                                                                                            Data Disk Space Allocation
                                                                                                                            
-
                                                                                                                            This section describes how to allocate data disk space.
                                                                                                                            
-
                                                                                                                            When creating a node, you need to configure a data disk whose capacity is greater than or equal to 100GB for the node. You can click Expand to customize the data disk space allocation.
                                                                                                                            
-
                                                                                                                            
-
                                                                                                                            • Allocate Disk Space: CCE divides the data disk space for container engines and pods. The container engine space stores the Docker/containerd working directories, container images, and image metadata. The pod space stores kubelet components and emptyDir volumes. The available container engine space affects image download and container startup and running.
                                                                                                                              • Container engine and container image space (90% by default): functions as the container runtime working directory and stores container image data and image metadata.
                                                                                                                              • kubelet component and emptyDir volume space (10% by default): stores pod configuration files, secrets, and mounted storage such as emptyDir volumes.
                                                                                                                              
-
                                                                                                                            • Allocate Pod Basesize: indicates the base size of a container, that is, the upper limit of the disk space occupied by each workload pod (including the space occupied by container images). This setting prevents the pods from taking all the disk space available, which may cause service exceptions. It is recommended that the value be smaller than or equal to 80% of the container engine space. This parameter is related to the node OS and container storage rootfs and is not supported in some scenarios.
                                                                                                                            
-
                                                                                                                            Setting Container Engine Space
                                                                                                                            A data disk, 100 GB for example, is divided as follows (depending on the container storage rootfs):
                                                                                                                            
-
                                                                                                                            You can log in to the node and run the docker info command to view the storage engine type.
                                                                                                                            
-
                                                                                                                            # docker info
-Containers: 20
- Running: 17
- Paused: 0
- Stopped: 3
-Images: 16
-Server Version: 18.09.0
-Storage Driver: devicemapper
                                                                                                                            
-
                                                                                                                            • Rootfs (Device Mapper)
                                                                                                                              By default, 90% of the data disk is the container engine and container image space, which can be divided into the following two parts:
                                                                                                                              • The /var/lib/docker directory is the Docker working directory and occupies 20% of the container runtime space by default. (Space size of the /var/lib/docker directory = Data disk space x 90% x 20%)
                                                                                                                              • The thin pool stores container image data, image metadata, and container data, and occupies 80% of the container runtime space by default. (Thin pool space = Data disk space x 90% x 80%)
                                                                                                                                The thin pool is dynamically mounted. You can view it by running the lsblk command on a node, but not the df -h command.
                                                                                                                                
+
                                                                                                                                This section describes how to allocate data disk space to nodes so that you can configure the data disk space accordingly.
                                                                                                                                
+
                                                                                                                                Allocating Data Disk Space
                                                                                                                                When creating a node, configure data disks for the node. You can also click Expand and customize the data disk space allocation for the node.
                                                                                                                                
+
                                                                                                                                • Allocate Disk Space:
                                                                                                                                  CCE divides the data disk space for two parts by default. One part is used to store the Docker/containerd working directories, container images, and image metadata. The other is reserved for kubelet and emptyDir volumes. The available container engine space affects image pulls and container startup and running.
                                                                                                                                  
+
                                                                                                                                  • Container engine and container image space (90% by default): stores the container runtime working directories, container image data, and image metadata.
                                                                                                                                  • kubelet and emptyDir space (10% by default): stores pod configuration files, secrets, and mounted storage such as emptyDir volumes.
                                                                                                                                  
+
                                                                                                                                • Allocate Pod Basesize: indicates the basesize of a pod. You can set an upper limit for the disk space occupied by each workload pod (including the space occupied by container images). This setting prevents the pods from taking all the disk space available, which may cause service exceptions. It is recommended that the value is smaller than or equal to 80% of the container engine space. This parameter is related to the node OS and container storage rootfs and is not supported in some scenarios.
                                                                                                                                
+
                                                                                                                                
+
                                                                                                                                Allocating Disk Space
                                                                                                                                For a node using a non-shared data disk (100 GB for example), the division of the disk space varies depending on the container storage Rootfs type Device Mapper or OverlayFS. For details about the container storage Rootfs corresponding to different OSs, see Mapping Between OS and Container Storage Rootfs.
                                                                                                                                
+
                                                                                                                                • Rootfs (Device Mapper)
                                                                                                                                  By default, the container engine and image space, occupying 90% of the data disk, can be divided into the following two parts:
                                                                                                                                  • The /var/lib/docker directory is used as the Docker working directory and occupies 20% of the container engine and container image space by default. (Space size of the /var/lib/docker directory = Data disk space x 90% x 20%)
                                                                                                                                  • The thin pool is used to store container image data, image metadata, and container data, and occupies 80% of the container engine and container image space by default. (Thin pool space = Data disk space x 90% x 80%)
                                                                                                                                    The thin pool is dynamically mounted. You can view it by running the lsblk command on a node, but not the df -h command.
                                                                                                                                    
 
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  
+
                                                                                                                                  Figure 1 Space allocation for container engines of Device Mapper
                                                                                                                                  
 
                                                                                                                                
 
                                                                                                                                • Rootfs (OverlayFS)
                                                                                                                                  No separate thin pool. The entire container engine and container image space (90% of the data disk by default) are in the /var/lib/docker directory.
                                                                                                                                  
-
                                                                                                                                  
+
                                                                                                                                  Figure 2 Space allocation for container engines of OverlayFS
                                                                                                                                  
 
                                                                                                                                
-
                                                                                                                                Using rootfs for container storage in CCE
                                                                                                                                • CCE cluster: EulerOS 2.5 nodes use Device Mapper and EulerOS 2.9 nodes use OverlayFS. CentOS 7.x nodes in clusters earlier than v1.19.16 use Device Mapper, and use OverlayFS in clusters of v1.19.16 and later. 
                                                                                                                                • CCE Turbo cluster: BMSs use Device Mapper. ECSs use OverlayFS.
                                                                                                                                
 
                                                                                                                                
-
                                                                                                                                
-
                                                                                                                                Allocating Basesize for Pods
                                                                                                                                The capability of customizing pod basesize is related to the node OS and container storage rootfs. You can log in to the node and run the docker info command to view the container storage rootfs.
                                                                                                                                
-
                                                                                                                                • Device Mapper supports custom pod basesize. The default value is 10 GB.
                                                                                                                                • When OverlayFS is used, basesize is not limited by default. In clusters of latest versions (1.19.16, 1.21.3, 1.23.3, and later), EulerOS 2.9 supports basesize if the Docker engine is used. Other OSs do not support basesize.
                                                                                                                                   
                                                                                                                                  In the case of using Docker on EulerOS 2.9 nodes, basesize will not take effect if CAP_SYS_RESOURCE or privileged is configured for a container.
                                                                                                                                  
+
                                                                                                                                  Allocating Basesize for Pods
                                                                                                                                  The customized pod container space (basesize) is related to the node OS and container storage Rootfs. For details about the container storage Rootfs, see Mapping Between OS and Container Storage Rootfs.
                                                                                                                                  
+
                                                                                                                                  • Device Mapper supports custom pod basesize. The default value is 10 GB.
                                                                                                                                  • In OverlayFS mode, the pod container space is not limited by default.
                                                                                                                                     
                                                                                                                                    In the case of using Docker on EulerOS 2.9 nodes, basesize will not take effect if CAP_SYS_RESOURCE or privileged is configured for a container.
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                  
-
                                                                                                                                  When configuring basesize, consider the maximum number of pods on a node. The container engine space should be greater than the total disk space used by containers. Formula: the container engine space and container image space (90% by default) > Number of containers x basesize. Otherwise, the container engine space allocated to the node may be insufficient and the container cannot be started.
                                                                                                                                  
-
                                                                                                                                  
+
                                                                                                                                  When configuring basesize, consider the maximum number of pods on a node. The container engine space should be greater than the total disk space used by containers. Formula: the container engine space and container image space (90% by default) > Number of containers x basesize. Otherwise, the container engine space allocated to the node may be insufficient and the container cannot be started.
                                                                                                                                  
 
                                                                                                                                  For nodes that support basesize, when Device Mapper is used, although you can limit the size of the /home directory of a single container (to 10 GB by default), all containers on the node still share the thin pool of the node for storage. They are not completely isolated. When the sum of the thin pool space used by certain containers reaches the upper limit, other containers cannot run properly.
                                                                                                                                  
 
                                                                                                                                  In addition, after a file is deleted in the /home directory of the container, the thin pool space occupied by the file is not released immediately. Therefore, even if basesize is set to 10 GB, the thin pool space occupied by files keeps increasing until 10 GB when files are created in the container. The space released after file deletion will be reused but after a while. If the number of containers on the node multiplied by basesize is greater than the thin pool space size of the node, there is a possibility that the thin pool space has been used up.
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Garbage Collection Policies for Container Images
                                                                                                                                  When the container engine space is insufficient, image garbage collection is triggered.
                                                                                                                                  
+
                                                                                                                                  Mapping Between OS and Container Storage Rootfs
                                                                                                                                  
+
                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                  Table 1 Node OSs and container engines in CCE clusters
                                                                                                                                  OS
                                                                                                                                  
+
                                                                                                                                  Container Storage Rootfs
                                                                                                                                  
+
                                                                                                                                  Customized Basesize
                                                                                                                                  
+
                                                                                                                                  EulerOS 2.5
                                                                                                                                  
+
                                                                                                                                  Device Mapper
                                                                                                                                  
+
                                                                                                                                  Supported only when the container engine is Docker. The default value is 10 GB.
                                                                                                                                  
+
                                                                                                                                  EulerOS 2.9
                                                                                                                                  
+
                                                                                                                                  OverlayFS
                                                                                                                                  
+
                                                                                                                                  Supported only by clusters of v1.19.16, v1.21.3, v1.23.3, and later. The container basesize is not limited by default.
                                                                                                                                  
+
                                                                                                                                  Not supported when th cluster versions are earlier than v1.19.16, v1.21.3, and v1.23.3.
                                                                                                                                  
+
                                                                                                                                  Ubuntu 22.04
                                                                                                                                  
+
                                                                                                                                  OverlayFS
                                                                                                                                  
+
                                                                                                                                  Not supported.
                                                                                                                                  
+
                                                                                                                                  
+
                                                                                                                                  
+
+
                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                  Table 2 Node OSs and container engines in CCE Turbo clusters
                                                                                                                                  OS
                                                                                                                                  
+
                                                                                                                                  Container Storage Rootfs
                                                                                                                                  
+
                                                                                                                                  Customized Basesize
                                                                                                                                  
+
                                                                                                                                  Ubuntu 22.04
                                                                                                                                  
+
                                                                                                                                  OverlayFS
                                                                                                                                  
+
                                                                                                                                  Not supported.
                                                                                                                                  
+
                                                                                                                                  EulerOS 2.9
                                                                                                                                  
+
                                                                                                                                  ECS VMs use OverlayFS.
                                                                                                                                  
+
                                                                                                                                  ECS PMs use Device Mapper.
                                                                                                                                  
+
                                                                                                                                  Supported only when Rootfs is set to OverlayFS and the container engine is Docker. The container basesize is not limited by default.
                                                                                                                                  
+
                                                                                                                                  Supported when Rootfs is set to Device Mapper and the container engine is Docker. The default value is 10 GB.
                                                                                                                                  
+
                                                                                                                                  
+
                                                                                                                                  
+
                                                                                                                                  
+
                                                                                                                                  Garbage Collection Policies for Container Images
                                                                                                                                  When the container engine space is insufficient, image garbage collection is triggered.
                                                                                                                                  
 
                                                                                                                                  The policy for garbage collecting images takes two factors into consideration: HighThresholdPercent and LowThresholdPercent. Disk usage above the high threshold (default: 85%) will trigger garbage collection. The garbage collection will delete least recently used images until the low threshold (default: 80%) has been met.
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Recommended Configuration for the Container Engine Space
                                                                                                                                  • The container engine space should be greater than the total disk space used by containers. Formula: Container engine space > Number of containers x basesize
                                                                                                                                  • You are advised to create and delete files of containerized services in local storage volumes (such as emptyDir and hostPath volumes) or cloud storage directories mounted to the containers. In this way, the thin pool space is not occupied. emptyDir volumes occupy the kubelet space. Therefore, properly plan the size of the kubelet space.
                                                                                                                                  • If OverlayFS is used by in CCE clusters, you can deploy services on these nodes so that the disk space occupied by files created or deleted in containers can be released immediately.
                                                                                                                                  
+
                                                                                                                                  Recommended Configuration for the Container Engine Space
                                                                                                                                  • The container engine space should be greater than the total disk space used by containers. Formula: Container engine space > Number of containers x basesize
                                                                                                                                  • You are advised to create and delete files of containerized services in local storage volumes (such as emptyDir and hostPath volumes) or cloud storage directories mounted to the containers. In this way, the thin pool space is not occupied. emptyDir volumes occupy the kubelet space. Therefore, properly plan the size of the kubelet space.
                                                                                                                                  • You can deploy services on nodes that use the OverlayFS (for details, see Mapping Between OS and Container Storage Rootfs) so that the disk space occupied by files created or deleted in containers can be released immediately.
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Parent topic: Node Overview
                                                                                                                                  
+
                                                                                                                                  Parent topic: Node O&M
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  
 
diff --git a/docs/cce/umn/cce_10_0342.html b/docs/cce/umn/cce_10_0342.html
index 710fc1787..c9d2aaf0e 100644
--- a/docs/cce/umn/cce_10_0342.html
+++ b/docs/cce/umn/cce_10_0342.html
@@ -1,15 +1,15 @@
 
 
 
                                                                                                                                  CCE Turbo Clusters and CCE Clusters
                                                                                                                                  
-
                                                                                                                                  Comparison Between CCE Turbo Clusters and CCE Clusters
                                                                                                                                  The following table lists the differences between CCE Turbo clusters and CCE clusters:
                                                                                                                                  
+
                                                                                                                                  Comparison Between CCE Turbo Clusters and CCE Clusters
                                                                                                                                  The following table lists the differences between CCE Turbo clusters and CCE clusters.
                                                                                                                                  
 
-
                                                                                                                                  Table 1 Cluster types
                                                                                                                                  Dimension
                                                                                                                                  
+
                                                                                                                                  
-
-
-
@@ -17,32 +17,32 @@
 
-
-
-
-
-
-
-
-
@@ -51,29 +51,26 @@
 
-
-
-
                                                                                                                                  Table 1 Cluster types
                                                                                                                                  Category
                                                                                                                                  
 
                                                                                                                                  Sub-dimension
                                                                                                                                  
+
                                                                                                                                  Subcategory
                                                                                                                                  
 
                                                                                                                                  CCE Turbo cluster
                                                                                                                                  
+
                                                                                                                                  CCE Turbo Cluster
                                                                                                                                  
 
                                                                                                                                  CCE cluster
                                                                                                                                  
+
                                                                                                                                  CCE Cluster
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  
                                                                                                                                   
 
                                                                                                                                  Positioning
                                                                                                                                  
 
                                                                                                                                  Next-gen container cluster, with accelerated computing, networking, and scheduling. Designed for Cloud Native 2.0
                                                                                                                                  
+
                                                                                                                                  Next-gen container cluster designed for Cloud Native 2.0, with accelerated computing, networking, and scheduling
                                                                                                                                  
 
                                                                                                                                  Standard cluster for common commercial use
                                                                                                                                  
+
                                                                                                                                  Standard cluster for common commercial use
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  
 
                                                                                                                                  Node type
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  Deployment of VMs
                                                                                                                                  
 
                                                                                                                                  Hybrid deployment of VMs and bare metal servers
                                                                                                                                  
+
                                                                                                                                  Hybrid deployment of VMs and bare-metal servers
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  Network
                                                                                                                                  
+
                                                                                                                                  Networking
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  Model
                                                                                                                                  
 
                                                                                                                                  Cloud Native Network 2.0: applies to large-scale and high-performance scenarios.
                                                                                                                                  
+
                                                                                                                                  Cloud Native Network 2.0: applies to large-scale and high-performance scenarios.
                                                                                                                                  
 
                                                                                                                                  Max networking scale: 2,000 nodes
                                                                                                                                  
 
                                                                                                                                  Cloud-native network 1.0: applies to common, smaller-scale scenarios.
                                                                                                                                  
-
                                                                                                                                  • Container tunnel network model
                                                                                                                                  • VPC network model
                                                                                                                                  
+
                                                                                                                                  Cloud Native Network 1.0: applies to common, smaller-scale scenarios.
                                                                                                                                  
+
                                                                                                                                  • Tunnel network model
                                                                                                                                  • VPC network model
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  Network performance
                                                                                                                                  
+
                                                                                                                                  Performance
                                                                                                                                  
 
                                                                                                                                  Flattens the VPC network and container network into one. No performance loss.
                                                                                                                                  
+
                                                                                                                                  Flattens the VPC network and container network into one, achieving zero performance loss.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  Overlays the VPC network with the container network, causing certain performance loss.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  Associates pods with security groups. Unifies security isolation in and out the cluster via security groups' network policies.
                                                                                                                                  
 
                                                                                                                                  • Container tunnel network model: supports network policies for intra-cluster communications.
                                                                                                                                  • VPC network model: supports no isolation.
                                                                                                                                  
+
                                                                                                                                  • Tunnel network model: supports network policies for intra-cluster communications.
                                                                                                                                  • VPC network model: supports no isolation.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  
 
                                                                                                                                  Security
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  Isolation
                                                                                                                                  
 
                                                                                                                                  • VM: runs common containers, isolated by cgroups.
                                                                                                                                  
+
                                                                                                                                  • VM: runs common containers, isolated by cgroups.
                                                                                                                                  
 
                                                                                                                                  Common containers are deployed and isolated by cgroups.
                                                                                                                                  
+
                                                                                                                                  Runs common containers, isolated by cgroups.
                                                                                                                                  
                                                                                                                                   		
 
                                                                                                                                  
                                                                                                                                   
 
                                                                                                                                  
 
                                                                                                                                  
 
-
                                                                                                                                  QingTian Architecture
                                                                                                                                  
-
                                                                                                                                  The QingTian architecture consists of data plane (software-hardware synergy) and management plane (Alkaid Smart Cloud Brain). The data plane innovates in five dimensions: simplified data center, diversified computing power, QingTian cards, ultra-fast engines, and simplified virtualization, to fully offload and accelerate compute, storage, networking, and security components. VMs, bare metal servers, and containers can run together. As a distributed operating system, the Alkaid Smart Cloud Brain focuses on the cloud, AI, and 5G, and provide all-domain scheduling to achieve cloud-edge-device collaboration and governance.
                                                                                                                                  
-
                                                                                                                                  
 
 
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Parent topic: Cluster Overview
                                                                                                                                  
+
                                                                                                                                  Parent topic: Creating a Cluster
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  
 
diff --git a/docs/cce/umn/cce_10_0343.html b/docs/cce/umn/cce_10_0343.html
deleted file mode 100644
index 583409be6..000000000
--- a/docs/cce/umn/cce_10_0343.html
+++ /dev/null
@@ -1,645 +0,0 @@
-
-
-
                                                                                                                                  How Do I Change the Storage Class Used by a Cluster of v1.15 from FlexVolume to CSI Everest?
                                                                                                                                  
-
                                                                                                                                  In clusters later than v1.15.11-r1, CSI (the everest add-on) has taken over all functions of fuxi FlexVolume (the storage-driver add-on) for managing container storage. You are advised to use CSI Everest.
                                                                                                                                  
-
                                                                                                                                  To migrate your storage volumes, create a static PV to associate with the original underlying storage, and then create a PVC to associate with this static PV. When you upgrade your application, mount the new PVC to the original mounting path to migrate the storage volumes.
                                                                                                                                  
-
                                                                                                                                   
                                                                                                                                  Services will be interrupted during the migration. Therefore, properly plan the migration and back up data.
                                                                                                                                  
-
                                                                                                                                  
-
                                                                                                                                  Procedure
                                                                                                                                  1. (Optional) Back up data to prevent data loss in case of exceptions.
                                                                                                                                  2. Configure a YAML file of the PV in the CSI format according to the PV in the FlexVolume format and associate the PV with the existing storage.
                                                                                                                                    To be specific, run the following commands to configure the pv-example.yaml file, which is used to create a PV. 
                                                                                                                                    
-
                                                                                                                                    touch pv-example.yaml
                                                                                                                                    
-
                                                                                                                                    vi pv-example.yaml
                                                                                                                                    
-
                                                                                                                                    Configuration example of a PV for an EVS volume:
                                                                                                                                    apiVersion: v1
-kind: PersistentVolume
-metadata:
-  labels:
-    failure-domain.beta.kubernetes.io/region: eu-de
-    failure-domain.beta.kubernetes.io/zone: <zone name>
-  annotations:
-    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-  name: pv-evs-example
-spec:
-  accessModes:
-  - ReadWriteOnce
-  capacity:
-    storage: 10Gi
-  csi:
-    driver: disk.csi.everest.io
-    fsType: ext4
-    volumeAttributes:
-      everest.io/disk-mode: SCSI
-      everest.io/disk-volume-type: SAS
-      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-    volumeHandle: 0992dbda-6340-470e-a74e-4f0db288ed82
-  persistentVolumeReclaimPolicy: Delete
-  storageClassName: csi-disk
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    Pay attention to the fields in bold and red. The parameters are described as follows:
                                                                                                                                    
-
-
                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                    Table 1 EVS volume configuration parameters
                                                                                                                                    Parameter
                                                                                                                                    
-
                                                                                                                                    Description
                                                                                                                                    
-
                                                                                                                                    failure-domain.beta.kubernetes.io/region
                                                                                                                                    
-
                                                                                                                                    Region where the EVS disk is located. Use the same value as that of the FlexVolume PV.
                                                                                                                                    
-
                                                                                                                                    failure-domain.beta.kubernetes.io/zone
                                                                                                                                    
-
                                                                                                                                    AZ where the EVS disk is located. Use the same value as that of the FlexVolume PV.
                                                                                                                                    
-
                                                                                                                                    name
                                                                                                                                    
-
                                                                                                                                    Name of the PV, which must be unique in the cluster.
                                                                                                                                    
-
                                                                                                                                    storage
                                                                                                                                    
-
                                                                                                                                    EVS volume capacity in the unit of Gi. Use the value of spec.capacity.storage of the FlexVolume PV.
                                                                                                                                    
-
                                                                                                                                    driver
                                                                                                                                    
-
                                                                                                                                    Storage driver used to attach the volume. Set the driver to disk.csi.everest.io for the EVS volume.
                                                                                                                                    
-
                                                                                                                                    volumeHandle
                                                                                                                                    
-
                                                                                                                                    Volume ID of the EVS disk. Use the value of spec.flexVolume.options.volumeID of the FlexVolume PV.
                                                                                                                                    
-
                                                                                                                                    everest.io/disk-mode
                                                                                                                                    
-
                                                                                                                                    EVS disk mode. Use the value of spec.flexVolume.options.disk-mode of the FlexVolume PV.
                                                                                                                                    
-
                                                                                                                                    everest.io/disk-volume-type
                                                                                                                                    
-
                                                                                                                                    EVS disk type. Use the value of kubernetes.io/volumetype in the storage class corresponding to spec.storageClassName of the FlexVolume PV.
                                                                                                                                    
-
                                                                                                                                    storageClassName
                                                                                                                                    
-
                                                                                                                                    Name of the Kubernetes storage class associated with the storage volume. Set this field to csi-disk for EVS disks.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    Configuration example of a PV for an SFS volume:
                                                                                                                                    
-
                                                                                                                                    apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: pv-sfs-example
-  annotations:
-    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-spec:
-  accessModes:
-  - ReadWriteMany
-  capacity:
-    storage: 10Gi
-  csi:
-    driver: nas.csi.everest.io
-    fsType: nfs
-    volumeAttributes:
-      everest.io/share-export-location:  # Shared path of the file storage
-      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-    volumeHandle: 682f00bb-ace0-41d8-9b3e-913c9aa6b695
-  persistentVolumeReclaimPolicy: Delete
-  storageClassName: csi-nas
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    Pay attention to the fields in bold and red. The parameters are described as follows:
                                                                                                                                    
-
-
                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                    Table 2 SFS volume configuration parameters
                                                                                                                                    Parameter
                                                                                                                                    
-
                                                                                                                                    Description
                                                                                                                                    
-
                                                                                                                                    name
                                                                                                                                    
-
                                                                                                                                    Name of the PV, which must be unique in the cluster.
                                                                                                                                    
-
                                                                                                                                    storage
                                                                                                                                    
-
                                                                                                                                    File storage size in the unit of Gi. Use the value of spec.capacity.storage of the FlexVolume PV.
                                                                                                                                    
-
                                                                                                                                    driver
                                                                                                                                    
-
                                                                                                                                    Storage driver used to attach the volume. Set the driver to nas.csi.everest.io for the file system.
                                                                                                                                    
-
                                                                                                                                    everest.io/share-export-location
                                                                                                                                    
-
                                                                                                                                    Shared path of the file system. Use the value of spec.flexVolume.options.deviceMountPath of the FlexVolume PV.
                                                                                                                                    
-
                                                                                                                                    volumeHandle
                                                                                                                                    
-
                                                                                                                                    File system ID. Use the value of spec.flexVolume.options.volumeID of the FlexVolume PV.
                                                                                                                                    
-
                                                                                                                                    storageClassName
                                                                                                                                    
-
                                                                                                                                    Name of the Kubernetes storage class. Set this field to csi-nas.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    Configuration example of a PV for an OBS volume:
                                                                                                                                    
-
                                                                                                                                    apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: pv-obs-example
-  annotations:
-    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-spec:
-  accessModes:
-  - ReadWriteMany
-  capacity:
-    storage: 1Gi
-  csi:
-    driver: obs.csi.everest.io
-    fsType: s3fs
-    volumeAttributes:
-      everest.io/obs-volume-type: STANDARD
-      everest.io/region: eu-de
-      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-    volumeHandle: obs-normal-static-pv
-  persistentVolumeReclaimPolicy: Delete
-  storageClassName: csi-obs
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    Pay attention to the fields in bold and red. The parameters are described as follows:
                                                                                                                                    
-
-
                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                    Table 3 OBS volume configuration parameters
                                                                                                                                    Parameter
                                                                                                                                    
-
                                                                                                                                    Description
                                                                                                                                    
-
                                                                                                                                    name
                                                                                                                                    
-
                                                                                                                                    Name of the PV, which must be unique in the cluster.
                                                                                                                                    
-
                                                                                                                                    storage
                                                                                                                                    
-
                                                                                                                                    Storage capacity, in the unit of Gi. Set this parameter to the fixed value 1Gi.
                                                                                                                                    
-
                                                                                                                                    driver
                                                                                                                                    
-
                                                                                                                                    Storage driver used to attach the volume. Set the driver to obs.csi.everest.io for the OBS volume.
                                                                                                                                    
-
                                                                                                                                    fsType
                                                                                                                                    
-
                                                                                                                                    File type. Value options are obsfs or s3fs. If the value is s3fs, an OBS bucket is created and mounted using s3fs. If the value is obsfs, an OBS parallel file system is created and mounted using obsfs. Set this parameter according to the value of spec.flexVolume.options.posix of the FlexVolume PV. If the value of spec.flexVolume.options.posix is true, set this parameter to obsfs. If the value is false, set this parameter to s3fs.
                                                                                                                                    
-
                                                                                                                                    everest.io/obs-volume-type
                                                                                                                                    
-
                                                                                                                                    Storage class, including STANDARD (standard bucket) and WARM (infrequent access bucket). Set this parameter according to the value of spec.flexVolume.options.storage_class of the FlexVolume PV. If the value of spec.flexVolume.options.storage_class is standard, set this parameter to STANDARD. If the value is standard_ia, set this parameter to WARM.
                                                                                                                                    
-
                                                                                                                                    everest.io/region
                                                                                                                                    
-
                                                                                                                                    Region where the OBS bucket is located. Use the value of spec.flexVolume.options.region of the FlexVolume PV.
                                                                                                                                    
-
                                                                                                                                    volumeHandle
                                                                                                                                    
-
                                                                                                                                    OBS bucket name. Use the value of spec.flexVolume.options.volumeID of the FlexVolume PV.
                                                                                                                                    
-
                                                                                                                                    storageClassName
                                                                                                                                    
-
                                                                                                                                    Name of the Kubernetes storage class. Set this field to csi-obs.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    Configuration example of a PV for an SFS Turbo volume:
                                                                                                                                    
-
                                                                                                                                    apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: pv-efs-example
-  annotations:
-    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-spec:
-  accessModes:
-  - ReadWriteMany
-  capacity:
-    storage: 10Gi
-  csi:
-    driver: sfsturbo.csi.everest.io
-    fsType: nfs
-    volumeAttributes:
-      everest.io/share-export-location: 192.168.0.169:/
-      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-    volumeHandle: 8962a2a2-a583-4b7f-bb74-fe76712d8414
-  persistentVolumeReclaimPolicy: Delete
-  storageClassName: csi-sfsturbo
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    Pay attention to the fields in bold and red. The parameters are described as follows:
                                                                                                                                    
-
-
                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                    Table 4 SFS Turbo volume configuration parameters
                                                                                                                                    Parameter
                                                                                                                                    
-
                                                                                                                                    Description
                                                                                                                                    
-
                                                                                                                                    name
                                                                                                                                    
-
                                                                                                                                    Name of the PV, which must be unique in the cluster.
                                                                                                                                    
-
                                                                                                                                    storage
                                                                                                                                    
-
                                                                                                                                    File system size. Use the value of spec.capacity.storage of the FlexVolume PV.
                                                                                                                                    
-
                                                                                                                                    driver
                                                                                                                                    
-
                                                                                                                                    Storage driver used to attach the volume. Set it to sfsturbo.csi.everest.io.
                                                                                                                                    
-
                                                                                                                                    everest.io/share-export-location
                                                                                                                                    
-
                                                                                                                                    Shared path of the SFS Turbo volume. Use the value of spec.flexVolume.options.deviceMountPath of the FlexVolume PV.
                                                                                                                                    
-
                                                                                                                                    volumeHandle
                                                                                                                                    
-
                                                                                                                                    SFS Turbo volume ID. Use the value of spec.flexVolume.options.volumeID of the FlexVolume PV.
                                                                                                                                    
-
                                                                                                                                    storageClassName
                                                                                                                                    
-
                                                                                                                                    Name of the Kubernetes storage class. Set this field to csi-sfsturbo for SFS Turbo volumes.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                  3. Configure a YAML file of the PVC in the CSI format according to the PVC in the FlexVolume format and associate the PVC with the PV created in 2.
                                                                                                                                    To be specific, run the following commands to configure the pvc-example.yaml file, which is used to create a PVC. 
                                                                                                                                    
-
                                                                                                                                    touch pvc-example.yaml
                                                                                                                                    
-
                                                                                                                                    vi pvc-example.yaml
                                                                                                                                    
-
                                                                                                                                    Configuration example of a PVC for an EVS volume:
                                                                                                                                    
-
                                                                                                                                    apiVersion: v1  
-kind: PersistentVolumeClaim
-metadata:
-  labels:
-    failure-domain.beta.kubernetes.io/region: eu-de
-    failure-domain.beta.kubernetes.io/zone: <zone name>
-  annotations:
-    everest.io/disk-volume-type: SAS
-    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
-  name: pvc-evs-example
-  namespace: default
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 10Gi
-  volumeName:  pv-evs-example
-  storageClassName: csi-disk
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    Pay attention to the fields in bold and red. The parameters are described as follows:
                                                                                                                                    
-
-
                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                    Table 5 PVC configuration parameters for an EVS volume
                                                                                                                                    Parameter
                                                                                                                                    
-
                                                                                                                                    Description
                                                                                                                                    
-
                                                                                                                                    failure-domain.beta.kubernetes.io/region
                                                                                                                                    
-
                                                                                                                                    Region where the cluster is located. Use the same value as that of the FlexVolume PVC.
                                                                                                                                    
-
                                                                                                                                    failure-domain.beta.kubernetes.io/zone
                                                                                                                                    
-
                                                                                                                                    AZ where the EVS disk is deployed. Use the same value as that of the FlexVolume PVC.
                                                                                                                                    
-
                                                                                                                                    everest.io/disk-volume-type
                                                                                                                                    
-
                                                                                                                                    Storage class of the EVS disk. The value can be SAS or SSD. Set this parameter to the same value as that of the PV created in 2.
                                                                                                                                    
-
                                                                                                                                    name
                                                                                                                                    
-
                                                                                                                                    PVC name, which must be unique in the namespace. The value must be unique in the namespace. (If the PVC is dynamically created by a stateful application, the value of this parameter must be the same as the name of the FlexVolume PVC.)
                                                                                                                                    
-
                                                                                                                                    namespace
                                                                                                                                    
-
                                                                                                                                    Namespace to which the PVC belongs. Use the same value as that of the FlexVolume PVC.
                                                                                                                                    
-
                                                                                                                                    storage
                                                                                                                                    
-
                                                                                                                                    Requested capacity of the PVC, which must be the same as the storage size of the existing PV.
                                                                                                                                    
-
                                                                                                                                    volumeName
                                                                                                                                    
-
                                                                                                                                    Name of the PV. Set this parameter to the name of the static PV in 2.
                                                                                                                                    
-
                                                                                                                                    storageClassName
                                                                                                                                    
-
                                                                                                                                    Name of the Kubernetes storage class. Set this field to csi-disk for EVS disks.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    Configuration example of a PVC for an SFS volume:
                                                                                                                                    
-
                                                                                                                                    apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  annotations:
-    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
-  name: pvc-sfs-example
-  namespace: default
-spec:
-  accessModes:
-  - ReadWriteMany
-  resources:
-    requests:
-      storage: 10Gi
-  storageClassName: csi-nas
-  volumeName: pv-sfs-example
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    Pay attention to the fields in bold and red. The parameters are described as follows:
                                                                                                                                    
-
-
                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                    Table 6 PVC configuration parameters for an SFS volume
                                                                                                                                    Parameter
                                                                                                                                    
-
                                                                                                                                    Description
                                                                                                                                    
-
                                                                                                                                    name
                                                                                                                                    
-
                                                                                                                                    PVC name, which must be unique in the namespace. The value must be unique in the namespace. (If the PVC is dynamically created by a stateful application, the value of this parameter must be the same as the name of the FlexVolume PVC.)
                                                                                                                                    
-
                                                                                                                                    namespace
                                                                                                                                    
-
                                                                                                                                    Namespace to which the PVC belongs. Use the same value as that of the FlexVolume PVC.
                                                                                                                                    
-
                                                                                                                                    storage
                                                                                                                                    
-
                                                                                                                                    Storage capacity, in the unit of Gi. The value must be the same as the storage size of the existing PV.
                                                                                                                                    
-
                                                                                                                                    storageClassName
                                                                                                                                    
-
                                                                                                                                    Set this field to csi-nas.
                                                                                                                                    
-
                                                                                                                                    volumeName
                                                                                                                                    
-
                                                                                                                                    Name of the PV. Set this parameter to the name of the static PV in 2.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    Configuration example of a PVC for an OBS volume:
                                                                                                                                    
-
                                                                                                                                    apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  annotations:
-    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
-    everest.io/obs-volume-type: STANDARD
-    csi.storage.k8s.io/fstype: s3fs
-  name: pvc-obs-example
-  namespace: default
-spec:
-  accessModes:
-  - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: csi-obs
-  volumeName: pv-obs-example
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    Pay attention to the fields in bold and red. The parameters are described as follows:
                                                                                                                                    
-
-
                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                    Table 7 PVC configuration parameters for an OBS volume
                                                                                                                                    Parameter
                                                                                                                                    
-
                                                                                                                                    Description
                                                                                                                                    
-
                                                                                                                                    everest.io/obs-volume-type
                                                                                                                                    
-
                                                                                                                                    OBS volume type, which can be STANDARD (standard bucket) and WARM (infrequent access bucket). Set this parameter to the same value as that of the PV created in 2.
                                                                                                                                    
-
                                                                                                                                    csi.storage.k8s.io/fstype
                                                                                                                                    
-
                                                                                                                                    File type, which can be obsfs or s3fs. The value must be the same as that of fsType of the static OBS volume PV.
                                                                                                                                    
-
                                                                                                                                    name
                                                                                                                                    
-
                                                                                                                                    PVC name, which must be unique in the namespace. The value must be unique in the namespace. (If the PVC is dynamically created by a stateful application, the value of this parameter must be the same as the name of the FlexVolume PVC.)
                                                                                                                                    
-
                                                                                                                                    namespace
                                                                                                                                    
-
                                                                                                                                    Namespace to which the PVC belongs. Use the same value as that of the FlexVolume PVC.
                                                                                                                                    
-
                                                                                                                                    storage
                                                                                                                                    
-
                                                                                                                                    Storage capacity, in the unit of Gi. Set this parameter to the fixed value 1Gi.
                                                                                                                                    
-
                                                                                                                                    storageClassName
                                                                                                                                    
-
                                                                                                                                    Name of the Kubernetes storage class. Set this field to csi-obs.
                                                                                                                                    
-
                                                                                                                                    volumeName
                                                                                                                                    
-
                                                                                                                                    Name of the PV. Set this parameter to the name of the static PV created in 2.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    Configuration example of a PVC for an SFS Turbo volume:
                                                                                                                                    
-
                                                                                                                                    apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  annotations:
-    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
-  name: pvc-efs-example
-  namespace: default
-spec:
-  accessModes:
-  - ReadWriteMany
-  resources:
-    requests:
-      storage: 10Gi
-  storageClassName: csi-sfsturbo
-  volumeName: pv-efs-example
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    Pay attention to the fields in bold and red. The parameters are described as follows:
                                                                                                                                    
-
-
                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                    Table 8 PVC configuration parameters for an SFS Turbo volume
                                                                                                                                    Parameter
                                                                                                                                    
-
                                                                                                                                    Description
                                                                                                                                    
-
                                                                                                                                    name
                                                                                                                                    
-
                                                                                                                                    PVC name, which must be unique in the namespace. The value must be unique in the namespace. (If the PVC is dynamically created by a stateful application, the value of this parameter must be the same as the name of the FlexVolume PVC.)
                                                                                                                                    
-
                                                                                                                                    namespace
                                                                                                                                    
-
                                                                                                                                    Namespace to which the PVC belongs. Use the same value as that of the FlexVolume PVC.
                                                                                                                                    
-
                                                                                                                                    storageClassName
                                                                                                                                    
-
                                                                                                                                    Name of the Kubernetes storage class. Set this field to csi-sfsturbo.
                                                                                                                                    
-
                                                                                                                                    storage
                                                                                                                                    
-
                                                                                                                                    Storage capacity, in the unit of Gi. The value must be the same as the storage size of the existing PV.
                                                                                                                                    
-
                                                                                                                                    volumeName
                                                                                                                                    
-
                                                                                                                                    Name of the PV. Set this parameter to the name of the static PV created in 2.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                  4. Upgrade the workload to use a new PVC.
                                                                                                                                    For Deployments
                                                                                                                                    1. Run the kubectl create -f commands to create a PV and PVC.
                                                                                                                                      kubectl create -f pv-example.yaml
                                                                                                                                      
-
                                                                                                                                      kubectl create -f pvc-example.yaml
                                                                                                                                      
-
                                                                                                                                       
                                                                                                                                      Replace the example file name pvc-example.yaml in the preceding commands with the names of the YAML files configured in 2 and 3.
                                                                                                                                      
-
                                                                                                                                      
-
                                                                                                                                    2. Go to the CCE console. On the workload upgrade page, click Upgrade > Advanced Settings > Data Storage > Cloud Storage.
                                                                                                                                      
-
                                                                                                                                    3. Uninstall the old storage and add the PVC in the CSI format. Retain the original mounting path in the container.
                                                                                                                                    4. Click Submit.
                                                                                                                                    5. Wait until the pods are running.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    For StatefulSets that use existing storage
                                                                                                                                    
-
                                                                                                                                    1. Run the kubectl create -f commands to create a PV and PVC.
                                                                                                                                      kubectl create -f pv-example.yaml
                                                                                                                                      
-
                                                                                                                                      kubectl create -f pvc-example.yaml
                                                                                                                                      
-
                                                                                                                                       
                                                                                                                                      Replace the example file name pvc-example.yaml in the preceding commands with the names of the YAML files configured in 2 and 3.
                                                                                                                                      
-
                                                                                                                                      
-
                                                                                                                                    2. Run the kubectl edit command to edit the StatefulSet and use the newly created PVC.
                                                                                                                                      kubectl edit sts sts-example -n xxx
                                                                                                                                      
-
                                                                                                                                      
-
                                                                                                                                       
                                                                                                                                      Replace sts-example in the preceding command with the actual name of the StatefulSet to upgrade. xxx indicates the namespace to which the StatefulSet belongs.
                                                                                                                                      
-
                                                                                                                                      
-
                                                                                                                                    3. Wait until the pods are running.
                                                                                                                                    
-
                                                                                                                                     
                                                                                                                                    The current console does not support the operation of adding new cloud storage for StatefulSets. Use the kubectl commands to replace the storage with the newly created PVC.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    For StatefulSets that use dynamically allocated storage
                                                                                                                                    
-
                                                                                                                                    1. Back up the PV and PVC in the flexVolume format used by the StatefulSet.
                                                                                                                                      kubectl get pvc xxx -n {namespaces} -oyaml > pvc-backup.yaml
                                                                                                                                      
-
                                                                                                                                      kubectl get pv xxx -n {namespaces} -oyaml > pv-backup.yaml
                                                                                                                                      
-
                                                                                                                                    2. Change the number of pods to 0.
                                                                                                                                    3. On the storage page, disassociate the flexVolume PVC used by the StatefulSet.
                                                                                                                                    4. Run the kubectl create -f commands to create a PV and PVC.
                                                                                                                                      kubectl create -f pv-example.yaml
                                                                                                                                      
-
                                                                                                                                      kubectl create -f pvc-example.yaml
                                                                                                                                      
-
                                                                                                                                       
                                                                                                                                      Replace the example file name pvc-example.yaml in the preceding commands with the names of the YAML files configured in 2 and 3.
                                                                                                                                      
-
                                                                                                                                      
-
                                                                                                                                    5. Change the number of pods back to the original value and wait until the pods are running.
                                                                                                                                    
-
                                                                                                                                     
                                                                                                                                    The dynamic allocation of storage for StatefulSets is achieved by using volumeClaimTemplates. This field cannot be modified by Kubernetes. Therefore, data cannot be migrated by using a new PVC.
                                                                                                                                    
-
                                                                                                                                    The PVC naming rule of the volumeClaimTemplates is fixed. When a PVC that meets the naming rule exists, this PVC is used.
                                                                                                                                    
-
                                                                                                                                    Therefore, disassociate the original PVC first, and then create a PVC with the same name in the CSI format.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    6. (Optional) Recreate the stateful application to ensure that a CSI PVC is used when the application is scaled out. Otherwise, FlexVolume PVCs are used in scaling out.
                                                                                                                                    
-
                                                                                                                                    • Run the following command to obtain the YAML file of the StatefulSet:
                                                                                                                                    
-
                                                                                                                                    kubectl get sts xxx -n {namespaces} -oyaml > sts.yaml
                                                                                                                                    
-
                                                                                                                                    • Run the following command to back up the YAML file of the StatefulSet:
                                                                                                                                    
-
                                                                                                                                    cp sts.yaml sts-backup.yaml
                                                                                                                                    
-
                                                                                                                                    • Modify the definition of volumeClaimTemplates in the YAML file of the StatefulSet.
                                                                                                                                    
-
                                                                                                                                    vi sts.yaml
                                                                                                                                    
-
                                                                                                                                    Configuration example of volumeClaimTemplates for an EVS volume:
                                                                                                                                    
-
                                                                                                                                      volumeClaimTemplates:
-    - metadata:
-        name: pvc-161070049798261342
-        namespace: default
-        creationTimestamp: null
-        annotations:
-          everest.io/disk-volume-type: SAS
-      spec:
-        accessModes:
-          - ReadWriteOnce
-        resources:
-          requests:
-            storage: 10Gi
-        storageClassName: csi-disk
                                                                                                                                    
-
                                                                                                                                    The parameter value must be the same as the PVC of the EVS volume created in 3.
                                                                                                                                    
-
                                                                                                                                    Configuration example of volumeClaimTemplates for an SFS volume:
                                                                                                                                    
-
                                                                                                                                      volumeClaimTemplates:
-    - metadata:
-        name: pvc-161063441560279697
-        namespace: default
-        creationTimestamp: null
-      spec:
-        accessModes:
-          - ReadWriteMany
-        resources:
-          requests:
-            storage: 10Gi
-        storageClassName: csi-nas
                                                                                                                                    
-
                                                                                                                                    The parameter value must be the same as the PVC of the SFS volume created in 3.
                                                                                                                                    
-
                                                                                                                                    Configuration example of volumeClaimTemplates for an OBS volume:
                                                                                                                                    
-
                                                                                                                                      volumeClaimTemplates:
-    - metadata:
-        name: pvc-161070100417416148
-        namespace: default
-        creationTimestamp: null
-        annotations:
-          csi.storage.k8s.io/fstype: s3fs
-          everest.io/obs-volume-type: STANDARD
-      spec:
-        accessModes:
-          - ReadWriteMany
-        resources:
-          requests:
-            storage: 1Gi
-        storageClassName: csi-obs
                                                                                                                                    
-
                                                                                                                                    The parameter value must be the same as the PVC of the OBS volume created in 3.
                                                                                                                                    
-
                                                                                                                                    • Delete the StatefulSet.
                                                                                                                                    
-
                                                                                                                                    kubectl delete sts xxx -n {namespaces}
                                                                                                                                    
-
                                                                                                                                    • Create the StatefulSet.
                                                                                                                                    
-
                                                                                                                                    kubectl create -f sts.yaml
                                                                                                                                    
-
                                                                                                                                  5. Check service functions.
                                                                                                                                    1. Check whether the application is running properly.
                                                                                                                                    2. Checking whether the data storage is normal.
                                                                                                                                    
-
                                                                                                                                     
                                                                                                                                    If a rollback is required, perform 4. Select the PVC in FlexVolume format and upgrade the application.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                  6. Uninstall the PVC in the FlexVolume format.
                                                                                                                                    If the application functions normally, unbind the PVC in the FlexVolume format on the storage management page.
                                                                                                                                    
-
                                                                                                                                    You can also run the kubectl command to delete the PVC and PV of the FlexVolume format.
                                                                                                                                    
-
                                                                                                                                     
                                                                                                                                    Before deleting a PV, change the persistentVolumeReclaimPolicy of the PV to Retain. Otherwise, the underlying storage will be reclaimed after the PV is deleted.
                                                                                                                                    
-
                                                                                                                                    If the cluster has been upgraded before the storage migration, PVs may fail to be deleted. You can remove the PV protection field finalizers to delete PVs.
                                                                                                                                    
-
                                                                                                                                    kubectl patch pv {pv_name} -p '{"metadata":{"finalizers":null}}'
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                  
-
                                                                                                                                  
-
                                                                                                                                  
-
-
diff --git a/docs/cce/umn/cce_10_0345.html b/docs/cce/umn/cce_10_0345.html
index e8dca82e6..80bbe1570 100644
--- a/docs/cce/umn/cce_10_0345.html
+++ b/docs/cce/umn/cce_10_0345.html
@@ -1,8 +1,8 @@
 
 
-
                                                                                                                                  GPU Scheduling
                                                                                                                                  
+
                                                                                                                                  Default GPU Scheduling in Kubernetes
                                                                                                                                  
 
                                                                                                                                  You can use GPUs in CCE containers.
                                                                                                                                  
-
                                                                                                                                  Prerequisites
                                                                                                                                  • A GPU node has been created. For details, see Creating a Node.
                                                                                                                                  • The gpu-beta add-on has been installed. During the installation, select the GPU driver on the node. For details, see gpu-beta.
                                                                                                                                  • gpu-beta mounts the driver directory to /usr/local/nvidia/lib64. To use GPU resources in a container, you need to add /usr/local/nvidia/lib64 to the LD_LIBRARY_PATH environment variable.
                                                                                                                                    Generally, you can use any of the following methods to add a file:
                                                                                                                                    
+
                                                                                                                                    Prerequisites
                                                                                                                                    • A GPU node has been created. For details, see Creating a Node.
                                                                                                                                    • The gpu-device-plugin (previously gpu-beta add-on) has been installed. During the installation, select the GPU driver on the node. For details, see gpu-beta.
                                                                                                                                    • gpu-device-plugin mounts the driver directory to /usr/local/nvidia/lib64. To use GPU resources in a container, add /usr/local/nvidia/lib64 to the LD_LIBRARY_PATH environment variable.
                                                                                                                                      Generally, you can use any of the following methods to add a file:
                                                                                                                                      
 
                                                                                                                                      1. Configure the LD_LIBRARY_PATH environment variable in the Dockerfile used for creating an image. (Recommended)
                                                                                                                                        ENV LD_LIBRARY_PATH /usr/local/nvidia/lib64:$LD_LIBRARY_PATH
                                                                                                                                        
 
                                                                                                                                      2. Configure the LD_LIBRARY_PATH environment variable in the image startup command.
                                                                                                                                        /bin/bash -c "export LD_LIBRARY_PATH=/usr/local/nvidia/lib64:$LD_LIBRARY_PATH && ..."
                                                                                                                                        
 
                                                                                                                                      3. Define the LD_LIBRARY_PATH environment variable when creating a workload. (Ensure that this variable is not configured in the container. Otherwise, it will be overwritten.)
                                                                                                                                                  env:
@@ -42,10 +42,11 @@ spec:
       imagePullSecrets:
       - name: default-secret
                                                                                                                                        
 
                                                                                                                                        nvidia.com/gpu specifies the number of GPUs to be requested. The value can be smaller than 1. For example, nvidia.com/gpu: 0.5 indicates that multiple pods share a GPU. In this case, all the requested GPU resources come from the same GPU card.
                                                                                                                                        
+
                                                                                                                                         
                                                                                                                                        When you use nvidia.com/gpu to specify the number of GPUs, the values of requests and limits must be the same.
                                                                                                                                        
+
                                                                                                                                        
 
                                                                                                                                        After nvidia.com/gpu is specified, workloads will not be scheduled to nodes without GPUs. If the node is GPU-starved, Kubernetes events similar to the following are reported:
                                                                                                                                        
 
                                                                                                                                        • 0/2 nodes are available: 2 Insufficient nvidia.com/gpu.
                                                                                                                                        • 0/4 nodes are available: 1 InsufficientResourceOnSingleGPU, 3 Insufficient nvidia.com/gpu.
                                                                                                                                        
 
                                                                                                                                        To use GPUs on the CCE console, select the GPU quota and specify the percentage of GPUs reserved for the container when creating a workload.
                                                                                                                                        
-
                                                                                                                                        Figure 1 Using GPUs
                                                                                                                                        
 
                                                                                                                                    
 
                                                                                                                                    GPU Node Labels
                                                                                                                                    CCE will label GPU-enabled nodes after they are created. Different types of GPU-enabled nodes have different labels.
                                                                                                                                    
 
                                                                                                                                    $ kubectl get node -L accelerator
@@ -87,7 +88,7 @@ spec:
 
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    Parent topic: Workloads
                                                                                                                                    
+
                                                                                                                                    Parent topic: GPU Scheduling
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0348.html b/docs/cce/umn/cce_10_0348.html
index 387f20b03..d5031d32b 100644
--- a/docs/cce/umn/cce_10_0348.html
+++ b/docs/cce/umn/cce_10_0348.html
@@ -1,25 +1,63 @@
 
 
 
                                                                                                                                    Maximum Number of Pods That Can Be Created on a Node
                                                                                                                                    
-
                                                                                                                                    The maximum number of pods that can be created on a node is determined by the following parameters:
                                                                                                                                    
-
                                                                                                                                    • Number of container IP addresses that can be allocated on a node (alpha.cce/fixPoolMask): Set this parameter when creating a CCE cluster. This parameter is available only when Network Model is VPC network.
                                                                                                                                    • Maximum number of pods of a node (maxPods): Set this parameter when creating a node. It is a configuration item of kubelet.
                                                                                                                                    • Number of ENIs of a CCE Turbo cluster node: In a CCE Turbo cluster, ECS nodes use sub-ENIs and BMS nodes use ENIs. The maximum number of pods that can be created on a node depends on the number of ENIs that can be used by the node.
                                                                                                                                    
-
                                                                                                                                    The maximum number of pods that can be created on a node depends on the minimum value of these parameters.
                                                                                                                                    
-
-
                                                                                                                                    Container Network vs. Host Network
                                                                                                                                    When creating a pod, you can select the container network or host network for the pod.
                                                                                                                                    
+
                                                                                                                                    Calculation of the Maximum Number of Pods on a Node
                                                                                                                                    The maximum number of pods that can be created on a node is calculated based on the cluster type:
                                                                                                                                    
+
+
                                                                                                                                    
+
                                                                                                                                    Number of Container IP Addresses That Can Be Allocated on a Node
                                                                                                                                    If you select VPC network for Network Model when creating a CCE cluster, you also need to set the number of container IP addresses that can be allocated to each node (alpha.cce/fixPoolMask). If the pod uses the host network (hostNetwork: true), the pod does not occupy the IP address of the allocatable container network. For details, see Container Network vs. Host Network.
                                                                                                                                    
+
                                                                                                                                    This parameter affects the maximum number of pods that can be created on a node. Each pod occupies an IP address (when the container network is used). If the number of available IP addresses is insufficient, pods cannot be created. If the pod uses the host network (hostNetwork: true), the pod does not occupy the IP address of the allocatable container network.
                                                                                                                                    
+
                                                                                                                                    By default, a node occupies three container IP addresses (network address, gateway address, and broadcast address). Therefore, the number of container IP addresses that can be allocated to a node equals the number of selected container IP addresses minus 3. 
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    Maximum Number of Pods on a Node
                                                                                                                                    When creating a node, you can configure the maximum number of pods (maxPods) that can be created on the node. This parameter is a configuration item of kubelet and determines the maximum number of pods that can be created by kubelet.
                                                                                                                                    
+
                                                                                                                                     
                                                                                                                                    For nodes in the default node pool (DefaultPool), the maximum number of pods cannot be changed after the nodes are created.
                                                                                                                                    
+
                                                                                                                                    After a node in a custom node pool is created, you can modify the max-pods parameter in the node pool configuration to change the maximum number of pods on the node. 
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    Table 1 lists the default maximum number of pods on a node based on node specifications.
                                                                                                                                    
+
+
                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                    Table 1 Default maximum number of pods on a node
                                                                                                                                    Memory
                                                                                                                                    
+
                                                                                                                                    Max. Pods
                                                                                                                                    
+
                                                                                                                                    4 GiB
                                                                                                                                    
+
                                                                                                                                    20
                                                                                                                                    
+
                                                                                                                                    8 GiB
                                                                                                                                    
+
                                                                                                                                    40
                                                                                                                                    
+
                                                                                                                                    16 GiB
                                                                                                                                    
+
                                                                                                                                    60
                                                                                                                                    
+
                                                                                                                                    32 GiB
                                                                                                                                    
+
                                                                                                                                    80
                                                                                                                                    
+
                                                                                                                                    64 GiB or above
                                                                                                                                    
+
                                                                                                                                    110
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    Number of Node ENIs (CCE Turbo Clusters)
                                                                                                                                    In a CCE Turbo cluster, ECSs use sub-ENIs. The maximum number of pods that can be created on a node depends on the number of ENIs that can be used by the node.
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    Container Network vs. Host Network
                                                                                                                                    When creating a pod, you can select the container network or host network for the pod.
                                                                                                                                    
 
                                                                                                                                    • Container network (default): Each pod is assigned an IP address by the cluster networking add-ons, which occupies the IP addresses of the container network.
                                                                                                                                    • Host network: The pod uses the host network (hostNetwork: true needs to be configured for the pod) and occupies the host port. The pod IP address is the host IP address. The pod does not occupy the IP addresses of the container network. To use the host network, you must confirm whether the container ports conflict with the host ports. Do not use the host network unless you know exactly which host port is used by which container.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    Number of Container IP Addresses That Can Be Allocated on a Node
                                                                                                                                    If you select VPC network for Network Model when creating a CCE cluster, you also need to set the number of container IP addresses that can be allocated to each node.
                                                                                                                                    
-
                                                                                                                                    This parameter affects the maximum number of pods that can be created on a node. Each pod occupies an IP address (when the container network is used). If the number of available IP addresses is insufficient, pods cannot be created.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    By default, a node occupies three container IP addresses (network address, gateway address, and broadcast address). Therefore, the number of container IP addresses that can be allocated to a node equals the number of selected container IP addresses minus 3. For example, in the preceding figure, the number of container IP addresses that can be allocated to a node is 125 (128 – 3).
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    Maximum Number of Pods on a Node
                                                                                                                                    When creating a node, you can configure the maximum number of pods that can be created on the node. This parameter is a configuration item of kubelet and determines the maximum number of pods that can be created by kubelet.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    Parent topic: Node Overview
                                                                                                                                    
+
                                                                                                                                    Parent topic: Node O&M
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0349.html b/docs/cce/umn/cce_10_0349.html
index 52e1c0922..cfb9692b4 100644
--- a/docs/cce/umn/cce_10_0349.html
+++ b/docs/cce/umn/cce_10_0349.html
@@ -1,25 +1,25 @@
 
 
 
                                                                                                                                    Comparing iptables and IPVS
                                                                                                                                    
-
                                                                                                                                    kube-proxy is a key component of a Kubernetes cluster. It is responsible for load balancing and forwarding between a Service and its backend pod.
                                                                                                                                    
-
                                                                                                                                    CCE supports two forwarding modes: iptables and IPVS.
                                                                                                                                    
-
                                                                                                                                    • IPVS allows higher throughput and faster forwarding. This mode applies to scenarios where the cluster scale is large or the number of Services is large.
                                                                                                                                    • iptables is the traditional kube-proxy mode. This mode applies to the scenario where the number of Services is small or a large number of short connections are concurrently sent on the client.
                                                                                                                                    
-
                                                                                                                                    Notes and Constraints
                                                                                                                                    In a cluster using the IPVS proxy mode, if the ingress and Service use the same ELB load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer connected to the ingress. You are advised to use different ELB load balancers for the ingress and Service.
                                                                                                                                    
+
                                                                                                                                    kube-proxy is a key component of a Kubernetes cluster. It is used for load balancing and forwarding data between a Service and its backend pods.
                                                                                                                                    
+
                                                                                                                                    CCE supports the iptables and IPVS forwarding modes.
                                                                                                                                    
+
                                                                                                                                    • IPVS allows higher throughput and faster forwarding. This mode applies to scenarios where the cluster scale is large or the number of Services is large.
                                                                                                                                    • iptables is the traditional kube-proxy mode. This mode applies to the scenario where the number of Services is small or there are a large number of short concurrent connections on the client. When there are more than 1,000 Services in the cluster, network delay may occur.
                                                                                                                                    
+
                                                                                                                                    Constraints
                                                                                                                                    • In a cluster using the IPVS proxy mode, if the ingress and Service use the same ELB load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer connected to the ingress. You are advised to use different ELB load balancers for the ingress and Service.
                                                                                                                                    • In iptables mode, the ClusterIP cannot be pinged. In IPVS mode, the ClusterIP can be pinged.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    iptables
                                                                                                                                    iptables is a Linux kernel function that provides a large amount of data packet processing and filtering capabilities. It allows flexible sequences of rules to be attached to various hooks in the packet processing pipeline. When iptables is used, kube-proxy implements NAT and load balancing in the NAT pre-routing hook.
                                                                                                                                    
+
                                                                                                                                    iptables
                                                                                                                                    iptables is a Linux kernel function for processing and filtering a large number of data packets. It allows flexible sequences of rules to be attached to various hooks in the packet processing pipeline. When iptables is used, kube-proxy implements NAT and load balancing in the NAT pre-routing hook.
                                                                                                                                    
 
                                                                                                                                    kube-proxy is an O(n) algorithm, in which n increases with the cluster scale. The cluster scale refers to the number of Services and backend pods.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    IPVS
                                                                                                                                    IP Virtual Server (IPVS) is constructed on top of Netfilter and implements transport-layer load balancing as part of the Linux kernel. IPVS can direct requests for TCP- and UDP-based services to the real servers, and make services of the real servers appear as virtual services on a single IP address.
                                                                                                                                    
+
                                                                                                                                    IPVS
                                                                                                                                    IP Virtual Server (IPVS) is constructed on top of Netfilter and balances transport-layer loads as part of the Linux kernel. IPVS can direct requests for TCP- or UDP-based services to the real servers, and make services of the real servers appear as virtual services on a single IP address.
                                                                                                                                    
 
                                                                                                                                    In the IPVS mode, kube-proxy uses IPVS load balancing instead of iptables. IPVS is designed to balance loads for a large number of Services. It has a set of optimized APIs and uses optimized search algorithms instead of simply searching for rules from a list.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    The complexity of the connection process of IPVS-based kube-proxy is O(1). In other words, in most cases, the connection processing efficiency is irrelevant to the cluster scale.
                                                                                                                                    
+
                                                                                                                                    The complexity of the connection process of IPVS-based kube-proxy is O(1). In most cases, the connection processing efficiency is irrelevant to the cluster scale.
                                                                                                                                    
 
                                                                                                                                    IPVS involves multiple load balancing algorithms, such as round-robin, shortest expected delay, least connections, and various hashing methods. However, iptables has only one algorithm for random selection.
                                                                                                                                    
 
                                                                                                                                    Compared with iptables, IPVS has the following advantages:
                                                                                                                                    
 
                                                                                                                                    1. Provides better scalability and performance for large clusters.
                                                                                                                                    2. Supports better load balancing algorithms than iptables.
                                                                                                                                    3. Supports functions including server health check and connection retries.
                                                                                                                                    
 
                                                                                                                                    
+
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    Parent topic: Cluster Overview
                                                                                                                                    
+
                                                                                                                                    Parent topic: Creating a Cluster
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0351.html b/docs/cce/umn/cce_10_0351.html
index 99ebd9ea7..787be9f7b 100644
--- a/docs/cce/umn/cce_10_0351.html
+++ b/docs/cce/umn/cce_10_0351.html
@@ -1,21 +1,20 @@
 
 
-
                                                                                                                                    Binding CPU Cores
                                                                                                                                    
-
                                                                                                                                    By default, kubelet uses CFS quotas to enforce pod CPU limits. When the node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the pod is throttled and which CPU cores are available at scheduling time. Many workloads are not sensitive to this migration and thus work fine without any intervention. Some applications are CPU-sensitive. They are sensitive to:
                                                                                                                                    
+
                                                                                                                                    CPU Policy
                                                                                                                                    
+
                                                                                                                                    Scenarios
                                                                                                                                    By default, kubelet uses CFS quotas to enforce pod CPU limits. When the node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the pod is throttled and which CPU cores are available at scheduling time. Many workloads are not sensitive to this migration and thus work fine without any intervention. Some applications are CPU-sensitive. They are sensitive to:
                                                                                                                                    
 
                                                                                                                                    • CPU throttling
                                                                                                                                    • Context switching
                                                                                                                                    • Processor cache misses
                                                                                                                                    • Cross-socket memory access
                                                                                                                                    • Hyperthreads that are expected to run on the same physical CPU card
                                                                                                                                    
-
                                                                                                                                    If your workloads are sensitive to any of these items and CPU cache affinity and scheduling latency significantly affect workload performance, kubelet allows alternative CPU management policies to determine some placement preferences on the node. The CPU manager preferentially allocates resources on a socket and full physical cores to avoid interference.
                                                                                                                                    
-
                                                                                                                                    Binding CPU Cores to a Pod
                                                                                                                                    Prerequisites:
                                                                                                                                    
-
                                                                                                                                    • The static core binding policy is enabled on the node. For details, see Enabling the CPU Management Policy.
                                                                                                                                    • Both requests and limits must be set in the pod definition and their values must be the same.
                                                                                                                                    • The value of requests must be an integer for the container.
                                                                                                                                    • For an init container, it is recommended that you set its requests to the same as that of the service container. Otherwise, the service container does not inherit the CPU allocation result of the init container, and the CPU manager reserves more CPU resources than supposed. For more information, see App Containers can't inherit Init Containers CPUs - CPU Manager Static Policy.
                                                                                                                                    
-
                                                                                                                                    You can use Scheduling Policy (Affinity/Anti-affinity) to schedule the configured pods to the nodes where the static CPU policy is enabled. In this way, cores can be bound.
                                                                                                                                    
+
                                                                                                                                    If your workloads are sensitive to any of these items and CPU cache affinity and scheduling latency significantly affect workload performance, kubelet allows alternative CPU management policies (CPU binding) to determine some placement preferences on the node. The CPU manager preferentially allocates resources on a socket and full physical cores to avoid interference.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    Enabling the CPU Management Policy
                                                                                                                                    A CPU management policy is specified by the kubelet flag --cpu-manager-policy. The following policies are supported:
                                                                                                                                    
-
                                                                                                                                    • Disabled (none): the default policy. The none policy explicitly enables the existing default CPU affinity scheme, providing no affinity beyond what the OS scheduler does automatically.
                                                                                                                                    • Enabled (static): The static policy allows containers in Guaranteed pods with integer CPU requests to be granted increased CPU affinity and exclusivity on the node.
                                                                                                                                    
-
                                                                                                                                    When creating a cluster, you can configure the CPU management policy in Advanced Settings, as shown in the following figure.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    You can also configure the policy in a node pool. The configuration will change the kubelet flag --cpu-manager-policy on the node. Log in to the CCE console, click the cluster name, access the cluster details page, and choose Nodes in the navigation pane. On the page displayed, click the Node Pools tab. Choose More > Manage in the Operation column of the target node pool, and change the value of cpu-manager-policy to static.
                                                                                                                                    
+
                                                                                                                                    Enabling the CPU Management Policy
                                                                                                                                    A CPU management policy is specified by the kubelet flag --cpu-manager-policy. By default, Kubernetes supports the following policies:
                                                                                                                                    
+
                                                                                                                                    • Disabled (none): the default policy. The none policy explicitly enables the existing default CPU affinity scheme, providing no affinity beyond what the OS scheduler does automatically.
                                                                                                                                    • Enabled (static): The static policy allows containers in guaranteed pods with integer GPU requests to be granted increased CPU affinity and exclusivity on the node.
                                                                                                                                    
+
                                                                                                                                    When creating a cluster, you can configure the CPU management policy in Advanced Settings.
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    You can also configure the policy in a node pool. The configuration will change the kubelet flag --cpu-manager-policy on the node. Log in to the CCE console, click the cluster name, access the cluster details page, and choose Nodes in the navigation pane. On the page displayed, click the Node Pools tab. Choose More > Manage in the Operation column of the target node pool, and change the value of cpu-manager-policy to static.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    Pod Configuration
                                                                                                                                    For CPU, both requests and limits must be set to the same, and requests must be an integer.
                                                                                                                                    
-
                                                                                                                                    kind: Deployment
+
                                                                                                                                    Allowing Pods to Exclusively Use the CPU Resources
                                                                                                                                    Prerequisites:
                                                                                                                                    
+
                                                                                                                                    • Enable the static policy on the node. For details, see Enabling the CPU Management Policy.
                                                                                                                                    • Both requests and limits must be configured in pods and their values must be the same integer.
                                                                                                                                    • If an init container needs to exclusively use CPUs, set its requests to the same as that of the service container. Otherwise, the service container does not inherit the CPU allocation result of the init container, and the CPU manager reserves more CPU resources than supposed. For more information, see App Containers can't inherit Init Containers CPUs - CPU Manager Static Policy.
                                                                                                                                    
+
                                                                                                                                    You can use Scheduling Policy (Affinity/Anti-affinity) to schedule the configured pods to the nodes where the static policy is enabled. In this way, the pods can exclusively use the CPU resources.
                                                                                                                                    
+
                                                                                                                                    Example YAML:
                                                                                                                                    kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: test
@@ -43,9 +42,10 @@ spec:
         - name: default-secret
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
+
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    Parent topic: CPU Core Binding
                                                                                                                                    
+
                                                                                                                                    Parent topic: CPU Scheduling
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0352.html b/docs/cce/umn/cce_10_0352.html
index 95cdd682b..bbdca769c 100644
--- a/docs/cce/umn/cce_10_0352.html
+++ b/docs/cce/umn/cce_10_0352.html
@@ -3,7 +3,7 @@
 
                                                                                                                                    Managing Node Taints
                                                                                                                                    
 
                                                                                                                                    Taints enable a node to repel specific pods to prevent these pods from being scheduled to the node.
                                                                                                                                    
 
                                                                                                                                    Taints
                                                                                                                                    A taint is a key-value pair associated with an effect. The following effects are available:
                                                                                                                                    
-
                                                                                                                                    • NoSchedule: No pod will be able to schedule onto the node unless it has a matching toleration. Existing pods will not be evicted from the node.
                                                                                                                                    • PreferNoSchedule: Kubernetes prevents pods that cannot tolerate this taint from being scheduled onto the node.
                                                                                                                                    • NoExecute: If the pod has been running on a node, the pod will be evicted from the node. If the pod has not been running on a node, the pod will not be scheduled onto the node.
                                                                                                                                    
+
                                                                                                                                    • NoSchedule: No pod will be scheduled onto the node unless it has a matching toleration. Existing pods will not be evicted from the node.
                                                                                                                                    • PreferNoSchedule: Kubernetes prevents pods that cannot tolerate this taint from being scheduled onto the node.
                                                                                                                                    • NoExecute: If the pod has been running on a node, the pod will be evicted from the node. If the pod has not been running on a node, the pod will not be scheduled onto the node.
                                                                                                                                    
 
                                                                                                                                    To add a taint to a node, run the kubectl taint node nodename command as follows:
                                                                                                                                    
 
                                                                                                                                    $ kubectl get node
 NAME             STATUS   ROLES    AGE    VERSION
@@ -36,24 +36,29 @@ Name:               192.168.10.240
 Taints:             <none>
 ...
                                                                                                                                    
 
                                                                                                                                    On the CCE console, you can also manage taints of a node in batches.
                                                                                                                                    
-
                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                    2. Click the cluster name, access the cluster details page, and choose Nodes in the navigation pane. On the page displayed, select a node and click Manage Labels and Taints.
                                                                                                                                    3. In the displayed dialog box, click Add batch operations under Batch Operation, choose Add/Update, and select Taint.
                                                                                                                                      Enter the key and value of the taint to be added, select the taint effect, and click OK.
                                                                                                                                      
+
                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                      2. Click the cluster name, access the cluster details page, and choose Nodes in the navigation pane. On the page displayed, select a node and click Manage Labels and Taints.
                                                                                                                                      3. In the displayed dialog box, click Add batch operations under Batch Operation, choose Add/Update, and select Taint.
                                                                                                                                        Enter the key and value of the taint to be added, select the taint effect, and click OK.
                                                                                                                                        
 
                                                                                                                                      4. After the taint is added, check the added taint in node data.
                                                                                                                                      
 
                                                                                                                                    
-
                                                                                                                                    Node Scheduling Settings
                                                                                                                                    To configure scheduling settings, log in to the CCE console, click the cluster, choose Nodes in the navigation pane, and click More > Disable Scheduling in the Operation column of a node in the node list.
                                                                                                                                    
+
                                                                                                                                    System Taints
                                                                                                                                    When some issues occurred on a node, Kubernetes automatically adds a taint to the node. The built-in taints are as follows:
                                                                                                                                    
+
                                                                                                                                    • node.kubernetes.io/not-ready: The node is not ready. The node Ready value is False.
                                                                                                                                    • node.kubernetes.io/unreachable: The node controller cannot access the node. The node Ready value is Unknown.
                                                                                                                                    • node.kubernetes.io/memory-pressure: The node memory is approaching the upper limit.
                                                                                                                                    • node.kubernetes.io/disk-pressure: The node disk space is approaching the upper limit.
                                                                                                                                    • node.kubernetes.io/pid-pressure: The node PIDs are approaching the upper limit.
                                                                                                                                    • node.kubernetes.io/network-unavailable: The node network is unavailable.
                                                                                                                                    • node.kubernetes.io/unschedulable: The node cannot be scheduled.
                                                                                                                                    • node.cloudprovider.kubernetes.io/uninitialized: If an external cloud platform driver is specified when kubelet is started, kubelet adds a taint to the current node and marks it as unavailable. After a controller of cloud-controller-manager initializes the node, kubelet will delete the taint.
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    Node Scheduling Settings
                                                                                                                                    To configure scheduling, log in to the CCE console, click the cluster, choose Nodes in the navigation pane, and click More > Disable Scheduling in the Operation column of a node in the node list.
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    In the dialog box that is displayed, click OK to set the node to be unschedulable.
                                                                                                                                    
+
                                                                                                                                    In the dialog box that is displayed, click OK to set the node to be unschedulable.
                                                                                                                                    
 
                                                                                                                                    
+
                                                                                                                                    
 
                                                                                                                                    This operation will add a taint to the node. You can use kubectl to view the content of the taint.
                                                                                                                                    
 
                                                                                                                                    $ kubectl describe node 192.168.10.240
 ...
 Taints:             node.kubernetes.io/unschedulable:NoSchedule
 ...
                                                                                                                                    
-
                                                                                                                                    On the CCE console, perform the same operations again to remove the taint and set the node to be schedulable.
                                                                                                                                    
+
                                                                                                                                    On the CCE console, remove the taint and set the node to be schedulable.
                                                                                                                                    
 
                                                                                                                                    
+
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    Tolerations
                                                                                                                                    Tolerations are applied to pods, and allow (but do not require) the pods to schedule onto nodes with matching taints.
                                                                                                                                    
-
                                                                                                                                    Taints and tolerations work together to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node. This marks that the node should not accept any pods that do not tolerate the taints.
                                                                                                                                    
-
                                                                                                                                    Here's an example of a pod that uses tolerations:
                                                                                                                                    
+
                                                                                                                                    Tolerations
                                                                                                                                    Tolerations are applied to pods, and allow (but do not require) the pods to schedule onto nodes with matching taints.
                                                                                                                                    
+
                                                                                                                                    Taints and tolerations work together to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node. This marks that the node should not accept any pods that do not tolerate the taints.
                                                                                                                                    
+
                                                                                                                                    Example:
                                                                                                                                    
 
                                                                                                                                    apiVersion: v1
 kind: Pod
 metadata:
@@ -80,7 +85,7 @@ spec:
 
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
-
                                                                                                                                    Parent topic: Nodes
                                                                                                                                    
+
                                                                                                                                    Parent topic: Management Nodes
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0353.html b/docs/cce/umn/cce_10_0353.html
index 5b15aa34d..1b7904443 100644
--- a/docs/cce/umn/cce_10_0353.html
+++ b/docs/cce/umn/cce_10_0353.html
@@ -22,7 +22,7 @@ spec:
     imagePullPolicy: Always
   imagePullSecrets:                 
   - name: default-secret
-
                                                                                                                                    You can also set the image pull policy when creating a workload on the CCE console. As shown in the following figure, if you select Always, the image is always pulled. If you do not select it, the policy will be IfNotPresent, which means that the image is not pulled.
                                                                                                                                    
+
                                                                                                                                    You can also set the image pull policy when creating a workload on the CCE console. If you select Always, the image is always pulled. If you do not select it, the policy will be IfNotPresent, which means that the image is not pulled.
                                                                                                                                    
 
                                                                                                                                    
 
                                                                                                                                     
                                                                                                                                    You are advised to use a new tag each time you create an image. If you do not update the tag but only update the image, when Pull Policy is set to IfNotPresent, CCE considers that an image with the tag already exists on the current node and will not pull the image again.
                                                                                                                                    
 
                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0355.html b/docs/cce/umn/cce_10_0355.html
new file mode 100644
index 000000000..5a13572b1
--- /dev/null
+++ b/docs/cce/umn/cce_10_0355.html
@@ -0,0 +1,111 @@
+
+
+
                                                                                                                                    Enabling Passthrough Networking for LoadBalancer Services
                                                                                                                                    
+
                                                                                                                                    Challenges
                                                                                                                                    A Kubernetes cluster can publish applications running on a group of pods as Services, which provide unified layer-4 access entries. For a Loadbalancer Service, kube-proxy configures the LoadbalanceIP in status of the Service to the local forwarding rule of the node by default. When a pod accesses the load balancer from within the cluster, the traffic is forwarded within the cluster instead of being forwarded by the load balancer.
                                                                                                                                    
+
                                                                                                                                    kube-proxy is responsible for intra-cluster forwarding. kube-proxy has two forwarding modes: iptables and IPVS. iptables is a simple polling forwarding mode. IPVS has multiple forwarding modes but it requires modifying the startup parameters of kube-proxy. Compared with iptables and IPVS, load balancers provide more flexible forwarding policies as well as health check capabilities.
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    Solution
                                                                                                                                    CCE supports passthrough networking. You can configure the annotation of kubernetes.io/elb.pass-through for the Loadbalancer Service. Intra-cluster access to the Service load balancer address is then forwarded to backend pods by the load balancer.
                                                                                                                                    
+
                                                                                                                                    Figure 1 Passthrough networking illustration
                                                                                                                                    
+
                                                                                                                                    • CCE clusters
                                                                                                                                      When a LoadBalancer Service is accessed within the cluster, the access is forwarded to the backend pods using iptables/IPVS by default.
                                                                                                                                      
+
                                                                                                                                      When a LoadBalancer Service (configured with elb.pass-through) is accessed within the cluster, the access is first forwarded to the load balancer, then the nodes, and finally to the backend pods using iptables/IPVS.
                                                                                                                                      
+
                                                                                                                                    • CCE Turbo clusters
                                                                                                                                      When a LoadBalancer Service is accessed within the cluster, the access is forwarded to the backend pods using iptables/IPVS by default.
                                                                                                                                      
+
                                                                                                                                      When a LoadBalancer Service (configured with elb.pass-through) is accessed within the cluster, the access is first forwarded to the load balancer, and then to the pods.
                                                                                                                                      
+
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    Constraints
                                                                                                                                    • After passthrough networking is configured for a dedicated load balancer, containers on the node where the workload runs cannot be accessed through the Service.
                                                                                                                                    • Passthrough networking is not supported for clusters of v1.15 or earlier.
                                                                                                                                    • In IPVS network mode, the pass-through settings of Service connected to the same ELB must be the same.
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    Procedure
                                                                                                                                    This section describes how to create a Deployment using an Nginx image and create a Service with passthrough networking enabled.
                                                                                                                                    
+
                                                                                                                                    1. Use the Nginx image to create a Deployment.
                                                                                                                                      apiVersion: apps/v1     
+kind: Deployment         
+metadata:
+  name: nginx            
+spec:
+  replicas: 2                     
+  selector:              
+    matchLabels:
+      app: nginx
+  template:              
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - image: nginx:latest
+        name: container-0
+        resources:
+          limits:
+            cpu: 100m
+            memory: 200Mi
+          requests:
+            cpu: 100m
+            memory: 200Mi
+      imagePullSecrets:
+      - name: default-secret
                                                                                                                                      
+
                                                                                                                                    2. Create a LoadBalancer Service and configure kubernetes.io/elb.pass-through to true.
                                                                                                                                      apiVersion: v1 
+kind: Service 
+metadata: 
+  annotations:   
+    kubernetes.io/elb.pass-through: "true"
+    kubernetes.io/elb.class: union
+    kubernetes.io/elb.autocreate: '{"type":"public","bandwidth_name":"cce-bandwidth","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
+  labels: 
+    app: nginx 
+  name: nginx 
+spec: 
+  externalTrafficPolicy: Local
+  ports: 
+  - name: service0 
+    port: 80
+    protocol: TCP 
+    targetPort: 80
+  selector: 
+    app: nginx 
+  type: LoadBalancer
                                                                                                                                      
+
                                                                                                                                      
+
                                                                                                                                      A shared load balancer named james is automatically created. Use kubernetes.io/elb.subnet-id to specify the VPC subnet where the load balancer is located. The load balancer and the cluster must be in the same VPC.
                                                                                                                                      
+
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    Verification
                                                                                                                                    Check the ELB load balancer corresponding to the created Service. The load balancer name is james. The number of ELB connections is 0, as shown in the following figure.
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    Use kubectl to connect to the cluster, go to an Nginx container, and access the ELB address. The access is successful.
                                                                                                                                    
+
                                                                                                                                    # kubectl get pod
+NAME                     READY   STATUS    RESTARTS   AGE
+nginx-7c4c5cc6b5-vpncx   1/1     Running   0          9m47s
+nginx-7c4c5cc6b5-xj5wl   1/1     Running   0          9m47s
+# kubectl exec -it nginx-7c4c5cc6b5-vpncx -- /bin/sh
+# curl 120.46.141.192
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx!</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx!</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working. Further configuration is required.</p>
+
+<p>For online documentation and support please refer to
+<a href="http://nginx.org/">nginx.org</a>.<br/>
+Commercial support is available at
+<a href="http://nginx.com/">nginx.com</a>.</p>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>
                                                                                                                                    
+
                                                                                                                                    Wait for a period of time and view the ELB monitoring data. A new access connection is created for the ELB, indicating that the access passes through the ELB load balancer as expected.
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    Parent topic: LoadBalancer
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0359.html b/docs/cce/umn/cce_10_0359.html
index 4ee73a81e..a4e39a336 100644
--- a/docs/cce/umn/cce_10_0359.html
+++ b/docs/cce/umn/cce_10_0359.html
@@ -17,7 +17,7 @@
 
                                                                                                                                  
 
 
                                                                                                                                  
-
                                                                                                                                  Parent topic: Networking
                                                                                                                                  
+
                                                                                                                                  Parent topic: Network
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  
 
diff --git a/docs/cce/umn/cce_10_0360.html b/docs/cce/umn/cce_10_0360.html
index 60b05f9fb..673a0fa10 100644
--- a/docs/cce/umn/cce_10_0360.html
+++ b/docs/cce/umn/cce_10_0360.html
@@ -1,30 +1,42 @@
 
 
 
                                                                                                                                  Overview
                                                                                                                                  
-
                                                                                                                                  Introduction to CoreDNS
                                                                                                                                  When you create a cluster, the coredns add-on is installed to resolve domain names in the cluster.
                                                                                                                                  
-
                                                                                                                                  You can view the pod of the coredns add-on in the kube-system namespace.
                                                                                                                                  
+
                                                                                                                                  Introduction to CoreDNS
                                                                                                                                  When you create a cluster, the CoreDNS add-on is installed to resolve domain names in the cluster.
                                                                                                                                  
+
                                                                                                                                  You can view the pod of the CoreDNS add-on in the kube-system namespace.
                                                                                                                                  
 
                                                                                                                                  $ kubectl get po --namespace=kube-system
 NAME                                      READY   STATUS    RESTARTS   AGE
 coredns-7689f8bdf-295rk                   1/1     Running   0          9m11s
 coredns-7689f8bdf-h7n68                   1/1     Running   0          11m
                                                                                                                                  
-
                                                                                                                                  After coredns is installed, it becomes a DNS. After the Service is created, coredns records the Service name and IP address. In this way, the pod can obtain the Service IP address by querying the Service name from coredns.
                                                                                                                                  
+
                                                                                                                                  After CoreDNS is installed, it becomes a DNS. After the Service is created, CoreDNS records the Service name and IP address. In this way, the pod can obtain the Service IP address by querying the Service name from CoreDNS.
                                                                                                                                  
 
                                                                                                                                  nginx.<namespace>.svc.cluster.local is used to access the Service. nginx is the Service name, <namespace> is the namespace, and svc.cluster.local is the domain name suffix. In actual use, you can omit <namespace>.svc.cluster.local in the same namespace and use the ServiceName.
                                                                                                                                  
 
                                                                                                                                  An advantage of using ServiceName is that you can write ServiceName into the program when developing the application. In this way, you do not need to know the IP address of a specific Service.
                                                                                                                                  
-
                                                                                                                                  After the coredns add-on is installed, there is also a Service in the kube-system namespace, as shown below.
                                                                                                                                  
+
                                                                                                                                  After CoreDNS is installed, there is also a Service in the kube-system namespace, as shown below.
                                                                                                                                  
 
                                                                                                                                  $ kubectl get svc -n kube-system
 NAME               TYPE           CLUSTER-IP      EXTERNAL-IP                    PORT(S)                      AGE
 coredns            ClusterIP      10.247.3.10     <none>                         53/UDP,53/TCP,8080/TCP       13d
                                                                                                                                  
-
                                                                                                                                  By default, after other pods are created, the address of the coredns Service is written as the address of the domain name resolution server in the /etc/resolv.conf file of the pod. Create a pod and view the /etc/resolv.conf file as follows:
                                                                                                                                  
+
                                                                                                                                  By default, after other pods are created, the address of the CoreDNS Service is written as the address of the domain name resolution server in the /etc/resolv.conf file of the pod. Create a pod and view the /etc/resolv.conf file as follows:
                                                                                                                                  
 
                                                                                                                                  $ kubectl exec test01-6cbbf97b78-krj6h -it -- /bin/sh
 / # cat /etc/resolv.conf
 nameserver 10.247.3.10
 search default.svc.cluster.local svc.cluster.local cluster.local
 options ndots:5 timeout single-request-reopen
                                                                                                                                  
 
                                                                                                                                  When a user accesses the Service name:Port of the Nginx pod, the IP address of the Nginx Service is resolved from CoreDNS, and then the IP address of the Nginx Service is accessed. In this way, the user can access the backend Nginx pod.
                                                                                                                                  
-
                                                                                                                                  Figure 1 Example of domain name resolution in a cluster
                                                                                                                                  
+
                                                                                                                                  Figure 1 Example of domain name resolution in a cluster
                                                                                                                                  
+
                                                                                                                                  
+
                                                                                                                                  How Does Domain Name Resolution Work in Kubernetes?
                                                                                                                                  DNS policies can be set on a per-pod basis. Currently, Kubernetes supports four types of DNS policies: Default, ClusterFirst, ClusterFirstWithHostNet, and None. For details, see https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/. These policies are specified in the dnsPolicy field in the pod-specific.
                                                                                                                                  
+
                                                                                                                                  • Default: Pods inherit the name resolution configuration from the node that the pods run on. The custom upstream DNS server and the stub domain cannot be used together with this policy.
                                                                                                                                  • ClusterFirst: Any DNS query that does not match the configured cluster domain suffix, such as www.kubernetes.io, is forwarded to the upstream name server inherited from the node. Cluster administrators may have extra stub domains and upstream DNS servers configured. 
                                                                                                                                  • ClusterFirstWithHostNet: For pods running with hostNetwork, set its DNS policy ClusterFirstWithHostNet.
                                                                                                                                  • None: It allows a pod to ignore DNS settings from the Kubernetes environment. All DNS settings are supposed to be provided using the dnsPolicy field in the pod-specific.
                                                                                                                                  
+
                                                                                                                                   
                                                                                                                                  • Clusters of Kubernetes v1.10 and later support Default, ClusterFirst, ClusterFirstWithHostNet, and None. Clusters earlier than Kubernetes v1.10 support only Default, ClusterFirst, and ClusterFirstWithHostNet.
                                                                                                                                  • Default is not the default DNS policy. If dnsPolicy is not explicitly specified, ClusterFirst is used.
                                                                                                                                  
+
                                                                                                                                  
+
                                                                                                                                  Routing
                                                                                                                                  
+
                                                                                                                                  Without stub domain configurations: Any query that does not match the configured cluster domain suffix, such as www.kubernetes.io, is forwarded to the upstream DNS server inherited from the node.
                                                                                                                                  
+
                                                                                                                                  With stub domain configurations: If stub domains and upstream DNS servers are configured, DNS queries are routed according to the following flow:
                                                                                                                                  
+
                                                                                                                                  1. The query is first sent to the DNS caching layer in CoreDNS.
                                                                                                                                  2. From the caching layer, the suffix of the request is examined and then the request is forwarded to the corresponding DNS:
                                                                                                                                    • Names with the cluster suffix, for example, .cluster.local: The request is sent to CoreDNS.
                                                                                                                                    
+
                                                                                                                                    • Names with the stub domain suffix, for example, .acme.local: The request is sent to the configured custom DNS resolver that listens, for example, on 1.2.3.4.
                                                                                                                                    • Names that do not match the suffix (for example, widget.com): The request is forwarded to the upstream DNS.
                                                                                                                                    
+
                                                                                                                                  
+
                                                                                                                                  Figure 2 Routing
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  Related Operations
                                                                                                                                  You can also configure DNS in a workload. For details, see DNS Configuration.
                                                                                                                                  
-
                                                                                                                                  You can also use coredns to implement user-defined domain name resolution. For details, see Using CoreDNS for Custom Domain Name Resolution.
                                                                                                                                  
+
                                                                                                                                  You can also use CoreDNS to implement user-defined domain name resolution. For details, see Using CoreDNS for Custom Domain Name Resolution.
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0361.html b/docs/cce/umn/cce_10_0361.html
index 5fa44037b..ced1e623e 100644
--- a/docs/cce/umn/cce_10_0361.html
+++ b/docs/cce/umn/cce_10_0361.html
@@ -11,171 +11,114 @@
 
                                                                                                                                  
 
                                                                                                                                  Configuring the Stub Domain for CoreDNS
                                                                                                                                  Cluster administrators can modify the ConfigMap for the CoreDNS Corefile to change how service discovery works.
                                                                                                                                  
 
                                                                                                                                  Assume that a cluster administrator has a Consul DNS server located at 10.150.0.1 and all Consul domain names have the suffix .consul.local.
                                                                                                                                  
-
                                                                                                                                  1. Log in to the CCE console and access the cluster console.
                                                                                                                                  2. In the navigation pane, choose Add-ons. On the displayed page, click Edit under CoreDNS.
                                                                                                                                  3. Add a stub domain in the Parameters area.
                                                                                                                                    Modify the stub_domains parameter in the format of a key-value pair. The key is a DNS suffix domain name, and the value is a DNS IP address or a group of DNS IP addresses.
                                                                                                                                    {
-	"stub_domains": {
-                "consul.local": [
-			"10.150.0.1"
-		]
-	},
-	"upstream_nameservers": []
+
                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                    2. In the navigation pane, choose Add-ons. On the displayed page, click Edit under CoreDNS.
                                                                                                                                    3. Add a stub domain in the Parameters area. The format is a key-value pair. The key is a DNS suffix domain name, and the value is a DNS IP address or a group of DNS IP addresses, for example, consul.local --10.XXX.XXX.XXX.
                                                                                                                                    4. Click OK.
                                                                                                                                    5. Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of CoreDNS to check whether the update is successful.
                                                                                                                                      The corresponding Corefile content is as follows:
                                                                                                                                      
+
                                                                                                                                      .:5353 {
+    bind {$POD_IP}
+    cache 30
+    errors
+    health {$POD_IP}:8080
+    kubernetes cluster.local in-addr.arpa ip6.arpa {
+        pods insecure
+        fallthrough in-addr.arpa ip6.arpa
+    }
+    loadbalance round_robin
+    prometheus {$POD_IP}:9153
+    forward . /etc/resolv.conf {
+        policy random
+    }
+    reload
+    ready {$POD_IP}:8081
+}
+consul.local:5353 {
+    bind {$POD_IP}
+    errors
+    cache 30
+    forward . 10.150.0.1
+}
                                                                                                                                      
+
                                                                                                                                    
+
                                                                                                                                    
+
                                                                                                                                    Modifying the CoreDNS Hosts Configuration File
                                                                                                                                    After modifying the hosts file in CoreDNS, you do not need to configure the hosts file in each pod to add resolution records.
                                                                                                                                    
+
                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                    2. In the navigation pane, choose Add-ons. On the displayed page, click Edit under CoreDNS.
                                                                                                                                    3. Edit the advanced configuration under Parameters and add the following content to the plugins field:
                                                                                                                                      {
+  "configBlock": "192.168.1.1 www.example.com\nfallthrough",
+  "name": "hosts"
 }
                                                                                                                                      
-
                                                                                                                                    
-
                                                                                                                                  4. Click OK.
                                                                                                                                  
-
                                                                                                                                  You can also modify the ConfigMap as follows:
                                                                                                                                  
-
                                                                                                                                   
                                                                                                                                  The parameter values in red in the example can only be modified and cannot be deleted.
                                                                                                                                  
+
                                                                                                                                   
                                                                                                                                  The fallthrough field must be configured. fallthrough indicates that when the domain name to be resolved cannot be found in the hosts file, the resolution task is transferred to the next CoreDNS plug-in. If fallthrough is not specified, the task ends and the domain name resolution stops. As a result, the domain name resolution in the cluster fails.
                                                                                                                                  
+
                                                                                                                                  For details about how to configure the hosts file, visit https://coredns.io/plugins/hosts/.
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  $ kubectl edit configmap coredns -n kube-system
-apiVersion: v1
-data:
-  Corefile: |-
-    .:5353 {
-        bind {$POD_IP}
-        cache 30
-        errors
-        health {$POD_IP}:8080
-        kubernetes cluster.local in-addr.arpa ip6.arpa {
-            pods insecure
-            fallthrough in-addr.arpa ip6.arpa
-        }
-        loadbalance round_robin
-        prometheus {$POD_IP}:9153
-        forward . /etc/resolv.conf {
-            policy random
-        }
-        reload
+
                                                                                                                                • Click OK.
                                                                                                                                • Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of CoreDNS to check whether the update is successful.
                                                                                                                                  The corresponding Corefile content is as follows:
                                                                                                                                  
+
                                                                                                                                  .:5353 {
+    bind {$POD_IP}
+    hosts {
+      192.168.1.1 www.example.com
+      fallthrough
+    }
+    cache 30
+    errors
+    health {$POD_IP}:8080
+    kubernetes cluster.local in-addr.arpa ip6.arpa {
+        pods insecure
+        fallthrough in-addr.arpa ip6.arpa
     }
-
-    consul.local:5353 {
-        bind {$POD_IP}
-        errors
-        cache 30
-        forward . 10.150.0.1
+    loadbalance round_robin
+    prometheus {$POD_IP}:9153
+    forward . /etc/resolv.conf {
+        policy random
     }
-kind: ConfigMap
-metadata:
-  creationTimestamp: "2022-05-04T04:42:24Z"
-  labels:
-    app: coredns
-    k8s-app: coredns
-    kubernetes.io/cluster-service: "true"
-    kubernetes.io/name: CoreDNS
-    release: cceaddon-coredns
-  name: coredns
-  namespace: kube-system
-  resourceVersion: "8663493"
-  uid: bba87142-9f8d-4056-b8a6-94c3887e9e1d
                                                                                                                                  
-
                                                                                                                                  • 
-
                                                                                                                                  Modifying the CoreDNS Hosts Configuration File
                                                                                                                                  1. Use kubectl to connect to the cluster.
                                                                                                                                  2. Modify the CoreDNS configuration file and add the custom domain name to the hosts file.
                                                                                                                                    Point www.example.com to 192.168.1.1. When CoreDNS resolves www.example.com, 192.168.1.1 is returned.
                                                                                                                                    
-
                                                                                                                                     
                                                                                                                                    The fallthrough field must be configured. fallthrough indicates that when the domain name to be resolved cannot be found in the hosts file, the resolution task is transferred to the next CoreDNS plug-in. If fallthrough is not specified, the task ends and the domain name resolution stops. As a result, the domain name resolution in the cluster fails.
                                                                                                                                    
-
                                                                                                                                    For details about how to configure the hosts file, visit https://coredns.io/plugins/hosts/.
                                                                                                                                    
-
                                                                                                                                    
-
                                                                                                                                    $ kubectl edit configmap coredns -n kube-system
-apiVersion: v1
-data:
-  Corefile: |-
-    .:5353 {
-        bind {$POD_IP}
-        cache 30
-        errors
-        health {$POD_IP}:8080
-        kubernetes cluster.local in-addr.arpa ip6.arpa {
-          pods insecure
-          fallthrough in-addr.arpa ip6.arpa
-        }
-        hosts {
-          192.168.1.1 www.example.com
-          fallthrough
-        }
-        loadbalance round_robin
-        prometheus {$POD_IP}:9153
-        forward . /etc/resolv.conf
-        reload
-    }
-kind: ConfigMap
-metadata:
-  creationTimestamp: "2021-08-23T13:27:28Z"
-  labels:
-    app: coredns
-    k8s-app: coredns
-    kubernetes.io/cluster-service: "true"
-    kubernetes.io/name: CoreDNS
-    release: cceaddon-coredns
-  name: coredns
-  namespace: kube-system
-  resourceVersion: "460"
-  selfLink: /api/v1/namespaces/kube-system/configmaps/coredns
-  uid: be64aaad-1629-441f-8a40-a3efc0db9fa9
                                                                                                                                    
-
                                                                                                                                    After modifying the hosts file in CoreDNS, you do not need to configure the hosts file in each pod.
                                                                                                                                    
+    reload
+    ready {$POD_IP}:8081
+}
 
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Adding the CoreDNS Rewrite Configuration to Point the Domain Name to Services in the Cluster
                                                                                                                                  Use the Rewrite plug-in of CoreDNS to resolve a specified domain name to the domain name of a Service.
                                                                                                                                  
-
                                                                                                                                  1. Use kubectl to connect to the cluster.
                                                                                                                                  2. Modify the CoreDNS configuration file to point example.com to the example service in the default namespace.
                                                                                                                                    $ kubectl edit configmap coredns -n kube-system
-apiVersion: v1
-data:
-  Corefile: |-
-    .:5353 {
-        bind {$POD_IP}
-        cache 30
-        errors
-        health {$POD_IP}:8080
-        kubernetes cluster.local in-addr.arpa ip6.arpa {
-          pods insecure
-          fallthrough in-addr.arpa ip6.arpa
-        }
-        rewrite name example.com example.default.svc.cluster.local
-        loadbalance round_robin
-        prometheus {$POD_IP}:9153
-        forward . /etc/resolv.conf
-        reload
+
                                                                                                                                    Adding the CoreDNS Rewrite Configuration to Point the Domain Name to Services in the Cluster
                                                                                                                                    Use the Rewrite plug-in of CoreDNS to resolve a specified domain name to the domain name of a Service. For example, the request for accessing the example.com domain name is redirected to the example.default.svc.cluster.local domain name, that is, the example service in the default namespace.
                                                                                                                                    
+
                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                    2. In the navigation pane, choose Add-ons. On the displayed page, click Edit under CoreDNS.
                                                                                                                                    3. Edit the advanced configuration under Parameters and add the following content to the plugins field:
                                                                                                                                      {
+   "name": "rewrite",
+   "parameters": "name example.com example.default.svc.cluster.local"
+}
                                                                                                                                      
+
                                                                                                                                    4. Click OK.
                                                                                                                                    5. Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of CoreDNS to check whether the update is successful.
                                                                                                                                      Corresponding Corefile content:
                                                                                                                                      
+
                                                                                                                                      .:5353 {
+    bind {$POD_IP}
+    rewrite name example.com example.default.svc.cluster.local
+    cache 30
+    errors
+    health {$POD_IP}:8080
+    kubernetes cluster.local in-addr.arpa ip6.arpa {
+        pods insecure
+        fallthrough in-addr.arpa ip6.arpa
     }
-kind: ConfigMap
-metadata:
-  creationTimestamp: "2021-08-23T13:27:28Z"
-  labels:
-    app: coredns
-    k8s-app: coredns
-    kubernetes.io/cluster-service: "true"
-    kubernetes.io/name: CoreDNS
-    release: cceaddon-coredns
-  name: coredns
-  namespace: kube-system
-  resourceVersion: "460"
-  selfLink: /api/v1/namespaces/kube-system/configmaps/coredns
-  uid: be64aaad-1629-441f-8a40-a3efc0db9fa9
                                                                                                                                      
+    loadbalance round_robin
+    prometheus {$POD_IP}:9153
+    forward . /etc/resolv.conf {
+        policy random
+    }
+    reload
+    ready {$POD_IP}:8081
+}
                                                                                                                                    
 
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Using CoreDNS to Cascade Self-Built DNS
                                                                                                                                  1. Use kubectl to connect to the cluster.
                                                                                                                                  2. Modify the CoreDNS configuration file and change /etc/resolv.conf following forward to the IP address of the external DNS server.
                                                                                                                                    $ kubectl edit configmap coredns -n kube-system
-apiVersion: v1
-data:
-  Corefile: |-
-    .:5353 {
-        bind {$POD_IP}
-        cache 30
-        errors
-        health {$POD_IP}:8080
-        kubernetes cluster.local in-addr.arpa ip6.arpa {
-          pods insecure
-          fallthrough in-addr.arpa ip6.arpa
-        }
-        loadbalance round_robin
-        prometheus {$POD_IP}:9153
-        forward . 192.168.1.1
-        reload
+
                                                                                                                                    Using CoreDNS to Cascade Self-Built DNS
                                                                                                                                    By default, CoreDNS uses the /etc/resolv.conf file of the node for resolution. You can also change the resolution address to that of the external DNS.
                                                                                                                                    
+
                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                    2. In the navigation pane, choose Add-ons. On the displayed page, click Edit under CoreDNS.
                                                                                                                                    3. Edit the advanced configuration under Parameters and modify the following content in the plugins field:
                                                                                                                                      {
+    "configBlock": "policy random",
+    "name": "forward",
+    "parameters": ". 192.168.1.1"
+}
                                                                                                                                      
+
                                                                                                                                    4. Click OK.
                                                                                                                                    5. Choose ConfigMaps and Secrets in the navigation pane, select the kube-system namespace, and view the ConfigMap data of CoreDNS to check whether the update is successful.
                                                                                                                                      The corresponding Corefile content is as follows:
                                                                                                                                      
+
                                                                                                                                      .:5353 {
+    bind {$POD_IP}
+    cache 30
+    errors
+    health {$POD_IP}:8080
+    kubernetes cluster.local in-addr.arpa ip6.arpa {
+        pods insecure
+        fallthrough in-addr.arpa ip6.arpa
     }
-kind: ConfigMap
-metadata:
-  creationTimestamp: "2021-08-23T13:27:28Z"
-  labels:
-    app: coredns
-    k8s-app: coredns
-    kubernetes.io/cluster-service: "true"
-    kubernetes.io/name: CoreDNS
-    release: cceaddon-coredns
-  name: coredns
-  namespace: kube-system
-  resourceVersion: "460"
-  selfLink: /api/v1/namespaces/kube-system/configmaps/coredns
-  uid: be64aaad-1629-441f-8a40-a3efc0db9fa9
                                                                                                                                      
+    loadbalance round_robin
+    prometheus {$POD_IP}:9153
+    forward . 192.168.1.1 {
+        policy random
+    }
+    reload
+    ready {$POD_IP}:8081
+}
                                                                                                                                    
 
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0363.html b/docs/cce/umn/cce_10_0363.html
index afef62b0b..e9bb682a3 100644
--- a/docs/cce/umn/cce_10_0363.html
+++ b/docs/cce/umn/cce_10_0363.html
@@ -3,60 +3,62 @@
 
                                                                                                                                  Creating a Node
                                                                                                                                  
 
                                                                                                                                  Prerequisites
                                                                                                                                  • At least one cluster has been created.
                                                                                                                                  • A key pair has been created for identity authentication upon remote node login.
                                                                                                                                  
 
                                                                                                                                  
-
                                                                                                                                  Notes and Constraints
                                                                                                                                  • The node has 2-core or higher CPU, 4 GB or larger memory.
                                                                                                                                  • To ensure node stability, a certain amount of CCE node resources will be reserved for Kubernetes components (such as kubelet, kube-proxy, and docker) based on the node specifications. Therefore, the total number of node resources and assignable node resources in Kubernetes are different. The larger the node specifications, the more the containers deployed on the node. Therefore, more node resources need to be reserved to run Kubernetes components. For details, see Formula for Calculating the Reserved Resources of a Node.
                                                                                                                                  • The node networking (such as the VM networking and container networking) is taken over by CCE. You are not allowed to add and delete NICs or change routes. If you modify the networking configuration, the availability of CCE may be affected. For example, the NIC named gw_11cbf51a@eth0 on the node is the container network gateway and cannot be modified.
                                                                                                                                  • During the node creation, software packages are downloaded from OBS using the domain name. You need to use a private DNS server to resolve the OBS domain name, and configure the DNS server address of the subnet where the node resides with a private DNS server address. When you create a subnet, the private DNS server is used by default. If you change the subnet DNS, ensure that the DNS server in use can resolve the OBS domain name.
                                                                                                                                  • Once a node is created, its AZ cannot be changed.
                                                                                                                                  
+
                                                                                                                                  Constraints
                                                                                                                                  • The node has at least 2 vCPUs and 4 GiB of memory.
                                                                                                                                  • To ensure node stability, a certain number of CCE node resources will be reserved for Kubernetes components (such as kubelet, kube-proxy, and docker) based on the node specifications. Therefore, the total number of node resources and the number of allocatable node resources for your cluster are different. The larger the node specifications, the more the containers deployed on the node. Therefore, more node resources need to be reserved to run Kubernetes components. For details, see Node Resource Reservation Policy.
                                                                                                                                  • Networks including VM networks and container networks of nodes are all managed by CCE. Do not add or delete ENIs or change routes. Otherwise, services may be unavailable. For example, the NIC named gw_11cbf51a@eth0 on the node is the container network gateway and cannot be modified.
                                                                                                                                  • During the node creation, software packages are downloaded from OBS using the domain name. Use a private DNS server to resolve the OBS domain name, and configure the DNS server address of the subnet where the node resides with a private DNS server address. When you create a subnet, the private DNS server is used by default. If you change the subnet DNS, ensure that the DNS server in use can resolve the OBS domain name.
                                                                                                                                  • Once a node is created, its AZ cannot be changed.
                                                                                                                                  
 
                                                                                                                                  
 
                                                                                                                                  Procedure
                                                                                                                                  After a cluster is created, you can create nodes for the cluster.
                                                                                                                                  
-
                                                                                                                                  1. Log in to the CCE console. In the navigation pane, choose Clusters. Click the target cluster name to access its details page.
                                                                                                                                  2. In the navigation pane on the left, choose Nodes. On the page displayed, click Create Node. In the Node Settings step, set node parameters by referring to the following table.
                                                                                                                                    Compute Settings
                                                                                                                                    
+
                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                    2. In the navigation pane of the CCE console, choose Clusters. Click the target cluster name to access its details page.
                                                                                                                                    3. In the navigation pane on the left, choose Nodes. On the page displayed, click Create Node. In the Node Settings step, set node parameters by referring to the following table.
                                                                                                                                      Compute Settings
                                                                                                                                      
 
                                                                                                                                      You can configure the specifications and OS of a cloud server, on which your containerized applications run.
-
                                                                                                                                      Table 1 Configuration parameters
                                                                                                                                      Parameter
                                                                                                                                      
+
                                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -67,33 +69,37 @@
 
                                                                                                                                      Storage Settings
                                                                                                                                      Configure storage resources on a node for the containers running on it. Set the disk size according to site requirements.
-
                                                                                                                                      Table 1 Configuration parameters
                                                                                                                                      Parameter
                                                                                                                                      
 
                                                                                                                                      Description
                                                                                                                                      
+
                                                                                                                                      Description
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
 
                                                                                                                                      AZ
                                                                                                                                      
+
                                                                                                                                      AZ
                                                                                                                                      
 
                                                                                                                                      AZ where the node is located. Nodes in a cluster can be created in different AZs for higher reliability. The value cannot be changed after the node is created.
                                                                                                                                      
-
                                                                                                                                      You are advised to select Random to deploy your node in a random AZ based on the selected node flavor.
                                                                                                                                      
+
                                                                                                                                      AZ where the node is located. Nodes in a cluster can be created in different AZs for higher reliability. The value cannot be changed after the node is created.
                                                                                                                                      
+
                                                                                                                                      Select Random to deploy your node in a random AZ based on the selected node flavor.
                                                                                                                                      
 
                                                                                                                                      An AZ is a physical region where resources use independent power supply and networks. AZs are physically isolated but interconnected through an internal network. To enhance workload availability, create nodes in different AZs.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Node Type
                                                                                                                                      
+
                                                                                                                                      Node Type
                                                                                                                                      
 
                                                                                                                                      CCE cluster:
                                                                                                                                      • ECS (VM): Containers run on ECSs.
                                                                                                                                      
+
                                                                                                                                      CCE cluster:
                                                                                                                                      • ECS (VM): Containers run on ECSs.
                                                                                                                                      
 
                                                                                                                                      
-
                                                                                                                                      CCE Turbo cluster:
                                                                                                                                      • ECS (VM): Containers run on ECSs. Only Trunkport ECSs (models that can be bound with multiple elastic network interfaces) are supported.
                                                                                                                                      
+
                                                                                                                                      CCE Turbo cluster:
                                                                                                                                      • ECS (VM): Containers run on ECSs. Only the ECSs that can be bound with multiple NICs are supported.
                                                                                                                                      
 
                                                                                                                                      
 
                                                                                                                                      		
 
                                                                                                                                      Container Engine
                                                                                                                                      
+
                                                                                                                                      Container Engine
                                                                                                                                      
 
                                                                                                                                      CCE clusters support Docker and containerd in some scenarios.
                                                                                                                                      • VPC network clusters of v1.23 and later versions support containerd. Container tunnel network clusters of v1.23.2-r0 and later versions support containerd.
                                                                                                                                      • For a CCE Turbo cluster, both Docker and containerd are supported. For details, see Mapping between Node OSs and Container Engines.
                                                                                                                                      
+
                                                                                                                                      CCE clusters support Docker and containerd in some scenarios.
                                                                                                                                      • VPC network clusters of v1.23 and later versions support containerd. Tunnel network clusters of v1.23.2-r0 and later versions support containerd.
                                                                                                                                      • For a CCE Turbo cluster, both Docker and containerd are supported. For details, see Mapping between Node OSs and Container Engines.
                                                                                                                                      
 
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Specifications
                                                                                                                                      
+
                                                                                                                                      Specifications
                                                                                                                                      
 
                                                                                                                                      Select the node specifications based on service requirements. The available node specifications vary depending on AZs.
                                                                                                                                      
+
                                                                                                                                      Select node specifications that best fit your service needs.
                                                                                                                                      
+
                                                                                                                                      The available node flavors vary depending on AZs. Obtain the flavors displayed on the console.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      OS
                                                                                                                                      
+
                                                                                                                                      OS
                                                                                                                                      
 
                                                                                                                                      Select an OS type. Different types of nodes support different OSs.
                                                                                                                                      
-
                                                                                                                                      Public image: Select an OS for the node.
                                                                                                                                      
-
                                                                                                                                      Private image: You can use private images. 
                                                                                                                                      
+
                                                                                                                                      Select an OS type. Different types of nodes support different OSs.
                                                                                                                                      
+
                                                                                                                                      • Public image: Select a public image for the node.
                                                                                                                                      • Private image: Select a private image for the node. 
                                                                                                                                      
+
                                                                                                                                       NOTE: 
                                                                                                                                      • Service container runtimes share the kernel and underlying calls of nodes. To ensure compatibility, select a Linux distribution version that is the same as or close to that of the final service container image for the node OS.
                                                                                                                                      
+
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Node Name
                                                                                                                                      
+
                                                                                                                                      Node Name
                                                                                                                                      
 
                                                                                                                                      Name of the node. When nodes (ECSs) are created in batches, the value of this parameter is used as the name prefix for each ECS.
                                                                                                                                      
+
                                                                                                                                      Name of the node. When nodes (ECSs) are created in batches, the value of this parameter is used as the name prefix for each ECS.
                                                                                                                                      
 
                                                                                                                                      The system generates a default name for you, which can be modified.
                                                                                                                                      
 
                                                                                                                                      A node name must start with a lowercase letter and cannot end with a hyphen (-). Only digits, lowercase letters, and hyphens (-) are allowed.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Login Mode
                                                                                                                                      
+
                                                                                                                                      Login Mode
                                                                                                                                      
 
                                                                                                                                      • Key Pair
                                                                                                                                        Select the key pair used to log in to the node. You can select a shared key.
                                                                                                                                        
+
                                                                                                                                      • Key Pair
                                                                                                                                        Select the key pair used to log in to the node. You can select a shared key.
                                                                                                                                        
 
                                                                                                                                        A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
                                                                                                                                        
 
                                                                                                                                      
                                                                                                                                       		
 
 
                                                                                                                                      Table 2 Configuration parameters
                                                                                                                                      Parameter
                                                                                                                                      
+
                                                                                                                                      
-
-
-
-
-
@@ -102,26 +108,26 @@
 
                                                                                                                                      Network Settings
                                                                                                                                      Configure networking resources to allow node and containerized application access.
-
                                                                                                                                      Table 2 Configuration parameters
                                                                                                                                      Parameter
                                                                                                                                      
 
                                                                                                                                      Description
                                                                                                                                      
+
                                                                                                                                      Description
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
 
                                                                                                                                      System Disk
                                                                                                                                      
+
                                                                                                                                      System Disk
                                                                                                                                      
 
                                                                                                                                      System disk used by the node OS. The value ranges from 40 GB to 1,024 GB. The default value is 50 GB.
                                                                                                                                      
-
                                                                                                                                      Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption function. This function is available only in certain regions.
                                                                                                                                      • Encryption is not selected by default.
                                                                                                                                      • After you select Encryption, you can select an existing key in the displayed dialog box. If no key is available, click View Key List to create a key. After the key is created, click the refresh icon.
                                                                                                                                      
+
                                                                                                                                      System disk used by the node OS. The value ranges from 40 GiB to 1,024 GiB. The default value is 50 GiB.
                                                                                                                                      
+
                                                                                                                                      Encryption: System disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. This function is available only in certain regions.
                                                                                                                                      • Encryption is not selected by default.
                                                                                                                                      • After selecting Encryption, you can select an existing key in the displayed dialog box. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the Encryption text box.
                                                                                                                                      
 
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Data Disk
                                                                                                                                      
+
                                                                                                                                      Data Disk
                                                                                                                                      
 
                                                                                                                                      At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.
                                                                                                                                      
-
                                                                                                                                      • First data disk: used for container runtime and kubelet components. The value ranges from 20 GB to 32,768 GB. The default value is 100 GB.
                                                                                                                                      • Other data disks: You can set the data disk size to a value ranging from 10 GB to 32,768 GB. The default value is 100 GB.
                                                                                                                                      
-
                                                                                                                                      Advanced Settings
                                                                                                                                      
-
                                                                                                                                      Click Expand to set the following parameters:
                                                                                                                                      
-
                                                                                                                                      • Allocate Disk Space: Select this option to define the disk space occupied by the container runtime to store the working directories, container image data, and image metadata. For details about how to allocate data disk space, see Data Disk Space Allocation.
                                                                                                                                      • Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption function. This function is available only in certain regions.
                                                                                                                                        • Encryption is not selected by default.
                                                                                                                                        • After you select Encryption, you can select an existing key in the displayed dialog box. If no key is available, click View Key List to create a key. After the key is created, click the refresh icon.
                                                                                                                                        
+
                                                                                                                                      At least one data disk is required for the container runtime and kubelet. The data disk cannot be deleted or uninstalled. Otherwise, the node will be unavailable.
                                                                                                                                      
+
                                                                                                                                      • First data disk: used for container runtime and kubelet components. The value ranges from 20 GiB to 32,768 GiB. The default value is 100 GiB.
                                                                                                                                      • Other data disks: You can set the data disk size to a value ranging from 10 GB to 32,768 GiB. The default value is 100 GiB.
                                                                                                                                      
+
                                                                                                                                       NOTE: 
                                                                                                                                      If the node flavor is disk-intensive or ultra-high I/O, one data disk can be a local disk.
                                                                                                                                      
+
                                                                                                                                      Local disks may break down and do not ensure data reliability. Store your service data in EVS disks, which are more reliable than local disks.
                                                                                                                                      
+
                                                                                                                                      
+
                                                                                                                                      Advanced Settings
                                                                                                                                      
+
                                                                                                                                      Click Expand to configure the following parameters:
                                                                                                                                      
+
                                                                                                                                      • Data Disk Space Allocation: After selecting Set Container Engine Space, you can specify the proportion of the space for the container engine, image, and temporary storage on the data disk. The container engine space is used to store the working directory, container image data, and image metadata for the container runtime. The remaining space of the data disk is used for pod configuration files, keys, and EmptyDir. For details about how to allocate data disk space, see Data Disk Space Allocation.
                                                                                                                                      • Encryption: Data disk encryption safeguards your data. Snapshots generated from encrypted disks and disks created using these snapshots automatically inherit the encryption setting. This function is available only in certain regions.
                                                                                                                                        • Encryption is not selected by default.
                                                                                                                                        • After selecting Encryption, you can select an existing key in the displayed dialog box. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the Encryption text box.
                                                                                                                                        
 
                                                                                                                                      
 
                                                                                                                                      Adding Multiple Data Disks
                                                                                                                                      
 
                                                                                                                                      A maximum of four data disks can be added. By default, raw disks are created without any processing. You can also click Expand and select any of the following options:
                                                                                                                                      
-
                                                                                                                                      • Default: By default, a raw disk is created without any processing.
                                                                                                                                      • Mount Disk: The data disk is attached to a specified directory.
                                                                                                                                      
-
                                                                                                                                      Local Disk Description
                                                                                                                                      
-
                                                                                                                                      If the node flavor is disk-intensive or ultra-high I/O, one data disk can be a local disk.
                                                                                                                                      
-
                                                                                                                                      Local disks may break down and do not ensure data reliability. It is recommended that you store service data in EVS disks, which are more reliable than local disks.
                                                                                                                                      
+
                                                                                                                                      • Default: By default, a raw disk is created without any processing.
                                                                                                                                      • Mount Disk: The data disk is attached to a specified directory.
                                                                                                                                      • Use as PV: applicable to scenarios in which there is a high performance requirement on PVs. The node.kubernetes.io/local-storage-persistent label is added to the node with PV configured. The value is linear or striped.
                                                                                                                                      • Use as ephemeral volume: applicable to scenarios in which there is a high performance requirement on EmptyDir.
                                                                                                                                      
+
                                                                                                                                       NOTE: 
                                                                                                                                      • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                      • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the everest add-on version is 1.2.29 or later.
                                                                                                                                      
+
                                                                                                                                      
+
                                                                                                                                      Local Persistent Volumes (Local PVs) and Local EVs support the following write modes:
                                                                                                                                      • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                                                                                      • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence, allowing data to be concurrently read and written. A storage pool consisting of striped volumes cannot be scaled-out. This option can be selected only when multiple volumes exist.
                                                                                                                                      
+
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
                                                                                                                                       
 
 
                                                                                                                                      Table 3 Configuration parameters
                                                                                                                                      Parameter
                                                                                                                                      
+
                                                                                                                                      
-
-
-
-
-
-
-
@@ -130,63 +136,65 @@
 
                                                                                                                                      Advanced Settings
                                                                                                                                      Configure advanced node capabilities such as labels, taints, and startup command.
-
                                                                                                                                      Table 3 Configuration parameters
                                                                                                                                      Parameter
                                                                                                                                      
 
                                                                                                                                      Description
                                                                                                                                      
+
                                                                                                                                      Description
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
 
                                                                                                                                      Node Subnet
                                                                                                                                      
+
                                                                                                                                      Node Subnet
                                                                                                                                      
 
                                                                                                                                      The node subnet selected during cluster creation is used by default. You can choose another subnet instead.
                                                                                                                                      
+
                                                                                                                                      The node subnet selected during cluster creation is used by default. You can choose another subnet instead.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Node IP Address
                                                                                                                                      
+
                                                                                                                                      Node IP Address
                                                                                                                                      
 
                                                                                                                                      IP address of the specified node. By default, the value is randomly allocated.
                                                                                                                                      
+
                                                                                                                                      IP address of the specified node. By default, the value is randomly allocated.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      EIP
                                                                                                                                      
+
                                                                                                                                      EIP
                                                                                                                                      
 
                                                                                                                                      A cloud server without an EIP cannot access public networks or be accessed by public networks.
                                                                                                                                      
-
                                                                                                                                      The default value is Do not use. Use existing and Auto create are supported.
                                                                                                                                      
+
                                                                                                                                      An ECS without a bound EIP cannot access the Internet or be accessed by public networks.
                                                                                                                                      
+
                                                                                                                                      The default value is Do not use. Use existing and Auto create are supported.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
                                                                                                                                       
 
 
                                                                                                                                      Table 4 Advanced configuration parameters
                                                                                                                                      Parameter
                                                                                                                                      
+
                                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -194,7 +202,7 @@
 
                                                                                                                                      Table 4 Advanced configuration parameters
                                                                                                                                      Parameter
                                                                                                                                      
 
                                                                                                                                      Description
                                                                                                                                      
+
                                                                                                                                      Description
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
 
                                                                                                                                      Kubernetes Label
                                                                                                                                      
+
                                                                                                                                      Kubernetes Label
                                                                                                                                      
 
                                                                                                                                      Click Add Label to set the key-value pair attached to the Kubernetes objects (such as pods). A maximum of 20 labels can be added.
                                                                                                                                      
+
                                                                                                                                      A key-value pair added to a Kubernetes object (such as a pod). A maximum of 20 labels can be added.
                                                                                                                                      
 
                                                                                                                                      Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Resource Tag
                                                                                                                                      
+
                                                                                                                                      Resource Tag
                                                                                                                                      
 
                                                                                                                                      You can add resource tags to classify resources.
                                                                                                                                      
-
                                                                                                                                      You can create predefined tags in Tag Management Service (TMS). Predefined tags are visible to all service resources that support the tagging function. You can use these tags to improve tagging and resource migration efficiency. 
                                                                                                                                      
+
                                                                                                                                      You can add resource tags to classify resources.
                                                                                                                                      
+
                                                                                                                                      You can create predefined tags in Tag Management Service (TMS). Predefined tags are available to all service resources that support tags. You can use these tags to improve tagging and resource migration efficiency. 
                                                                                                                                      
 
                                                                                                                                      CCE will automatically create the "CCE-Dynamic-Provisioning-Node=node id" tag.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Taint
                                                                                                                                      
+
                                                                                                                                      Taint
                                                                                                                                      
 
                                                                                                                                      This parameter is left blank by default. You can add taints to set anti-affinity for the node. A maximum of 10 taints are allowed for each node. Each taint contains the following parameters:
                                                                                                                                      • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                                                                                                                                      • Value: A value must start with a letter or digit and can contain a maximum of 63 characters, including letters, digits, hyphens (-), underscores (_), and periods (.).
                                                                                                                                      • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                                                                                                                                      
+
                                                                                                                                      This parameter is left blank by default. You can add taints to configure anti-affinity for the node. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
                                                                                                                                      • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                                                                                                                                      • Value: A value must start with a letter or digit and can contain a maximum of 63 characters, including letters, digits, hyphens (-), underscores (_), and periods (.).
                                                                                                                                      • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                                                                                                                                      
 
                                                                                                                                      
 
                                                                                                                                      For details, see Managing Node Taints.
                                                                                                                                      
 
                                                                                                                                       NOTE: 
                                                                                                                                      For a cluster of v1.19 or earlier, the workload may have been scheduled to a node before the taint is added. To avoid such a situation, select a cluster of v1.19 or later.
                                                                                                                                      
 
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Max. Pods
                                                                                                                                      
+
                                                                                                                                      Max. Pods
                                                                                                                                      
 
                                                                                                                                      Maximum number of pods that can run on the node, including the default system pods.
                                                                                                                                      
+
                                                                                                                                      Maximum number of pods that can run on the node, including the default system pods.
                                                                                                                                      
 
                                                                                                                                      This limit prevents the node from being overloaded with pods.
                                                                                                                                      
 
                                                                                                                                      This number is also decided by other factors. For details, see Maximum Number of Pods That Can Be Created on a Node.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      ECS Group
                                                                                                                                      
+
                                                                                                                                      ECS Group
                                                                                                                                      
 
                                                                                                                                      An ECS group logically groups ECSs. The ECSs in the same ECS group comply with the same policy associated with the ECS group.
                                                                                                                                      
+
                                                                                                                                      An ECS group logically groups ECSs. The ECSs in the same ECS group comply with the same policy associated with the ECS group.
                                                                                                                                      
 
                                                                                                                                      Anti-affinity: ECSs in an ECS group are deployed on different physical hosts to improve service reliability.
                                                                                                                                      
 
                                                                                                                                      Select an existing ECS group, or click Add ECS Group to create one. After the ECS group is created, click the refresh button.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Pre-installation Command
                                                                                                                                      
+
                                                                                                                                      Pre-installation Command
                                                                                                                                      
 
                                                                                                                                      Enter commands. A maximum of 1,000 characters are allowed.
                                                                                                                                      
+
                                                                                                                                      Enter commands. A maximum of 1,000 characters are allowed.
                                                                                                                                      
 
                                                                                                                                      The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Post-installation Command
                                                                                                                                      
+
                                                                                                                                      Post-installation Command
                                                                                                                                      
 
                                                                                                                                      Enter commands. A maximum of 1,000 characters are allowed.
                                                                                                                                      
+
                                                                                                                                      Enter commands. A maximum of 1,000 characters are allowed.
                                                                                                                                      
 
                                                                                                                                      The script will be executed after Kubernetes software is installed and will not affect the installation.
                                                                                                                                      
+
                                                                                                                                       NOTE: 
                                                                                                                                      Do not run the reboot command in the post-installation script to restart the system immediately. To restart the system, run the shutdown -r 1 command to delay the restart for one minute.
                                                                                                                                      
+
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      Agency
                                                                                                                                      
+
                                                                                                                                      Agency
                                                                                                                                      
 
                                                                                                                                      An agency is created by the account administrator on the IAM console. By creating an agency, you can share your cloud server resources with another account, or entrust a more professional person or team to manage your resources.
                                                                                                                                      
+
                                                                                                                                      An agency is created by the account administrator on the IAM console. By creating an agency, you can share your cloud server resources with another account, or entrust a more professional person or team to manage your resources.
                                                                                                                                      
 
                                                                                                                                      If no agency is available, click Create Agency on the right to create one.
                                                                                                                                      
                                                                                                                                       		
 
                                                                                                                                      
 
                                                                                                                                      
 
-
                                                                                                                                    4. Click Next: Confirm. Confirm the configured parameters, specifications. 
                                                                                                                                    5. Click Submit.
                                                                                                                                      The node list page is displayed. If the node status is Running, the node is created successfully. It takes about 6 to 10 minutes to create a node.
                                                                                                                                      
+
                                                                                                                                    6. Configure the number of nodes to be purchased. Then, click Next: Confirm. Confirm the configured parameters and specifications. 
                                                                                                                                    7. Click Submit.
                                                                                                                                      The node list page is displayed. If the node status is Running, the node is created successfully. It takes about 6 to 10 minutes to create a node.
                                                                                                                                      
 
                                                                                                                                    8. Click Back to Node List. The node is created successfully if it changes to the Running state.
                                                                                                                                      9. 
 
 
diff --git a/docs/cce/umn/cce_10_0365.html b/docs/cce/umn/cce_10_0365.html
index 702787651..560df6318 100644
--- a/docs/cce/umn/cce_10_0365.html
+++ b/docs/cce/umn/cce_10_0365.html
@@ -2,18 +2,25 @@
 
 
                                                                                                                                      DNS Configuration
                                                                                                                                      
 
                                                                                                                                      Every Kubernetes cluster has a built-in DNS add-on (Kube-DNS or CoreDNS) to provide domain name resolution for workloads in the cluster. When handling a high concurrency of DNS queries, Kube-DNS/CoreDNS may encounter a performance bottleneck, that is, it may fail occasionally to fulfill DNS queries. There are cases when Kubernetes workloads initiate unnecessary DNS queries. This makes DNS overloaded if there are many concurrent DNS queries. Tuning DNS configuration for workloads will reduce the risks of DNS query failures to some extent.
                                                                                                                                      
-
                                                                                                                                      For more information about DNS, see coredns (System Resource Add-On, Mandatory).
                                                                                                                                      
+
                                                                                                                                      For more information about DNS, see coredns (System Resource Add-on, Mandatory).
                                                                                                                                      
 
                                                                                                                                      DNS Configuration Items
                                                                                                                                      Run the cat /etc/resolv.conf command on a Linux node or container to view the DNS resolver configuration file. The following is an example DNS resolver configuration of a container in a Kubernetes cluster:
                                                                                                                                      nameserver 10.247.x.x
 search default.svc.cluster.local svc.cluster.local cluster.local
 options ndots:5
                                                                                                                                      
 
                                                                                                                                      
-
                                                                                                                                      Configuration Options
                                                                                                                                      • nameserver: an IP address list of a name server that the resolver will query. If this parameter is set to 10.247.x.x, the resolver will query the kube-dns/CoreDNS. If this parameter is set to another IP address, the resolver will query a cloud or on-premises DNS server.
                                                                                                                                      • search: a search list for host-name lookup. When a domain name cannot be resolved, DNS queries will be attempted combining the domain name with each domain in the search list in turn until a match is found or all domains in the search list are tried. For CCE clusters, the search list is currently limited to three domains per container. When a nonexistent domain name is being resolved, eight DNS queries will be initiated because each domain name (including those in the search list) will be queried twice, one for IPv4 and the other for IPv6.
                                                                                                                                      • options: options that allow certain internal resolver variables to be modified. Common options include timeout and ndots.
                                                                                                                                        The value ndots:5 means that if a domain name has fewer than 5 dots (.), DNS queries will be attempted by combining the domain name with each domain in the search list in turn. If no match is found after all the domains in the search list are tried, the domain name is then used for DNS query. If the domain name has 5 or more than 5 dots, it will be tried first for DNS query. In case that the domain name cannot be resolved, DNS queries will be attempted by combining the domain name with each domain in the search list in turn.
                                                                                                                                        
-
                                                                                                                                        For example, the domain name www.***.com has only two dots (smaller than the value of ndots), and therefore the sequence of DNS queries is as follows: www.***.default.svc.cluster.local, www.***.com.svc.cluster.local, www.***.com.cluster.local, and www.***.com. This means that at least seven DNS queries will be initiated before the domain name is resolved into an IP address. It is clear that when many unnecessary DNS queries will be initiated to access an external domain name. There is room for improvement in workload's DNS configuration.
                                                                                                                                        
+
                                                                                                                                        Configuration Options
                                                                                                                                        • nameserver: an IP address list of a name server that the resolver will query. If this parameter is set to 10.247.x.x, the resolver will query the kube-dns/CoreDNS. If this parameter is set to another IP address, the resolver will query a cloud or on-premises DNS server.
                                                                                                                                        • search: a search list for host-name lookup. When a domain name cannot be resolved, DNS queries will be attempted combining the domain name with each domain in the search list in turn until a match is found or all domains in the search list are tried. For CCE clusters, the search list is currently limited to three domains per container. When a nonexistent domain name is being resolved, eight DNS queries will be initiated because each domain name (including those in the search list) will be queried twice, one for IPv4 and the other for IPv6.
                                                                                                                                        • options: options that allow certain internal resolver variables to be modified. Common options include timeout and ndots.
                                                                                                                                          The value ndots:5 means that if a domain name has fewer than 5 dots (.), DNS queries will be attempted by combining the domain name with each domain in the search list in turn. If no match is found after all the domains in the search list are tried, the domain name is then used for DNS query. If the domain name has 5 or more than 5 dots, it will be tried first for DNS query. In case that the domain name cannot be resolved, DNS queries will be attempted by combining the domain name with each domain in the search list in turn. 
                                                                                                                                          
+
                                                                                                                                          For example, the domain name www.***.com has only two dots (smaller than the value of ndots), and therefore the sequence of DNS queries is as follows: www.***.default.svc.cluster.local, www.***.com.svc.cluster.local, www.***.com.cluster.local, and www.***.com. This means that at least seven DNS queries will be initiated before the domain name is resolved into an IP address. It is clear that when many unnecessary DNS queries will be initiated to access an external domain name. There is room for improvement in workload's DNS configuration.
                                                                                                                                          
 
                                                                                                                                        
 
                                                                                                                                        
 
                                                                                                                                         
                                                                                                                                        For more information about configuration options in the resolver configuration file used by Linux operating systems, visit http://man7.org/linux/man-pages/man5/resolv.conf.5.html.
                                                                                                                                        
 
                                                                                                                                        
 
                                                                                                                                      
+
                                                                                                                                      Configuring DNS for a Workload Using the Console
                                                                                                                                      Kubernetes provides DNS-related configuration options for applications. The use of application's DNS configuration can effectively reduce unnecessary DNS queries in certain scenarios and improve service concurrency. The following procedure uses an Nginx application as an example to describe how to add DNS configurations for a workload on the console.
                                                                                                                                      
+
                                                                                                                                      1. Log in to the CCE console, access the cluster console, select Workloads in the navigation pane, and click Create Workload in the upper right corner.
                                                                                                                                      2. Configure basic information about the workload. For details, see Creating a Workload.
                                                                                                                                      3. In the Advanced Settings area, click the DNS tab and set the following parameters as required:
                                                                                                                                        • DNS Policy: The DNS policies provided on the console correspond to the dnsPolicy field in the YAML file. For details, see Table 1.
                                                                                                                                          • Supplement defaults: corresponds to dnsPolicy=ClusterFirst. Containers can resolve both the cluster-internal domain names registered by a Service and the external domain names exposed to public networks.
                                                                                                                                          • Replace defaults: corresponds to dnsPolicy=None. You must configure IP Address and Search Domain. Containers only use the user-defined IP address and search domain configurations for domain name resolution.
                                                                                                                                          • Inherit defaults: corresponds to dnsPolicy=Default. Containers use the domain name resolution configuration from the node that pods run on and cannot resolve the cluster-internal domain names.
                                                                                                                                          
+
                                                                                                                                        • Optional Objects: The options parameters in the dnsConfig field. Each object may have a name property (required) and a value property (optional). After setting the properties, click confirm to add.
                                                                                                                                          • timeout: Timeout interval, in seconds.
                                                                                                                                          • ndots: Number of dots (.) that must be present in a domain name. If a domain name has dots fewer than this value, the operating system will look up the name in the search domain. If not, the name is a fully qualified domain name (FQDN) and will be tried first as an absolute name.
                                                                                                                                          
+
                                                                                                                                        • IP Address: nameservers in the dnsConfig. You can configure the domain name server for the custom domain name. The value is one or a group of DNS IP addresses.
                                                                                                                                        • Search Domain: searches in the dnsConfig. A list of DNS search domains for hostname lookup in the pod. This property is optional. When specified, the provided list will be merged into the search domain names generated from the chosen DNS policy in dnsPolicy. Duplicate domain names are removed.
                                                                                                                                        
+
                                                                                                                                        
+
                                                                                                                                      4. Click Create Workload.
                                                                                                                                      
+
                                                                                                                                      
 
                                                                                                                                      Configuring DNS Using the Workload YAML
                                                                                                                                      When creating a workload using a YAML file, you can configure the DNS settings in the YAML. The following is an example for an Nginx application:
                                                                                                                                      apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -47,22 +54,21 @@ spec:
         searches:
           - my.dns.search.suffix
                                                                                                                                      
 
                                                                                                                                      
-
                                                                                                                                      dnsPolicy
                                                                                                                                      
-
                                                                                                                                      The dnsPolicy field is used to configure a DNS policy for an application. The default value is ClusterFirst. The DNS parameters in dnsConfig will be merged to the DNS file generated according to dnsPolicy. The merge rules are later explained in Table 2. Currently, dnsPolicy supports the following four values:
-
                                                                                                                                      Table 1 dnsPolicy
                                                                                                                                      Parameter
                                                                                                                                      
+
                                                                                                                                      • dnsPolicy
                                                                                                                                        The dnsPolicy field is used to configure a DNS policy for an application. The default value is ClusterFirst. The following table lists dnsPolicy configurations.
+
                                                                                                                                        
-
-
-
-
-
-
-
-
-
                                                                                                                                        Table 1 dnsPolicy
                                                                                                                                        Parameter
                                                                                                                                        
 
                                                                                                                                        Description
                                                                                                                                        
+
                                                                                                                                        Description
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        
 
                                                                                                                                        ClusterFirst (default value)
                                                                                                                                        
+
                                                                                                                                        ClusterFirst (default value)
                                                                                                                                        
 
                                                                                                                                        CCE cluster's CoreDNS, which is cascaded with the cloud DNS by default, is used for workloads. Containers can resolve both the cluster-internal domain names registered by a Service and the external domain names exposed to public networks. The search list (search option) and ndots: 5 are present in the DNS configuration file. Therefore, when accessing an external domain name and a long cluster-internal domain name (for example, kubernetes.default.svc.cluster.local), the search list will usually be traversed first, resulting in at least six invalid DNS queries. The issue of invalid DNS queries disappears only when a short cluster-internal domain name (for example, kubernetes) is being accessed.
                                                                                                                                        
+
                                                                                                                                        Custom DNS configuration added to the default DNS configuration. By default, the application connects to CoreDNS (CoreDNS of the CCE cluster connects to the DNS on the cloud by default). The custom dnsConfig will be added to the default DNS parameters. Containers can resolve both the cluster-internal domain names registered by a Service and the external domain names exposed to public networks. The search list (search option) and ndots: 5 are present in the DNS configuration file. Therefore, when accessing an external domain name and a long cluster-internal domain name (for example, kubernetes.default.svc.cluster.local), the search list will usually be traversed first, resulting in at least six invalid DNS queries. The issue of invalid DNS queries disappears only when a short cluster-internal domain name (for example, kubernetes) is being accessed.
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        ClusterFirstWithHostNet
                                                                                                                                        
+
                                                                                                                                        ClusterFirstWithHostNet
                                                                                                                                        
 
                                                                                                                                        By default, the DNS configuration file that the --resolv-conf flag points to is configured for workloads running with hostNetwork=true, that is, a cloud DNS is used for CCE clusters. If workloads need to use Kube-DNS/CoreDNS of the cluster, set dnsPolicy to ClusterFirstWithHostNet and container's DNS configuration file is the same as ClusterFirst, in which invalid DNS queries still exist.
                                                                                                                                        ...
+
                                                                                                                                        By default, the applications configured with the host network are interconnected with the DNS configuration of the node where the pod is located. The DNS configuration is specified in the DNS file that the kubelet --resolv-conf parameter points to. In this case, the CCE cluster uses the DNS on the cloud. If workloads need to use Kube-DNS/CoreDNS of the cluster, set dnsPolicy to ClusterFirstWithHostNet and container's DNS configuration file is the same as ClusterFirst, in which invalid DNS queries still exist.
                                                                                                                                        ...
 spec:
   containers:
   - image: nginx:latest
@@ -74,60 +80,53 @@ spec:
 
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        Default
                                                                                                                                        
+
                                                                                                                                        Default
                                                                                                                                        
 
                                                                                                                                        Container's DNS configuration file is the DNS configuration file that the kubelet's --resolv-conf flag points to. In this case, a cloud DNS is used for CCE clusters. Both search and options fields are left unspecified. This configuration can only resolve the external domain names registered with the Internet, and not cluster-internal domain names. This configuration is free from the issue of invalid DNS queries.
                                                                                                                                        
+
                                                                                                                                        The DNS configuration of the node where the pod is located is inherited, and the custom DNS configuration is added to the inherited configuration. Container's DNS configuration file is the DNS configuration file that the kubelet's --resolv-conf flag points to. In this case, a cloud DNS is used for CCE clusters. Both search and options fields are left unspecified. This configuration can only resolve the external domain names registered with the Internet, and not cluster-internal domain names. This configuration is free from the issue of invalid DNS queries.
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        None
                                                                                                                                        
+
                                                                                                                                        None
                                                                                                                                        
 
                                                                                                                                        If dnsPolicy is set to None, the dnsConfig field must be specified because all DNS settings are supposed to be provided using the dnsConfig field.
                                                                                                                                        
+
                                                                                                                                        The default DNS configuration is replaced by the custom DNS configuration, and only the custom DNS configuration is used. If dnsPolicy is set to None, the dnsConfig field must be specified because all DNS settings are supposed to be provided using the dnsConfig field.
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        
                                                                                                                                         
 
                                                                                                                                        
 
                                                                                                                                        
-
                                                                                                                                         
                                                                                                                                        If the dnsPolicy field is not specified, the default value is ClusterFirst instead of Default.
                                                                                                                                        
+
                                                                                                                                         
                                                                                                                                        If the dnsPolicy field is not specified, the default value is ClusterFirst instead of Default.
                                                                                                                                        
 
                                                                                                                                        
 
                                                                                                                                        
-
                                                                                                                                        dnsConfig
                                                                                                                                        
-
                                                                                                                                        The dnsConfig field is used to configure DNS parameters for workloads. The configured parameters are merged to the DNS configuration file generated according to dnsPolicy. If dnsPolicy is set to None, the workload's DNS configuration file is specified by the dnsConfig field. If dnsPolicy is not set to None, the DNS parameters configured in dnsConfig are added to the DNS configuration file generated according to dnsPolicy.
-
                                                                                                                                        Table 2 dnsConfig
                                                                                                                                        Parameter
                                                                                                                                        
+
                                                                                                                                      • dnsConfig
                                                                                                                                        The dnsConfig field is used to configure DNS parameters for workloads. The configured parameters are merged to the DNS configuration file generated according to dnsPolicy. If dnsPolicy is set to None, the workload's DNS configuration file is specified by the dnsConfig field. If dnsPolicy is not set to None, the DNS parameters configured in dnsConfig are added to the DNS configuration file generated according to dnsPolicy.
+
                                                                                                                                        
-
-
-
-
-
-
-
                                                                                                                                        Table 2 dnsConfig
                                                                                                                                        Parameter
                                                                                                                                        
 
                                                                                                                                        Description
                                                                                                                                        
+
                                                                                                                                        Description
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        
 
                                                                                                                                        options
                                                                                                                                        
+
                                                                                                                                        options
                                                                                                                                        
 
                                                                                                                                        An optional list of objects where each object may have a name property (required) and a value property (optional). The contents in this property will be merged to the options generated from the specified DNS policy in dnsPolicy. Duplicate entries are removed.
                                                                                                                                        
+
                                                                                                                                        An optional list of objects where each object may have a name property (required) and a value property (optional). The contents in this property will be merged to the options generated from the specified DNS policy in dnsPolicy. Duplicate entries are removed.
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        nameservers
                                                                                                                                        
+
                                                                                                                                        nameservers
                                                                                                                                        
 
                                                                                                                                        A list of IP addresses that will be used as DNS servers. If workload's dnsPolicy is set to None, the list must contain at least one IP address, otherwise this property is optional. The servers listed will be combined to the nameservers generated from the specified DNS policy in dnsPolicy with duplicate addresses removed.
                                                                                                                                        
+
                                                                                                                                        A list of IP addresses that will be used as DNS servers. If workload's dnsPolicy is set to None, the list must contain at least one IP address, otherwise this property is optional. The servers listed will be combined to the nameservers generated from the specified DNS policy in dnsPolicy with duplicate addresses removed.
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        searches
                                                                                                                                        
+
                                                                                                                                        searches
                                                                                                                                        
 
                                                                                                                                        A list of DNS search domains for hostname lookup in the Pod. This property is optional. When specified, the provided list will be merged into the search domain names generated from the chosen DNS policy in dnsPolicy. Duplicate domain names are removed. Kubernetes allows for at most 6 search domains.
                                                                                                                                        
+
                                                                                                                                        A list of DNS search domains for hostname lookup in the Pod. This property is optional. When specified, the provided list will be merged into the search domain names generated from the chosen DNS policy in dnsPolicy. Duplicate domain names are removed. Kubernetes allows for at most 6 search domains.
                                                                                                                                        
                                                                                                                                         		
 
                                                                                                                                        
                                                                                                                                         
 
                                                                                                                                        
 
                                                                                                                                        
 
                                                                                                                                        
-
-
                                                                                                                                        Configuring DNS for a Workload Using the Console
                                                                                                                                        Kubernetes provides DNS-related configuration options for applications. The use of application's DNS configuration can effectively reduce unnecessary DNS queries in certain scenarios and improve service concurrency. The following procedure uses an Nginx application as an example to describe how to add DNS configurations for a workload on the console.
                                                                                                                                        
-
                                                                                                                                        1. Log in to the CCE console, access the cluster console, select Workloads in the navigation pane, and click Create Workload in the upper right corner.
                                                                                                                                        2. Configure basic information about the workload. For details, see Creating a Deployment.
                                                                                                                                        3. In the Advanced Settings area, click the DNS tab and set the following parameters as required:
                                                                                                                                          • DNS Policy: The DNS policies provided on the console correspond to the dnsPolicy field in the YAML file. For details, see Table 1.
                                                                                                                                            • Supplement defaults: corresponds to dnsPolicy=ClusterFirst. Containers can resolve both the cluster-internal domain names registered by a Service and the external domain names exposed to public networks.
                                                                                                                                            • Replace defaults: corresponds to dnsPolicy=None. You must configure IP Address and Search Domain. Containers only use the user-defined IP address and search domain configurations for domain name resolution.
                                                                                                                                            • Inherit defaults: corresponds to dnsPolicy=Default. Containers use the domain name resolution configuration from the node that pods run on and cannot resolve the cluster-internal domain names.
                                                                                                                                            
-
                                                                                                                                          • Optional Objects: The options parameters in the dnsConfig field. Each object may have a name property (required) and a value property (optional). After setting the properties, click confirm to add.
                                                                                                                                            • timeout: Timeout interval, in seconds.
                                                                                                                                            • ndots: Number of dots (.) that must be present in a domain name. If a domain name has dots fewer than this value, the operating system will look up the name in the search domain. If not, the name is a fully qualified domain name (FQDN) and will be tried first as an absolute name.
                                                                                                                                            
-
                                                                                                                                          • IP Address: nameservers in the dnsConfig field. You can configure the domain name server for the custom domain name. The value is one or a group of DNS IP addresses.
                                                                                                                                          • Search Domain: searches in the dnsConfig field. A list of DNS search domains for hostname lookup in the pod. This property is optional. When specified, the provided list will be merged into the search domain names generated from the chosen DNS policy in dnsPolicy. Duplicate domain names are removed.
                                                                                                                                          
-
                                                                                                                                          
-
                                                                                                                                        4. Click Create Workload.
                                                                                                                                        
+
                                                                                                                                        • 
 
 
                                                                                                                                        Configuration Examples
                                                                                                                                        The following example describes how to configure DNS for workloads.
                                                                                                                                        
 
                                                                                                                                        • Use Case 1: Using Kube-DNS/CoreDNS Built in Kubernetes Clusters
                                                                                                                                          Scenario
                                                                                                                                          
-
                                                                                                                                          Kubernetes in-cluster Kube-DNS/CoreDNS is applicable to resolving only cluster-internal domain names or cluster-internal domain names + external domain names. This is the default DNS for workloads.
                                                                                                                                          
+
                                                                                                                                          Kubernetes in-cluster Kube-DNS/CoreDNS applies to resolving only cluster-internal domain names or cluster-internal domain names + external domain names. This is the default DNS for workloads.
                                                                                                                                          
 
                                                                                                                                          Example:
                                                                                                                                          
 
                                                                                                                                          apiVersion: v1
 kind: Pod
@@ -138,13 +137,15 @@ spec:
   containers:
   - name: test
     image: nginx:alpine
-  dnsPolicy: ClusterFirst
                                                                                                                                          
+  dnsPolicy: ClusterFirst
+  imagePullSecrets:
+    - name: default-secret
 
                                                                                                                                          Container's DNS configuration file:
                                                                                                                                          
 
                                                                                                                                          nameserver 10.247.3.10
 search default.svc.cluster.local svc.cluster.local cluster.local
 options ndots:5
                                                                                                                                          
 
                                                                                                                                        • Use Case 2: Using a Cloud DNS
                                                                                                                                          Scenario
                                                                                                                                          
-
                                                                                                                                          A DNS cannot resolve cluster-internal domain names and therefore is applicable to the scenario where workloads access only external domain names registered with the Internet.
                                                                                                                                          
+
                                                                                                                                          A DNS cannot resolve cluster-internal domain names and therefore applies to the scenario where workloads access only external domain names registered with the Internet.
                                                                                                                                          
 
                                                                                                                                          Example:
                                                                                                                                          
 
                                                                                                                                          apiVersion: v1
 kind: Pod
@@ -155,7 +156,9 @@ spec:
   containers:
   - name: test
     image: nginx:alpine
-  dnsPolicy: Default//The DNS configuration file that the kubelet's --resolv-conf flag points to is used. In this case, a DNS is used for CCE clusters.
                                                                                                                                          
+  dnsPolicy: Default  # The DNS configuration file that the kubelet --resolv-conf parameter points to is used. In this case, the CCE cluster uses the DNS on the cloud.
+  imagePullSecrets:
+    - name: default-secret
 
                                                                                                                                          Container's DNS configuration file:
                                                                                                                                          
 
                                                                                                                                          nameserver 100.125.x.x
                                                                                                                                          
 
                                                                                                                                        • Use Case 3: Using Kube-DNS/CoreDNS for Workloads Running with hostNetwork
                                                                                                                                          Scenario
                                                                                                                                          
@@ -172,7 +175,9 @@ spec:
   - name: nginx
     image: nginx:alpine
     ports:
-    - containerPort: 80
+    - containerPort: 80
+  imagePullSecrets:
+    - name: default-secret
 
                                                                                                                                          Container's DNS configuration file:
                                                                                                                                          
 
                                                                                                                                          nameserver 10.247.3.10
 search default.svc.cluster.local svc.cluster.local cluster.local
@@ -193,7 +198,7 @@ spec:
   dnsPolicy: "None"
   dnsConfig:
     nameservers:
-    - 10.2.3.4 //IP address of your on-premises DNS
+    - 10.2.3.4  # IP address of your on-premises DNS
     searches:
     - ns1.svc.cluster.local
     - my.dns.search.suffix
@@ -201,7 +206,9 @@ spec:
     - name: ndots
       value: "2"
     - name: timeout
-      value: "3"
                                                                                                                                          
+      value: "3"
+  imagePullSecrets:
+    - name: default-secret
 
                                                                                                                                          Container's DNS configuration file:
                                                                                                                                          
 
                                                                                                                                          nameserver 10.2.3.4
 search ns1.svc.cluster.local my.dns.search.suffix
@@ -221,11 +228,33 @@ spec:
   dnsConfig:
     options:
     - name: ndots
-      value: "2" //Changes the ndots:5 option in the DNS configuration file generated based on the ClusterFirst policy to ndots:2.
                                                                                                                                          
+      value: "2" # The ndots:5 option in the DNS configuration file generated based on the ClusterFirst policy is changed to ndots:2.
+  imagePullSecrets:
+    - name: default-secret
 
                                                                                                                                          Container's DNS configuration file:
                                                                                                                                          
 
                                                                                                                                          nameserver 10.247.3.10
 search default.svc.cluster.local svc.cluster.local cluster.local
 options ndots:2
                                                                                                                                          
+
                                                                                                                                          Example 3: Using Multiple DNSs in Serial Sequence
                                                                                                                                          
+
                                                                                                                                          apiVersion: v1
+kind: Pod
+metadata:
+  namespace: default
+  name: dns-example
+spec:
+  containers:
+  - name: test
+    image: nginx:alpine
+  dnsPolicy: ClusterFirst  # Added DNS configuration. The cluster connects to CoreDNS by default.
+  dnsConfig:
+    nameservers:
+    - 10.2.3.4 # IP address of your on-premises DNS
+  imagePullSecrets:
+    - name: default-secret
                                                                                                                                          
+
                                                                                                                                          Container's DNS configuration file:
                                                                                                                                          
+
                                                                                                                                          nameserver 10.247.3.10 10.2.3.4
+search default.svc.cluster.local svc.cluster.local cluster.local
+options ndots:5
                                                                                                                                          
 
                                                                                                                                        
 
                                                                                                                                        
 
diff --git a/docs/cce/umn/cce_10_0367.html b/docs/cce/umn/cce_10_0367.html
index 3f1fd956c..f1b53dd1d 100644
--- a/docs/cce/umn/cce_10_0367.html
+++ b/docs/cce/umn/cce_10_0367.html
@@ -1,24 +1,23 @@
 
 
-
                                                                                                                                        Customizing a Cluster Certificate SAN
                                                                                                                                        
-
                                                                                                                                        Scenario
                                                                                                                                        A Subject Alternative Name (SAN) can be signed in to a cluster server certificate. A SAN is usually used by the client to verify the server validity in TLS handshakes. Specifically, the validity check includes whether the server certificate is issued by a CA trusted by the client and whether the SAN in the certificate matches the IP address or DNS domain name that the client actually accesses.
                                                                                                                                        
+
                                                                                                                                        Accessing a Cluster Using a Custom Domain Name
                                                                                                                                        
+
                                                                                                                                        Scenario
                                                                                                                                        A Subject Alternative Name (SAN) can be signed in to a cluster server certificate. A SAN is usually used by the client to verify the server validity in TLS handshakes. Specifically, the validity check includes whether the server certificate is issued by a CA trusted by the client and whether the SAN in the certificate matches the IP address or DNS domain name that the client actually accesses.
                                                                                                                                        
 
                                                                                                                                        If the client cannot directly access the private IP or EIP of the cluster, you can sign the IP address or DNS domain name that can be directly accessed by the client into the cluster server certificate to enable two-way authentication on the client, which improves security. Typical use cases include DNAT access and domain name access.
                                                                                                                                        
+
                                                                                                                                        Typical domain name access scenarios:
                                                                                                                                        
+
                                                                                                                                        • Add the response domain name mapping when specifying the DNS domain name address in the host domain name configuration on the client, or configuring /etc/hosts on the client host.
                                                                                                                                        • Use domain name access in the intranet. DNS allows you to configure mappings between cluster EIPs and custom domain names. After an EIP is updated, you can continue to use two-way authentication and the domain name to access the cluster without downloading the kubeconfig.json file again.
                                                                                                                                        • Add A records on a self-built DNS server.
                                                                                                                                        
 
                                                                                                                                        
-
                                                                                                                                        Notes and Constraints
                                                                                                                                        This feature is available only to clusters of v1.19 and later.
                                                                                                                                        
+
                                                                                                                                        Constraints
                                                                                                                                        This feature is available only to clusters of v1.19 and later.
                                                                                                                                        
 
                                                                                                                                        
-
                                                                                                                                        Customizing a SAN
                                                                                                                                        1. Log in to the CCE console.
                                                                                                                                        2. Click the target cluster in the cluster list to go to the cluster details page.
                                                                                                                                        3. In the Connection Information area, click  next to Custom SAN. In the dialog box displayed, add the IP address or domain name and click Save.
                                                                                                                                          
-
                                                                                                                                           
                                                                                                                                          1. This operation will restart kube-apiserver and update the kubeconfig.json file for a short period of time. Do not perform operations on the cluster during this period.
                                                                                                                                          
+
                                                                                                                                          Customizing a SAN
                                                                                                                                          1. Log in to the CCE console.
                                                                                                                                          2. Click the target cluster in the cluster list to go to the cluster details page.
                                                                                                                                          3. In the Connection Information area, click  next to Custom SAN. In the dialog box displayed, add the IP address or domain name and click Save.
                                                                                                                                             
                                                                                                                                            1. This operation will restart kube-apiserver and update the kubeconfig.json file for a short period of time. Do not perform operations on the cluster during this period.
                                                                                                                                            
 
                                                                                                                                            2. A maximum of 128 domain names or IP addresses, separated by commas (,), are allowed.
                                                                                                                                            
 
                                                                                                                                            3. If a custom domain name needs to be bound to an EIP, ensure that an EIP has been configured.
                                                                                                                                            
 
                                                                                                                                            
 
                                                                                                                                          
 
                                                                                                                                          
-
                                                                                                                                          Typical Domain Name Access Scenarios
                                                                                                                                          • Add the response domain name mapping when specifying the DNS domain name address in the host domain name configuration on the client, or configuring /etc/hosts on the client host.
                                                                                                                                          • Use domain name access in the intranet. DNS allows you to configure mappings between cluster EIPs and custom domain names. After an EIP is updated, you can continue to use two-way authentication and the domain name to access the cluster without downloading the kubeconfig.json file again.
                                                                                                                                          • Add A records on a self-built DNS server.
                                                                                                                                          
-
                                                                                                                                          
 
                                                                                                                                          
 
 
diff --git a/docs/cce/umn/cce_10_0374.html b/docs/cce/umn/cce_10_0374.html
index 80ad67dfe..a3bd0e0db 100644
--- a/docs/cce/umn/cce_10_0374.html
+++ b/docs/cce/umn/cce_10_0374.html
@@ -1,28 +1,30 @@
 
 
 
                                                                                                                                          Storage
                                                                                                                                          
-
                                                                                                                                          
+
                                                                                                                                          
 
                                                                                                                                          
 
 
diff --git a/docs/cce/umn/cce_10_0377.html b/docs/cce/umn/cce_10_0377.html
index 5d35c3e43..b469f9b86 100644
--- a/docs/cce/umn/cce_10_0377.html
+++ b/docs/cce/umn/cce_10_0377.html
@@ -1,225 +1,85 @@
 
 
-
                                                                                                                                          Using Local Disks as Storage Volumes
                                                                                                                                          
-
                                                                                                                                          You can mount a file directory of the host where a container is located to a specified container path (the hostPath mode in Kubernetes) for persistent data storage. Alternatively, you can leave the source path empty (the emptyDir mode in Kubernetes), and a temporary directory of the host will be mounted to the mount point of the container for temporary storage.
                                                                                                                                          
-
                                                                                                                                          Using Local Volumes
                                                                                                                                          CCE supports four types of local volumes.
                                                                                                                                          
-
                                                                                                                                          
-
                                                                                                                                          • hostPath: mounts a file directory of the host where the container is located to the specified mount point of the container. For example, if the container needs to access /etc/hosts, you can use a hostPath volume to map /etc/hosts.
                                                                                                                                          • emptyDir: stores data temporarily. An emptyDir volume is first created when a pod is assigned to a node, and exists as long as that pod is running on that node. When a container pod is terminated, EmptyDir will be deleted and the data is permanently lost.
                                                                                                                                          • ConfigMap: A ConfigMap can be mounted as a volume, and all contents stored in its key are mounted onto the specified container directory. A ConfigMap is a type of resource that stores configuration information required by a workload. Its content is user-defined. For details about how to create a ConfigMap, see Creating a ConfigMap. For details about how to use a ConfigMap, see Using a ConfigMap.
                                                                                                                                          • Secret mounting: Data in the secret is mounted to a path of the container. A secret is a type of resource that holds sensitive data, such as authentication and key information. All content is user-defined. For details about how to create a secret, see Creating a Secret. For details on how to use a secret, see Using a Secret.
                                                                                                                                          
-
                                                                                                                                          The following describes how to mount these four types of volumes.
                                                                                                                                          
-
                                                                                                                                          hostPath
                                                                                                                                          You can mount a path on the host to a specified container path. A hostPath volume is usually used to store workload logs permanently or used by workloads that need to access internal data structure of the Docker engine on the host. 
                                                                                                                                          
-
                                                                                                                                          
-
                                                                                                                                          1. Log in to the CCE console.
                                                                                                                                          2. When creating a workload, click Data Storage in the Container Settings. Click Add Volume and choose hostPath from the drop-down list.
                                                                                                                                          3. Set parameters for adding a local volume, as listed in Table 1. 
                                                                                                                                            
-
                                                                                                                                            Table 1 Setting parameters for mounting a hostPath volume
                                                                                                                                            Parameter
                                                                                                                                            
+
                                                                                                                                            hostPath
                                                                                                                                            
+
                                                                                                                                            hostPath is used for mounting the file directory of the host where the container is located to the specified mount point of the container. If the container needs to access /etc/hosts, use hostPath to map /etc/hosts.
                                                                                                                                            
+
                                                                                                                                             
                                                                                                                                            • Avoid using hostPath volumes as much as possible, as they are prone to security risks. If hostPath volumes must be used, they can only be applied to files or paths and mounted in read-only mode.
                                                                                                                                            • After the pod to which a hostPath volume is mounted is deleted, the data in the hostPath volume is retained.
                                                                                                                                            
+
                                                                                                                                            
+
                                                                                                                                            Mounting a hostPath Volume on the Console
                                                                                                                                            You can mount a path on the host to a specified container path. A hostPath volume is usually used to store workload logs permanently or used by workloads that need to access internal data structure of the Docker engine on the host.
                                                                                                                                            
+
                                                                                                                                            1. Log in to the CCE console.
                                                                                                                                            2. When creating a workload, click Data Storage in the Container Settings area. Click Add Volume and choose hostPath from the drop-down list.
                                                                                                                                            3. Set parameters for adding a local volume, as listed in Table 1.
                                                                                                                                              
+
                                                                                                                                              
-
-
-
-
-
-
-
+
+
+
+
+
+
                                                                                                                                              Table 1 Setting parameters for mounting a hostPath volume
                                                                                                                                              Parameter
                                                                                                                                              
 
                                                                                                                                              Description
                                                                                                                                              
+
                                                                                                                                              Description
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              Storage Type
                                                                                                                                              
+
                                                                                                                                              Volume Type
                                                                                                                                              
 
                                                                                                                                              Select hostPath.
                                                                                                                                              
+
                                                                                                                                              Select HostPath.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Host Path
                                                                                                                                              
+
                                                                                                                                              Host Path
                                                                                                                                              
 
                                                                                                                                              Path of the host to which the local volume is to be mounted, for example, /etc/hosts.
                                                                                                                                              
-
                                                                                                                                               NOTE: 
                                                                                                                                              Host Path cannot be set to the root directory /. Otherwise, the mounting fails. Mount paths can be as follows:
                                                                                                                                              
-
                                                                                                                                              • /opt/xxxx (excluding /opt/cloud)
                                                                                                                                              • /mnt/xxxx (excluding /mnt/paas)
                                                                                                                                              • /tmp/xxx
                                                                                                                                              • /var/xxx (excluding key directories such as /var/lib, /var/script, and /var/paas)
                                                                                                                                              • /xxxx (It cannot conflict with the system directory, such as bin, lib, home, root, boot, dev, etc, lost+found, mnt, proc, sbin, srv, tmp, var, media, opt, selinux, sys, and usr.)
                                                                                                                                              
-
                                                                                                                                              Do not set this parameter to /home/paas, /var/paas, /var/lib, /var/script, /mnt/paas, or /opt/cloud. Otherwise, the system or node installation will fail.
                                                                                                                                              
+
                                                                                                                                              Path of the host to which the local volume is to be mounted, for example, /etc/hosts.
                                                                                                                                              
+
                                                                                                                                               NOTE: 
                                                                                                                                              Host Path cannot be set to the root directory /. Otherwise, the mounting fails. Mount paths can be as follows:
                                                                                                                                              
+
                                                                                                                                              • /opt/xxxx (excluding /opt/cloud)
                                                                                                                                              • /mnt/xxxx (excluding /mnt/paas)
                                                                                                                                              • /tmp/xxx
                                                                                                                                              • /var/xxx (excluding key directories such as /var/lib, /var/script, and /var/paas)
                                                                                                                                              • /xxxx (It cannot conflict with the system directory, such as bin, lib, home, root, boot, dev, etc, lost+found, mnt, proc, sbin, srv, tmp, var, media, opt, selinux, sys, and usr.)
                                                                                                                                              
+
                                                                                                                                              Do not set this parameter to /home/paas, /var/paas, /var/lib, /var/script, /mnt/paas, or /opt/cloud. Otherwise, the system or node installation will fail.
                                                                                                                                              
 
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              Add Container Path
                                                                                                                                              
+
                                                                                                                                              Mount Path
                                                                                                                                              
 
                                                                                                                                              Configure the following parameters:
                                                                                                                                              
-
                                                                                                                                              1. subPath: Enter a subpath, for example, tmp.
                                                                                                                                                A subpath is used to mount a local disk so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                                                                                                                
-
                                                                                                                                              2. Container Path: Enter the path of the container, for example, /tmp.
                                                                                                                                                This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run; this action may cause container errors. You are advised to mount the container to an empty directory. If the directory is not empty, ensure that there are no files affecting container startup in the directory. Otherwise, such files will be replaced, resulting in failures to start the container and create the workload.
                                                                                                                                                 NOTICE: 
                                                                                                                                                When the container is mounted to a high-risk directory, you are advised to use an account with minimum permissions to start the container; otherwise, high-risk files on the host machine may be damaged.
                                                                                                                                                
+
                                                                                                                                              Enter a mount path, for example, /tmp.
                                                                                                                                              
+
                                                                                                                                              This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                               NOTICE: 
                                                                                                                                              If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                            4. Permission
                                                                                                                                              • Read-only: You can only read the data volumes mounted to the path.
                                                                                                                                              • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause a data loss.
                                                                                                                                              
-
                                                                                                                                              5. 
-
                                                                                                                                              You can click  to add multiple paths and subpaths.
                                                                                                                                              
+
                                                                                                                                              Subpath
                                                                                                                                              
+
                                                                                                                                              Enter a subpath, for example, tmp, indicating that data in the mount path of the container will be stored in the tmp folder of the volume.
                                                                                                                                              
+
                                                                                                                                              A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                                                                                                              
+
                                                                                                                                              Permission
                                                                                                                                              
+
                                                                                                                                              • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                              • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause data loss.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
                                                                                                                                               
 
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            emptyDir
                                                                                                                                            emptyDir applies to temporary data storage, disaster recovery, and runtime data sharing. It will be deleted upon deletion or transfer of workload pods.
                                                                                                                                            
+
                                                                                                                                          4. After the configuration, click Create Workload.
                                                                                                                                            5. 
 
                                                                                                                                            
-
                                                                                                                                            1. Log in to the CCE console.
                                                                                                                                            2. When creating a workload, click Data Storage in the Container Settings. Click Add Volume and choose emptyDir from the drop-down list.
                                                                                                                                            3. Set the local volume type to emptyDir and set parameters for adding a local volume, as described in Table 2.
                                                                                                                                              
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 2 Setting parameters for mounting an emptyDir volume
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              Storage Type
                                                                                                                                              
-
                                                                                                                                              Select emptyDir.
                                                                                                                                              
-
                                                                                                                                              Storage Medium
                                                                                                                                              
-
                                                                                                                                              • Default: Data is stored in hard disks, which is applicable to a large amount of data with low requirements on reading and writing efficiency. 
                                                                                                                                              • Memory: Selecting this option can improve the running speed, but the storage capacity is subject to the memory size. This mode applies to scenarios where the data volume is small and the read and write efficiency is high.
                                                                                                                                              
-
                                                                                                                                               NOTE: 
                                                                                                                                              • If you select Memory, any files you write will count against your container's memory limit. Pay attention to the memory quota. If the memory usage exceeds the threshold, OOM may occur.
                                                                                                                                              • If Memory is selected, the size of an emptyDir volume is 50% of the pod specifications and cannot be changed.
                                                                                                                                              • If Memory is not selected, emptyDir volumes will not occupy the system memory.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Add Container Path
                                                                                                                                              
-
                                                                                                                                              Configure the following parameters:
                                                                                                                                              
-
                                                                                                                                              1. subPath: Enter a subpath, for example, tmp.
                                                                                                                                                A subpath is used to mount a local disk so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                                                                                                                
-
                                                                                                                                              2. Container Path: Enter the path of the container, for example, /tmp.
                                                                                                                                                This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run; this action may cause container errors. You are advised to mount the container to an empty directory. If the directory is not empty, ensure that there are no files affecting container startup in the directory. Otherwise, such files will be replaced, resulting in failures to start the container and create the workload.
                                                                                                                                                 NOTICE: 
                                                                                                                                                When the container is mounted to a high-risk directory, you are advised to use an account with minimum permissions to start the container; otherwise, high-risk files on the host machine may be damaged.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              3. Permission
                                                                                                                                                • Read-only: You can only read the data volumes mounted to the path.
                                                                                                                                                • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause a data loss.
                                                                                                                                                
-
                                                                                                                                              
-
                                                                                                                                              You can click  to add multiple paths and subpaths.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            ConfigMap
                                                                                                                                            The data stored in a ConfigMap can be referenced in a volume of type ConfigMap. You can mount such a volume to a specified container path. The platform supports the separation of workload codes and configuration files. ConfigMap volumes are used to store workload configuration parameters. Before that, you need to create ConfigMaps in advance. For details, see Creating a ConfigMap. 
                                                                                                                                            
-
                                                                                                                                            1. Log in to the CCE console.
                                                                                                                                            2. When creating a workload, click Data Storage in the Container Settings. Click Add Volume and choose ConfigMap from the drop-down list.
                                                                                                                                            3. Set the local volume type to ConfigMap and set parameters for adding a local volume, as shown in Table 3.
                                                                                                                                              
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 3 Setting parameters for mounting a ConfigMap volume
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              Storage Type
                                                                                                                                              
-
                                                                                                                                              Select ConfigMap.
                                                                                                                                              
-
                                                                                                                                              Option
                                                                                                                                              
-
                                                                                                                                              Select the desired ConfigMap name.
                                                                                                                                              
-
                                                                                                                                              A ConfigMap must be created in advance. For details, see Creating a ConfigMap.
                                                                                                                                              
-
                                                                                                                                              Add Container Path
                                                                                                                                              
-
                                                                                                                                              Configure the following parameters:
                                                                                                                                              
-
                                                                                                                                              1. subPath: Enter a subpath, for example, tmp.
                                                                                                                                                • A subpath is used to mount a local volume so that the same data volume is used in a single pod.
                                                                                                                                                • The subpath can be the key and value of a ConfigMap or secret. If the subpath is a key-value pair that does not exist, the data import does not take effect.
                                                                                                                                                • The data imported by specifying a subpath will not be updated along with the ConfigMap/secret updates.
                                                                                                                                                
-
                                                                                                                                              2. Container Path: Enter the path of the container, for example, /tmp.
                                                                                                                                                This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run; this action may cause container errors. You are advised to mount the container to an empty directory. If the directory is not empty, ensure that there are no files affecting container startup in the directory. Otherwise, such files will be replaced, resulting in failures to start the container and create the workload.
                                                                                                                                                 NOTICE: 
                                                                                                                                                When the container is mounted to a high-risk directory, you are advised to use an account with minimum permissions to start the container; otherwise, high-risk files on the host machine may be damaged.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              3. Set the permission to Read-only. Data volumes in the path are read-only.
                                                                                                                                              
-
                                                                                                                                              You can click  to add multiple paths and subpaths.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            Secret
                                                                                                                                            You can mount a secret as a volume to the specified container path. Contents in a secret are user-defined. Before that, you need to create a secret. For details, see Creating a Secret.
                                                                                                                                            
-
                                                                                                                                            
-
                                                                                                                                            1. Log in to the CCE console.
                                                                                                                                            2. When creating a workload, click Data Storage in the Container Settings. Click Add Volume and choose Secret from the drop-down list.
                                                                                                                                            3. Set the local volume type to Secret and set parameters for adding a local volume, as shown in Table 4.
                                                                                                                                              
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 4 Setting parameters for mounting a secret volume
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              Storage Type
                                                                                                                                              
-
                                                                                                                                              Select Secret.
                                                                                                                                              
-
                                                                                                                                              Secret
                                                                                                                                              
-
                                                                                                                                              Select the desired secret name.
                                                                                                                                              
-
                                                                                                                                              A secret must be created in advance. For details, see Creating a Secret.
                                                                                                                                              
-
                                                                                                                                              Add Container Path
                                                                                                                                              
-
                                                                                                                                              Configure the following parameters:
                                                                                                                                              
-
                                                                                                                                              1. subPath: Enter a subpath, for example, tmp.
                                                                                                                                                • A subpath is used to mount a local volume so that the same data volume is used in a single pod.
                                                                                                                                                • The subpath can be the key and value of a ConfigMap or secret. If the subpath is a key-value pair that does not exist, the data import does not take effect.
                                                                                                                                                • The data imported by specifying a subpath will not be updated along with the ConfigMap/secret updates.
                                                                                                                                                
-
                                                                                                                                              2. Container Path: Enter the path of the container, for example, /tmp.
                                                                                                                                                This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run; this action may cause container errors. You are advised to mount the container to an empty directory. If the directory is not empty, ensure that there are no files affecting container startup in the directory. Otherwise, such files will be replaced, resulting in failures to start the container and create the workload.
                                                                                                                                                 NOTICE: 
                                                                                                                                                When the container is mounted to a high-risk directory, you are advised to use an account with minimum permissions to start the container; otherwise, high-risk files on the host machine may be damaged.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              3. Set the permission to Read-only. Data volumes in the path are read-only.
                                                                                                                                              
-
                                                                                                                                              You can click  to add multiple paths and subpaths.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                            
-
                                                                                                                                            Mounting a hostPath Volume Using kubectl
                                                                                                                                            You can use kubectl to mount a file directory of the host where the container is located to a specified mount path of the container.
                                                                                                                                            
-
                                                                                                                                            1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                            2. Run the following commands to configure the hostPath-pod-example.yaml file, which is used to create a pod.
                                                                                                                                              touch hostPath-pod-example.yaml
                                                                                                                                              
-
                                                                                                                                              vi hostPath-pod-example.yaml
                                                                                                                                              
-
                                                                                                                                              Mount the hostPath volume for the Deployment. The following is an example:
                                                                                                                                              
-
                                                                                                                                              apiVersion: apps/v1 
-kind: Deployment 
-metadata: 
-  name: hostpath-pod-example 
-  namespace: default 
-spec: 
-  replicas: 1 
-  selector: 
-    matchLabels: 
-      app: hostpath-pod-example 
-  template: 
-    metadata: 
-      labels: 
-        app: hostpath-pod-example 
-    spec: 
-      containers: 
-      - image: nginx
-        name: container-0 
-        volumeMounts: 
-        - mountPath: /tmp 
-          name: hostpath-example 
+
                                                                                                                                              Mounting a hostPath Volume Using kubectl
                                                                                                                                              1. Use kubectl to connect to the cluster.
                                                                                                                                              2. Create a file named nginx-hostpath.yaml and edit it.
                                                                                                                                                vi nginx-hostpath.yaml
                                                                                                                                                
+
                                                                                                                                                The content of the YAML file is as follows. Mount the /data directory on the node to the /data directory in the container.
                                                                                                                                                
+
                                                                                                                                                apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-hostpath
+  namespace: default
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx-hostpath
+  template:
+    metadata:
+      labels:
+        app: nginx-hostpath
+    spec:
+      containers:
+        - name: container-1
+          image: nginx:latest
+          volumeMounts:
+            - name: vol-hostpath         # Volume name, which must be the same as the volume name in the volumes field.
+              mountPath: /data           # Mount path in the container.
       imagePullSecrets:
         - name: default-secret
-      restartPolicy: Always 
-      volumes: 
-      - name: hostpath-example 
-        hostPath: 
-          path: /tmp/test
                                                                                                                                                
-
-
                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                Table 5 Local disk storage dependency parameters
                                                                                                                                                Parameter
                                                                                                                                                
-
                                                                                                                                                Description
                                                                                                                                                
-
                                                                                                                                                mountPath
                                                                                                                                                
-
                                                                                                                                                Mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                
-
                                                                                                                                                hostPath
                                                                                                                                                
-
                                                                                                                                                Host path. In this example, the host path is /tmp/test.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                 
                                                                                                                                                spec.template.spec.containers.volumeMounts.name and spec.template.spec.volumes.name must be consistent because they have a mapping relationship.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                              3. Run the following command to create the pod:
                                                                                                                                                kubectl create -f hostPath-pod-example.yaml
                                                                                                                                                
-
                                                                                                                                              4. Verify the mounting.
                                                                                                                                                1. Query the pod name of the workload (hostpath-pod-example is used as an example).
                                                                                                                                                  kubectl get po|grep hostpath-pod-example
                                                                                                                                                  
-
                                                                                                                                                  Expected outputs:
                                                                                                                                                  
-
                                                                                                                                                  hostpath-pod-example-55c8d4dc59-md5d9   1/1     Running   0          35s
                                                                                                                                                  
-
                                                                                                                                                2. Create the test1 file in the container mount path /tmp.
                                                                                                                                                  kubectl exec hostpath-pod-example-55c8d4dc59-md5d9 -- touch /tmp/test1
                                                                                                                                                  
-
                                                                                                                                                3. Verify that the file is created in the host path /tmp/test/.
                                                                                                                                                  ll /tmp/test/
                                                                                                                                                  
-
                                                                                                                                                  Expected outputs:
                                                                                                                                                  
-
                                                                                                                                                  -rw-r--r--  1 root root    0 Jun  1 16:12 test1
                                                                                                                                                  
-
                                                                                                                                                4. Create the test2 file in the host path /tmp/test/.
                                                                                                                                                  touch /tmp/test/test2
                                                                                                                                                  
-
                                                                                                                                                5. Verify that the file is created in the container mount path.
                                                                                                                                                  kubectl exec hostpath-pod-example-55c8d4dc59-md5d9 -- ls -l /tmp
                                                                                                                                                  
-
                                                                                                                                                  Expected outputs:
                                                                                                                                                  
-
                                                                                                                                                  -rw-r--r-- 1 root root 0 Jun  1 08:12 test1
--rw-r--r-- 1 root root 0 Jun  1 08:14 test2
                                                                                                                                                  
-
                                                                                                                                                
+      volumes:
+        - name: vol-hostpath             # Volume name, which can be customized.
+          hostPath:
+            path: /data                  # Directory location on the host node.
                                                                                                                                              
+
                                                                                                                                            3. Create a workload.
                                                                                                                                              kubectl apply -f nginx-hostpath.yaml
                                                                                                                                              
 
                                                                                                                                            
 
                                                                                                                                            
 
                                                                                                                                            
diff --git a/docs/cce/umn/cce_10_0378.html b/docs/cce/umn/cce_10_0378.html
index 291383773..98cb4d81c 100644
--- a/docs/cce/umn/cce_10_0378.html
+++ b/docs/cce/umn/cce_10_0378.html
@@ -1,294 +1,188 @@
 
 
-
                                                                                                                                            PersistentVolumeClaims (PVCs)
                                                                                                                                            
-
                                                                                                                                            A PVC describes a workload's request for storage resources. This request consumes existing PVs in the cluster. If there is no PV available, underlying storage and PVs are dynamically created. When creating a PVC, you need to describe the attributes of the requested persistent storage, such as the size of the volume and the read/write permissions.
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            When a PVC is created, the system checks whether there is an available PV with the same configuration in the cluster. If yes, the PVC binds the available PV to the cluster. If no PV meets the matching conditions, the system dynamically creates a storage volume.
                                                                                                                                            
+
                                                                                                                                            Storage Basics
                                                                                                                                            
+
                                                                                                                                            Volumes
                                                                                                                                            On-disk files in a container are ephemeral, which presents the following problems to important applications running in the container:
                                                                                                                                            
+
                                                                                                                                            1. When a container is rebuilt, files in the container will be lost.
                                                                                                                                            2. When multiple containers run in a pod at the same time, files need to be shared among the containers.
                                                                                                                                            
+
                                                                                                                                            Kubernetes volumes resolve both of these problems. Volumes, as part of a pod, cannot be created independently and can only be defined in pods. All containers in a pod can access its volumes, but the volumes must have been mounted to any directory in a container.
                                                                                                                                            
+
                                                                                                                                            The following figure shows how a storage volume is used between containers in a pod.
                                                                                                                                            
+
                                                                                                                                            
+
                                                                                                                                            The basic principles for using volumes are as follows:
                                                                                                                                            
+
                                                                                                                                            • Multiple volumes can be mounted to a pod. However, do not mount too many volumes to a pod.
                                                                                                                                            • Multiple types of volumes can be mounted to a pod.
                                                                                                                                            • Each volume mounted to a pod can be shared among containers in the pod.
                                                                                                                                            • You are advised to use PVCs and PVs to mount volumes for Kubernetes.
                                                                                                                                            
+
                                                                                                                                             
                                                                                                                                            The lifecycle of a volume is the same as that of the pod to which the volume is mounted. When the pod is deleted, the volume is also deleted. However, files in the volume may outlive the volume, depending on the volume type.
                                                                                                                                            
+
                                                                                                                                            
+
                                                                                                                                            Kubernetes provides various volume types, which can be classified as in-tree and out-of-tree.
                                                                                                                                            
 
-
                                                                                                                                            Description
                                                                                                                                            
+
                                                                                                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                            Volume Classification
                                                                                                                                            
 
                                                                                                                                            PVC Field
                                                                                                                                            
-
                                                                                                                                            PV Field
                                                                                                                                            
-
                                                                                                                                            Matching Logic
                                                                                                                                            
+
                                                                                                                                            Description
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            
 
                                                                                                                                            region
                                                                                                                                            
+
                                                                                                                                            In-tree
                                                                                                                                            
 
                                                                                                                                            pvc.metadata.labels (failure-domain.beta.kubernetes.io/region or topology.kubernetes.io/region)
                                                                                                                                            
-
                                                                                                                                            pv.metadata.labels (failure-domain.beta.kubernetes.io/region or topology.kubernetes.io/region)
                                                                                                                                            
-
                                                                                                                                            Defined or not defined at the same time. If defined, the settings must be consistent.
                                                                                                                                            
+
                                                                                                                                            Maintained through the Kubernetes code repository and built, edited, and released with Kubernetes binary files. Kubernetes does not accept this volume type anymore.
                                                                                                                                            
+
                                                                                                                                            Kubernetes-native volumes such as HostPath, EmptyDir, Secret, and ConfigMap are all the in-tree type.
                                                                                                                                            
+
                                                                                                                                            PVCs are a special in-tree volume. Kubernetes uses this type of volume to convert from in-tree to out-of-tree. PVCs allow you to request for PVs created using the underlying storage resources provided by different storage vendors.
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            zone
                                                                                                                                            
+
                                                                                                                                            Out-of-tree
                                                                                                                                            
 
                                                                                                                                            pvc.metadata.labels (failure-domain.beta.kubernetes.io/zone or topology.kubernetes.io/zone)
                                                                                                                                            
-
                                                                                                                                            pv.metadata.labels (failure-domain.beta.kubernetes.io/zone or topology.kubernetes.io/zone)
                                                                                                                                            
-
                                                                                                                                            Defined or not defined at the same time. If defined, the settings must be consistent.
                                                                                                                                            
-
                                                                                                                                            EVS disk type
                                                                                                                                            
-
                                                                                                                                            pvc.metadata.annotations (everest.io/disk-volume-type)
                                                                                                                                            
-
                                                                                                                                            pv.spec.csi.volumeAttributes (everest.io/disk-volume-type)
                                                                                                                                            
-
                                                                                                                                            Defined or not defined at the same time. If defined, the settings must be consistent.
                                                                                                                                            
-
                                                                                                                                            Key ID
                                                                                                                                            
-
                                                                                                                                            pvc.metadata.annotations (everest.io/crypt-key-id)
                                                                                                                                            
-
                                                                                                                                            pv.spec.csi.volumeAttributes (everest.io/crypt-key-id)
                                                                                                                                            
-
                                                                                                                                            Defined or not defined at the same time. If defined, the settings must be consistent.
                                                                                                                                            
-
                                                                                                                                            accessMode
                                                                                                                                            
-
                                                                                                                                            accessMode
                                                                                                                                            
-
                                                                                                                                            accessMode
                                                                                                                                            
-
                                                                                                                                            The settings must be consistent.
                                                                                                                                            
-
                                                                                                                                            Storage class
                                                                                                                                            
-
                                                                                                                                            storageclass
                                                                                                                                            
-
                                                                                                                                            storageclass
                                                                                                                                            
-
                                                                                                                                            The settings must be consistent.
                                                                                                                                            
+
                                                                                                                                            Out-of-tree volumes include container storage interfaces (CSIs) and FlexVolumes (deprecated). Storage vendors only need to comply with certain specifications to create custom storage add-ons and PVs that can be used by Kubernetes, without adding add-on source code to the Kubernetes code repository. Cloud storage such as SFS and OBS is used by installing storage drivers in a cluster. You need to create PVs in the cluster and mount the PVs to pods using PVCs.
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            
                                                                                                                                             
 
                                                                                                                                            
 
                                                                                                                                            
 
-
                                                                                                                                            Volume Access Modes
                                                                                                                                            PVs can be mounted to the host system only in the mode supported by underlying storage resources. For example, a file storage system can be read and written by multiple nodes, but an EVS disk can be read and written by only one node.
                                                                                                                                            
-
                                                                                                                                            • ReadWriteOnce: A volume can be mounted as read-write by a single node. This access mode is supported by EVS.
                                                                                                                                            • ReadWriteMany: A volume can be mounted as read-write by multiple nodes. This access mode is supported by SFS, SFS Turbo, and OBS.
                                                                                                                                            
+
                                                                                                                                            PV and PVC
                                                                                                                                            Kubernetes provides PersistentVolumes (PVs) and PersistentVolumeClaims (PVCs) to abstract details of how storage is provided from how it is consumed. You can request specific size of storage when needed, just like pods can request specific levels of resources (CPU and memory).
                                                                                                                                            
+
                                                                                                                                            • PV: describes a persistent storage volume in a cluster. A PV is a cluster-level resource just like a node. It applies to the entire Kubernetes cluster. A PV has a lifecycle independent of any individual Pod that uses the PV.
                                                                                                                                            • PVC: describes a request for storage by a user. When configuring storage for an application, claim a storage request (that is, PVC). Kubernetes selects a PV that best meets the request and binds the PV to the PVC. A PVC to PV binding is a one-to-one mapping. When creating a PVC, describe the attributes of the requested persistent storage, such as the storage size and read/write permission.
                                                                                                                                            
+
                                                                                                                                            You can bind PVCs to PVs in a pod so that the pod can use storage resources. The following figure shows the relationship between PVs and PVCs.
                                                                                                                                            
+
                                                                                                                                            Figure 1 PVC-to-PV binding
                                                                                                                                            
+
                                                                                                                                            
+
                                                                                                                                            CSI
                                                                                                                                            CSI is a standard for container storage interfaces and a storage plug-in implementation solution recommended by the Kubernetes community. everest is a storage add-on developed based on CSI. It provides different types of persistent storage for containers.
                                                                                                                                            
+
                                                                                                                                            
+
                                                                                                                                            Volume Access Modes
                                                                                                                                            Storage volumes can be mounted to the host system only in the mode supported by underlying storage resources. For example, a file storage system can be read and written by multiple nodes, but an EVS disk can be read and written by only one node.
                                                                                                                                            
+
                                                                                                                                            • ReadWriteOnce: A storage volume can be mounted to a single node in read-write mode.
                                                                                                                                            • ReadWriteMany: A storage volume can be mounted to multiple nodes in read-write mode.
                                                                                                                                            
 
-
                                                                                                                                            Table 1 Supported access modes
                                                                                                                                            Storage Type
                                                                                                                                            
+
                                                                                                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                            Table 1 Access modes supported by storage volumes
                                                                                                                                            Storage Type
                                                                                                                                            
 
                                                                                                                                            ReadWriteOnce
                                                                                                                                            
+
                                                                                                                                            ReadWriteOnce
                                                                                                                                            
 
                                                                                                                                            ReadWriteMany
                                                                                                                                            
+
                                                                                                                                            ReadWriteMany
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            
 
                                                                                                                                            EVS
                                                                                                                                            
+
                                                                                                                                            EVS
                                                                                                                                            
 
                                                                                                                                            √
                                                                                                                                            
+
                                                                                                                                            √
                                                                                                                                            
 
                                                                                                                                            ×
                                                                                                                                            
+
                                                                                                                                            ×
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            SFS
                                                                                                                                            
+
                                                                                                                                            SFS
                                                                                                                                            
 
                                                                                                                                            ×
                                                                                                                                            
+
                                                                                                                                            ×
                                                                                                                                            
 
                                                                                                                                            √
                                                                                                                                            
+
                                                                                                                                            √
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            OBS
                                                                                                                                            
+
                                                                                                                                            OBS
                                                                                                                                            
 
                                                                                                                                            ×
                                                                                                                                            
+
                                                                                                                                            ×
                                                                                                                                            
 
                                                                                                                                            √
                                                                                                                                            
+
                                                                                                                                            √
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            SFS Turbo
                                                                                                                                            
+
                                                                                                                                            SFS Turbo
                                                                                                                                            
 
                                                                                                                                            ×
                                                                                                                                            
+
                                                                                                                                            ×
                                                                                                                                            
 
                                                                                                                                            √
                                                                                                                                            
+
                                                                                                                                            √
                                                                                                                                            
                                                                                                                                             		
 
                                                                                                                                            
                                                                                                                                             
 
                                                                                                                                            
 
                                                                                                                                            
 
-
                                                                                                                                            Using a Storage Class to Create a PVC
                                                                                                                                            StorageClass describes the storage class used in the cluster. You need to specify StorageClass to dynamically create PVs and underlying storage resources when creating a PVC.
                                                                                                                                            
-
                                                                                                                                            Using the CCE Console
                                                                                                                                            
-
                                                                                                                                            1. Log in to the CCE console.
                                                                                                                                            2. Click the cluster name and go to the cluster console. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab.
                                                                                                                                            3. Click Create PVC in the upper right corner. In the dialog box displayed, set the PVC parameters.
                                                                                                                                              • Storage Volume Claim Type: Select a storage type as required.
                                                                                                                                              • PVC Name: Enter a PVC name.
                                                                                                                                              • Creation Method: Select Dynamic creation.
                                                                                                                                              • Storage Classes: Select the required storage class. The following storage resources can be dynamically provisioned:
                                                                                                                                                • csi-disk: EVS disk.
                                                                                                                                                • csi-nas: SFS Capacity-Oriented file storage.
                                                                                                                                                • csi-obs: OBS bucket.
                                                                                                                                                
-
                                                                                                                                              • AZ (supported only by EVS): Select the AZ where the EVS disk is located.
                                                                                                                                              • Disk Type (supported only by EVS disks): Select an EVS disk type as required. EVS disk types vary in different regions.
                                                                                                                                                • Common I/O
                                                                                                                                                • High I/O
                                                                                                                                                • Ultra-high I/O
                                                                                                                                                
-
                                                                                                                                              • Access Mode: ReadWriteOnce and ReadWriteMany are supported. For details, see Volume Access Modes.
                                                                                                                                              • Capacity (GiB) (only EVS and SFS are supported): storage capacity. This parameter is not available for OBS.
                                                                                                                                              • Encryption (supported only for EVS and SFS): Select Encryption. After selecting this option, you need to select a key.
                                                                                                                                              • Secret (supported only for OBS): Select an access key for OBS. For details, see Using a Custom AK/SK to Mount an OBS Volume.
                                                                                                                                              
-
                                                                                                                                            4. Click Create.
                                                                                                                                            
-
                                                                                                                                            Using YAML
                                                                                                                                            
-
                                                                                                                                            Example YAML for EVS
                                                                                                                                            
-
                                                                                                                                            • failure-domain.beta.kubernetes.io/region: region where the cluster is located.
                                                                                                                                              For details about the value of region, see Regions and Endpoints.
                                                                                                                                              
-
                                                                                                                                            • failure-domain.beta.kubernetes.io/zone: AZ where the EVS volume is created. It must be the same as the AZ planned for the workload. 
                                                                                                                                              For details about the value of zone, see Regions and Endpoints.
                                                                                                                                              
+
                                                                                                                                              Mounting a Storage Volume
                                                                                                                                              You can mount volumes in the following ways:
                                                                                                                                              
+
                                                                                                                                              Use PVs to describe existing storage resources, and then create PVCs to use the storage resources in pods. You can also use the dynamic creation mode. That is, specify the StorageClass when creating a PVC and use the provisioner in the StorageClass to automatically create a PV and bind the PV to the PVC.
                                                                                                                                              
+
+
                                                                                                                                              
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                              Table 2 Modes of mounting volumes
                                                                                                                                              Mounting Mode
                                                                                                                                              
+
                                                                                                                                              Description
                                                                                                                                              
+
                                                                                                                                              Supported Volume Type
                                                                                                                                              
+
                                                                                                                                              Other Constraints
                                                                                                                                              
+
                                                                                                                                              Statically creating storage volume (using existing storage)
                                                                                                                                              
+
                                                                                                                                              Use existing storage (such as EVS disks and SFS file systems) to create PVs and mount the PVs to the workload through PVCs. Kubernetes binds PVCs to the matching PVs so that workloads can access storage services.
                                                                                                                                              
+
                                                                                                                                              All volumes
                                                                                                                                              
+
                                                                                                                                              None
                                                                                                                                              
+
                                                                                                                                              Dynamically creating storage volumes (automatically creating storage)
                                                                                                                                              
+
                                                                                                                                              Specify a StorageClass for a PVC. The storage provisioner creates underlying storage media as required to automatically create PVs and directly bind the PV to the PVC.
                                                                                                                                              
+
                                                                                                                                              EVS, OBS, SFS, and local PV
                                                                                                                                              
+
                                                                                                                                              None
                                                                                                                                              
+
                                                                                                                                              Dynamic mounting (VolumeClaimTemplate)
                                                                                                                                              
+
                                                                                                                                              Achieved by using the volumeClaimTemplates field and depends on the dynamic PV creation capability of StorageClass. In this mode, each pod is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name.
                                                                                                                                              
+
                                                                                                                                              EVS and local PV
                                                                                                                                              
+
                                                                                                                                              Supported only by StatefulSets
                                                                                                                                              
+
                                                                                                                                              
+
                                                                                                                                              
+
                                                                                                                                              
+
                                                                                                                                              PV Reclaim Policy
                                                                                                                                              A PV reclaim policy is used to delete or reclaim underlying volumes when a PVC is deleted. The value can be Delete or Retain.
                                                                                                                                              
+
                                                                                                                                              • Delete: Deleting a PVC will remove the PV from Kubernetes, so the associated underlying storage assets from the external infrastructure.
                                                                                                                                              • Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV resources are in the Released state and cannot be directly bound to the PVC.
                                                                                                                                                You can manually delete and reclaim volumes by performing the following operations:
                                                                                                                                                
+
                                                                                                                                                1. Delete the PV.
                                                                                                                                                2. Clear data on the associated underlying storage resources as required.
                                                                                                                                                3. Delete the associated underlying storage resources.
                                                                                                                                                
+
                                                                                                                                                To reuse the underlying storage resources, create a PV.
                                                                                                                                                
 
                                                                                                                                              
-
                                                                                                                                              apiVersion: v1
+
                                                                                                                                              CCE also allows you to delete a PVC without deleting underlying storage resources. This function can be achieved only by using a YAML file: Set the PV reclaim policy to Delete and add everest.io/reclaim-policy: retain-volume-only to annotations. In this way, when the PVC is deleted, the PV is deleted, but the underlying storage resources are retained.
                                                                                                                                              
+
                                                                                                                                              The following YAML file takes EVS as an example:
                                                                                                                                              apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: pvc-evs-auto-example
+  name: test
   namespace: default
   annotations:
-    everest.io/disk-volume-type: SSD    # EVS disk type.
-    everest.io/crypt-key-id: 0992dbda-6340-470e-a74e-4f0db288ed82  # (Optional) Key ID. The key is used to encrypt EVS disks.
-    
+    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
+    everest.io/disk-volume-type: SAS
   labels:
-    failure-domain.beta.kubernetes.io/region: eu-de
-    failure-domain.beta.kubernetes.io/zone: 
+    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
+    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed
 spec:
   accessModes:
-  - ReadWriteOnce               # The value must be ReadWriteOnce for EVS.
+    - ReadWriteOnce
   resources:
     requests:
-      storage: 10Gi             # EVS disk capacity, ranging from 1 to 32768.
-  storageClassName: csi-disk    # The storage class type is EVS.
                                                                                                                                              
-
                                                                                                                                              Example YAML for file storage:
                                                                                                                                              apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name:  pvc-sfs-auto-example
-  namespace: default
-  annotations: 
-    everest.io/crypt-key-id: 0992dbda-6340-470e-a74e-4f0db288ed82  # (Optional) Key ID. The key is used to encrypt file systems.
-    everest.io/crypt-alias: sfs/default                            # (Optional) Key name. Mandatory for encrypted volumes.
-    everest.io/crypt-domain-id: 2cd7ebd02e4743eba4e6342c09e49344   # (Optional) ID of the tenant to which the encrypted volume belongs. Mandatory for encrypted volumes.
-spec:
-  accessModes:
-  - ReadWriteMany               # The value must be ReadWriteMany for SFS.
-  resources:
-    requests:
-      storage: 10Gi                # SFS file system size.
-  storageClassName: csi-nas        # The storage class type is SFS.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Example YAML for OBS:
                                                                                                                                              
-
                                                                                                                                              apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: obs-warm-provision-pvc
-  namespace: default
-  annotations:
-    everest.io/obs-volume-type: STANDARD      # OBS bucket type. Currently, standard (STANDARD) and infrequent access (WARM) are supported.
-    csi.storage.k8s.io/fstype: obsfs          # File type. obsfs indicates to create a parallel file system (recommended), and s3fs indicates to create an OBS bucket.
-    
-spec:
-  accessModes:
-  - ReadWriteMany             # The value must be ReadWriteMany for OBS.
-  resources:
-    requests:
-      storage: 1Gi                 # This field is valid only for verification (fixed to 1, cannot be empty or 0). The value setting does not take effect for OBS buckets.
-  storageClassName: csi-obs        # The storage class type is OBS.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Using a PV to Create a PVC
                                                                                                                                              If a PV has been created, you can create a PVC to apply for PV resources.
                                                                                                                                              
-
                                                                                                                                              Using the CCE Console
                                                                                                                                              
-
                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                              2. Click the cluster name and go to the cluster console. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab.
                                                                                                                                              3. Click Create PVC in the upper right corner. In the dialog box displayed, set the PVC parameters.
                                                                                                                                                • Storage Volume Claim Type: Select a storage type as required.
                                                                                                                                                • PVC Name: name of a PVC.
                                                                                                                                                • Creation Method: Select Existing storage volume.
                                                                                                                                                • PV: Select the volume to be associated, that is, the PV.
                                                                                                                                                
-
                                                                                                                                              4. Click Create.
                                                                                                                                              
-
                                                                                                                                              Using YAML
                                                                                                                                              
-
                                                                                                                                              Example YAML for EVS
                                                                                                                                              
-
                                                                                                                                              • failure-domain.beta.kubernetes.io/region: region where the cluster is located.
                                                                                                                                                For details about the value of region, see Regions and Endpoints.
                                                                                                                                                
-
                                                                                                                                              • failure-domain.beta.kubernetes.io/zone: AZ where the EVS volume is created. It must be the same as the AZ planned for the workload. 
                                                                                                                                                For details about the value of zone, see Regions and Endpoints.
                                                                                                                                                
-
                                                                                                                                              
-
                                                                                                                                              apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: pvc-test
-  namespace: default
-  annotations:
-    everest.io/disk-volume-type: SAS                                # EVS disk type.
-    everest.io/crypt-key-id: fe0757de-104c-4b32-99c5-ee832b3bcaa3   # (Optional) Key ID. The key is used to encrypt EVS disks.
-    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
-    
-  labels:
-    failure-domain.beta.kubernetes.io/region: eu-de
-    failure-domain.beta.kubernetes.io/zone: 
-spec:
-  accessModes:
-  - ReadWriteOnce               # The value must be ReadWriteOnce for EVS.
-  resources:
-    requests:
-      storage: 10Gi              
-  storageClassName: csi-disk     # Storage class name. The value is csi-disk for EVS.
-  volumeName: cce-evs-test       # PV name.
                                                                                                                                              
-
                                                                                                                                              Example YAML for SFS:
                                                                                                                                              apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: pvc-sfs-test
-  namespace: default
-  annotations:
-    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
-spec:
-  accessModes:
-  - ReadWriteMany              # The value must be ReadWriteMany for SFS.
-  resources:
-    requests:
-      storage: 100Gi           # Requested PVC capacity
-  storageClassName: csi-nas    # Storage class name
-  volumeName: cce-sfs-test     # PV name
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Example YAML for OBS:
                                                                                                                                              
-
                                                                                                                                              apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: pvc-obs-test
-  namespace: default
-  annotations:
-    everest.io/obs-volume-type: STANDARD                         # OBS bucket type. Currently, standard (STANDARD) and infrequent access (WARM) are supported.
-    csi.storage.k8s.io/fstype: s3fs                              # File type. obsfs indicates to create a parallel file system (recommended), and s3fs indicates to create an OBS bucket.
-    csi.storage.k8s.io/node-publish-secret-name: test-user
-    csi.storage.k8s.io/node-publish-secret-namespace: default
-    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
-    
-spec:
-  accessModes:
-  - ReadWriteMany             # The value must be ReadWriteMany for OBS.
-  resources:
-    requests:
-      storage: 1Gi            # Requested PVC capacity. This field is valid only for verification (fixed to 1, cannot be empty or 0). The value setting does not take effect for OBS buckets.
-  storageClassName: csi-obs   # Storage class name. The value is csi-obs for OBS.
-  volumeName: cce-obs-test    # PV name.
                                                                                                                                              
-
                                                                                                                                              Example YAML for SFS Turbo:
                                                                                                                                              apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: pvc-test
-  namespace: default
-  annotations:
-    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
-spec:
-  accessModes:
-    - ReadWriteMany               # The value must be ReadWriteMany for SFS Turbo.
-  resources:
-    requests:
-      storage: 100Gi              # Requested PVC capacity.
-  storageClassName: csi-sfsturbo  # Storage class name. The value is csi-sfsturbo for SFS Turbo.
-  volumeName: pv-sfsturbo-test         # PV name.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Using a Snapshot to Creating a PVC
                                                                                                                                              The disk type, encryption setting, and disk mode of the created EVS PVC are consistent with those of the snapshot's source EVS disk.
                                                                                                                                              
-
                                                                                                                                              Using the CCE Console
                                                                                                                                              
-
                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                              2. Click the cluster name and go to the cluster console. Choose Storage from the navigation pane, and click the Snapshots and Backups tab.
                                                                                                                                              3. Locate the snapshot that you want to use for creating a PVC, click Create PVC, and specify the PVC name in the displayed dialog box.
                                                                                                                                              4. Click Create.
                                                                                                                                              
-
                                                                                                                                              Creating from YAML
                                                                                                                                              
-
                                                                                                                                              apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: pvc-test
-  namespace: default
-  annotations:
-    everest.io/disk-volume-type: SSD     # EVS disk type, which must be the same as that of the source EVS disk of the snapshot.
-  labels:
-    failure-domain.beta.kubernetes.io/region: eu-de
-    failure-domain.beta.kubernetes.io/zone: 
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: '10'
+      storage: 10Gi
   storageClassName: csi-disk
-  dataSource:
-    name: cce-disksnap-test             # Snapshot name
-    kind: VolumeSnapshot
-    apiGroup: snapshot.storage.k8s.io
                                                                                                                                              
+  volumeName: pv-evs-test
+
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
+    everest.io/reclaim-policy: retain-volume-only
+  name: pv-evs-test
+  labels:
+    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed
+    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed
+spec:
+  accessModes:
+    - ReadWriteOnce
+  capacity:
+    storage: 10Gi
+  csi:
+    driver: disk.csi.everest.io
+    fsType: ext4
+    volumeHandle: 2af98016-6082-4ad6-bedc-1a9c673aef20
+    volumeAttributes:
+      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
+      everest.io/disk-mode: SCSI
+      everest.io/disk-volume-type: SAS
+  persistentVolumeReclaimPolicy: Delete
+  storageClassName: csi-disk
                                                                                                                                              
+
                                                                                                                                              
+
                                                                                                                                            
+
                                                                                                                                            Documentation
                                                                                                                                            • For more information about Kubernetes storage, see Storage.
                                                                                                                                            • For more information about CCE container storage, see Overview.
                                                                                                                                            
 
                                                                                                                                            
 
 
                                                                                                                                            
diff --git a/docs/cce/umn/cce_10_0379.html b/docs/cce/umn/cce_10_0379.html
index 47858f2c2..76f7a794e 100644
--- a/docs/cce/umn/cce_10_0379.html
+++ b/docs/cce/umn/cce_10_0379.html
@@ -1,398 +1,452 @@
 
 
-
                                                                                                                                            PersistentVolumes (PVs)
                                                                                                                                            
-
                                                                                                                                            A PV is a persistent storage volume in a cluster. Same as a node, a PV is a cluster-level resource.
                                                                                                                                            
-
                                                                                                                                            Notes and Constraints
                                                                                                                                            • On the new CCE console (the cluster needs to be upgraded to v1.19.10 or later and the everest add-on needs to be upgraded to v1.2.10 or later), PVs are open to you for management. On the old CCE console, PVs can only be imported or dynamically created. You cannot manage the PV lifecycle on the console.
                                                                                                                                            • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                                                              • An error may occur if multiple PVCs/PVs that use the same underlying SFS or SFS Turbo file system are mounted to the same pod.
                                                                                                                                              • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume may be abnormal.
                                                                                                                                              • When the underlying volume is repeatedly used, it is recommended that ReadWriteMany be implemented at the application layer to prevent data overwriting and loss.
                                                                                                                                              
+
                                                                                                                                              Using an Existing OBS Bucket Through a Static PV
                                                                                                                                              
+
                                                                                                                                              This section describes how to use an existing Object Storage Service (OBS) bucket to statically create PVs and PVCs and implement data persistence and sharing in workloads.
                                                                                                                                              
+
                                                                                                                                              Prerequisites
                                                                                                                                              • You have created a cluster and installed the CSI add-on (everest) in the cluster.
                                                                                                                                              • If you want to create a cluster using commands, use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                              • You have created an OBS bucket. An OBS bucket of the parallel file system type can be selected only when it is in the same region as the cluster.
                                                                                                                                              
+
                                                                                                                                              
+
                                                                                                                                              Constraints
                                                                                                                                              • Kata containers do not support OBS volumes.
                                                                                                                                              • When parallel file systems and object buckets are used, the group and permission of the mount point cannot be modified.
                                                                                                                                              • CCE allows you to use OBS parallel file systems by calling the OBS SDK or mounting a PVC through the obsfs tool provided by OBS. Each time an OBS parallel file system is mounted, an obsfs resident process is generated, as shown in the following figure.
                                                                                                                                                Figure 1 obsfs resident process
                                                                                                                                                
+
                                                                                                                                                Reserve 1 GiB of memory for each obsfs process. For example, for a node with 4 vCPUs and 8 GiB of memory, the obsfs parallel file system should be mounted to no more than eight pods.
                                                                                                                                                
+
                                                                                                                                                 
                                                                                                                                                An obsfs resident process runs on a node. If the consumed memory exceeds the upper limit of the node, the node malfunctions. On a node with 4 vCPUs and 8 GiB of memory, if more than 100 pods are mounted to parallel file systems, the node will be unavailable. Control the number of pods mounted to parallel file systems on a single node.
                                                                                                                                                
+
                                                                                                                                                
+
                                                                                                                                              
+
                                                                                                                                              • Multiple PVs can use the same OBS storage volume with the following restrictions:
                                                                                                                                                • If multiple PVCs/PVs use the same underlying object storage volume, when you attempt to mount the volume to the same pod, the operation will fail because the volumeHandle values of these PVs are the same.
                                                                                                                                                • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                                                                • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                                                                
 
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                              Volume Access Modes
                                                                                                                                              PVs can be mounted to the host system only in the mode supported by underlying storage resources. For example, a file storage system can be read and written by multiple nodes, but an EVS disk can be read and written by only one node.
                                                                                                                                              
-
                                                                                                                                              • ReadWriteOnce: A volume can be mounted as read-write by a single node. This access mode is supported by EVS.
                                                                                                                                              • ReadWriteMany: A volume can be mounted as read-write by multiple nodes. This access mode is supported by SFS, OBS, and SFS Turbo.
                                                                                                                                              
-
-
                                                                                                                                              Table 1 Access modes supported by cloud storage
                                                                                                                                              Storage Type
                                                                                                                                              
+
                                                                                                                                              Using an Existing OBS Bucket on the Console
                                                                                                                                              1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                              2. Statically create a PVC and PV.
                                                                                                                                                1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                  Parameter
                                                                                                                                                  
 
                                                                                                                                                  ReadWriteOnce
                                                                                                                                                  
-
                                                                                                                                                  ReadWriteMany
                                                                                                                                                  
+
                                                                                                                                                  Description
                                                                                                                                                  
                                                                                                                                                   		
 
                                                                                                                                                  
 
                                                                                                                                                  EVS
                                                                                                                                                  
+
                                                                                                                                                  PVC Type
                                                                                                                                                  
 
                                                                                                                                                  √
                                                                                                                                                  
-
                                                                                                                                                  ×
                                                                                                                                                  
+
                                                                                                                                                  In this section, select OBS.
                                                                                                                                                  
                                                                                                                                                   		
 
                                                                                                                                                  SFS
                                                                                                                                                  
+
                                                                                                                                                  PVC Name
                                                                                                                                                  
 
                                                                                                                                                  ×
                                                                                                                                                  
-
                                                                                                                                                  √
                                                                                                                                                  
+
                                                                                                                                                  Enter the PVC name, which must be unique in the same namespace.
                                                                                                                                                  
                                                                                                                                                   		
 
                                                                                                                                                  OBS
                                                                                                                                                  
+
                                                                                                                                                  Creation Method
                                                                                                                                                  
 
                                                                                                                                                  ×
                                                                                                                                                  
-
                                                                                                                                                  √
                                                                                                                                                  
+
                                                                                                                                                  • If underlying storage is available, create a storage volume or use an existing storage volume to statically create a PVC based on whether a PV has been created.
                                                                                                                                                  • If no underlying storage is available, select Dynamically provision. For details, see Using an OBS Bucket Through a Dynamic PV.
                                                                                                                                                  
+
                                                                                                                                                  In this example, select Create new to create a PV and PVC at the same time on the console.
                                                                                                                                                  
                                                                                                                                                   		
 
                                                                                                                                                  SFS Turbo
                                                                                                                                                  
+
                                                                                                                                                  PVa
                                                                                                                                                  
 
                                                                                                                                                  ×
                                                                                                                                                  
+
                                                                                                                                                  Select an existing PV volume in the cluster. Create a PV in advance. For details, see "Creating a storage volume" in Related Operations.
                                                                                                                                                  
+
                                                                                                                                                  You do not need to specify this parameter in this example.
                                                                                                                                                  
 
                                                                                                                                                  √
                                                                                                                                                  
+
                                                                                                                                                  OBSb
                                                                                                                                                  
+
                                                                                                                                                  Click Select OBS. On the displayed page, select the OBS bucket that meets your requirements and click OK.
                                                                                                                                                  
+
                                                                                                                                                   NOTE: 
                                                                                                                                                  Currently, only parallel file systems are supported.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  PV Nameb
                                                                                                                                                  
+
                                                                                                                                                  Enter the PV name, which must be unique in the same cluster.
                                                                                                                                                  
+
                                                                                                                                                  Access Modeb
                                                                                                                                                  
+
                                                                                                                                                  OBS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                  
+
                                                                                                                                                  Reclaim Policyb
                                                                                                                                                  
+
                                                                                                                                                  You can select Delete or Retain to specify the reclaim policy of the underlying storage when the PVC is deleted. For details, see PV Reclaim Policy.
                                                                                                                                                  
+
                                                                                                                                                   NOTE: 
                                                                                                                                                  If multiple PVs use the same OBS volume, use Retain to avoid cascading deletion of underlying volumes.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  Secretb
                                                                                                                                                  
+
                                                                                                                                                  Custom: Customize a secret if you want to assign different user permissions to different OBS storage devices. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
                                                                                                                                                  
+
                                                                                                                                                  Only secrets with the secret.kubernetes.io/used-by = csi label can be selected. The secret type is cfe/secure-opaque. If no secret is available, click Create Secret to create one.
                                                                                                                                                  • Name: Enter a secret name.
                                                                                                                                                  • Namespace: Select the namespace where the secret is.
                                                                                                                                                  • Access Key (AK/SK): Upload a key file in .csv format. For details, see Obtaining an Access Key.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  Mount Optionsb
                                                                                                                                                  
+
                                                                                                                                                  Enter the mounting parameter key-value pairs. For details, see Configuring OBS Mount Options.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                   
                                                                                                                                                  a: The parameter is available when Creation Method is set to Use existing.
                                                                                                                                                  
+
                                                                                                                                                  b: The parameter is available when Creation Method is set to Create new.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                2. Click Create to create a PVC and a PV.
                                                                                                                                                  You can choose Storage in the navigation pane and view the created PVC and PV on the PersistentVolumeClaims (PVCs) and PersistentVolumes (PVs) tab pages.
                                                                                                                                                  
+
                                                                                                                                                
+
                                                                                                                                              3. Create an application.
                                                                                                                                                1. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                                                                                2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                                                  Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                  Table 1 Mounting a storage volume
                                                                                                                                                  Parameter
                                                                                                                                                  
+
                                                                                                                                                  Description
                                                                                                                                                  
+
                                                                                                                                                  PVC
                                                                                                                                                  
+
                                                                                                                                                  Select an existing object storage volume.
                                                                                                                                                  
+
                                                                                                                                                  Mount Path
                                                                                                                                                  
+
                                                                                                                                                  Enter a mount path, for example, /tmp.
                                                                                                                                                  
+
                                                                                                                                                  This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                   NOTICE: 
                                                                                                                                                  If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  Subpath
                                                                                                                                                  
+
                                                                                                                                                  Enter a subpath, for example, tmp, indicating that data in the mount path of the container will be stored in the tmp folder of the volume.
                                                                                                                                                  
+
                                                                                                                                                  A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                                                                                                                  
+
                                                                                                                                                  Permission
                                                                                                                                                  
+
                                                                                                                                                  • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                  • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause data loss.
                                                                                                                                                  
                                                                                                                                                   		
 
                                                                                                                                                  
                                                                                                                                                   
 
                                                                                                                                                  
 
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  PV Reclaim Policy
                                                                                                                                                  A PV reclaim policy is used to delete or reclaim underlying volumes when a PVC is deleted. The value can be Delete or Retain.
                                                                                                                                                  
-
                                                                                                                                                  • Delete: When a PVC is deleted, the PV and underlying storage resources are deleted.
                                                                                                                                                  • Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After a PVC is deleted, the PV resource is in the Released state and cannot be bound to the PVC again.
                                                                                                                                                  
-
                                                                                                                                                  Everest also allows you to delete a PVC without deleting underlying storage resources. This function can be achieved only by using a YAML file. Set the PV reclaim policy to Delete and add annotations"everest.io/reclaim-policy: retain-volume-only". In this way, when the PVC is deleted, the PV resource is deleted, but the underlying storage resources are retained.
                                                                                                                                                  
+
                                                                                                                                                  In this example, the disk is mounted to the /data path of the container. The container data generated in this path is stored in the OBS volume.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                3. After the configuration, click Create Workload.
                                                                                                                                                  After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to PV Reclaim Policy.
                                                                                                                                                  
+
                                                                                                                                                
+
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                              Creating an EVS Volume
                                                                                                                                               
                                                                                                                                              The requirements for creating an EVS volume are as follows:
                                                                                                                                              
-
                                                                                                                                              • System disks, DSS disks, and shared disks cannot be used.
                                                                                                                                              • The EVS disk is one of the supported types (common I/O, high I/O, and ultra-high I/O), and the EVS disk device type is SCSI.
                                                                                                                                              • The EVS disk is not frozen or used, and the status is available.
                                                                                                                                              • If the EVS disk is encrypted, the key must be available.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Using the CCE Console
                                                                                                                                              
-
                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                              2. Click the cluster name and access the cluster console. Choose Storage from the navigation pane, and click the PersistentVolumes (PVs) tab.
                                                                                                                                              3. Click Create Volume in the upper right corner. In the dialog box displayed, set the volume parameters.
                                                                                                                                                • Volume Type: Select EVS.
                                                                                                                                                • EVS: 
                                                                                                                                                • PV Name: Enter a PV name.
                                                                                                                                                • Access Mode: ReadWriteOnce
                                                                                                                                                • Reclaim Policy: Select Delete or Retain as required. For details, see PV Reclaim Policy.
                                                                                                                                                
-
                                                                                                                                              4. Click Create.
                                                                                                                                              
-
                                                                                                                                              Using YAML
                                                                                                                                              
-
                                                                                                                                              apiVersion: v1
-kind: PersistentVolume
-metadata:
-  annotations:
-    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-    everest.io/reclaim-policy: retain-volume-only         # (Optional) The PV is deleted while the underlying volume is retained.
-  name: cce-evs-test
-  labels:
-    failure-domain.beta.kubernetes.io/region: eu-de
-    failure-domain.beta.kubernetes.io/zone: 
-spec:
-  accessModes:
-    - ReadWriteOnce     # Access mode. The value is fixed to ReadWriteOnce for EVS.
-  capacity:
-    storage: 10Gi       #  EVS disk capacity, in the unit of Gi. The value ranges from 1 to 32768.
-  csi:
-    driver: disk.csi.everest.io     # Dependent storage driver for the mounting.
-    fsType: ext4
-    volumeHandle: 459581af-e78c-4356-9e78-eaf9cd8525eb   # Volume ID of the EVS disk.
-    volumeAttributes:
-      everest.io/disk-mode: SCSI           # Device type of the EVS disk. Only SCSI is supported.
-      everest.io/disk-volume-type: SAS     # EVS disk type.
-      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-      everest.io/crypt-key-id: 0992dbda-6340-470e-a74e-4f0db288ed82    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
-  persistentVolumeReclaimPolicy: Delete    # Reclain policy.
-  storageClassName: csi-disk               # Storage class name. The value must be csi-disk.
                                                                                                                                              
-
-
                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                              Table 2 Key parameters
                                                                                                                                              Parameter
                                                                                                                                              
-
                                                                                                                                              Description
                                                                                                                                              
-
                                                                                                                                              everest.io/reclaim-policy: retain-volume-only
                                                                                                                                              
-
                                                                                                                                              This field is optional.
                                                                                                                                              
-
                                                                                                                                              Currently, only retain-volume-only is supported.
                                                                                                                                              
-
                                                                                                                                              This field is valid only when the everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                                                                              
-
                                                                                                                                              failure-domain.beta.kubernetes.io/region
                                                                                                                                              
-
                                                                                                                                              Region where the cluster is located.
                                                                                                                                              
-
                                                                                                                                              For details about the value of region, see Regions and Endpoints.
                                                                                                                                              
-
                                                                                                                                              failure-domain.beta.kubernetes.io/zone
                                                                                                                                              
-
                                                                                                                                              AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                              
-
                                                                                                                                              For details about the value of zone, see Regions and Endpoints.
                                                                                                                                              
-
                                                                                                                                              volumeHandle
                                                                                                                                              
-
                                                                                                                                              Volume ID of the EVS disk.
                                                                                                                                              
-
                                                                                                                                              To obtain the volume ID, log in to the Cloud Server Console. In the navigation pane, choose Elastic Volume Service > Disks. Click the name of the target EVS disk to go to its details page. On the Summary tab page, click the copy button after ID.
                                                                                                                                              
-
                                                                                                                                              everest.io/disk-volume-type
                                                                                                                                              
-
                                                                                                                                              EVS disk type. All letters are in uppercase.
                                                                                                                                              
-
                                                                                                                                              • SATA: common I/O
                                                                                                                                              • SAS: high I/O
                                                                                                                                              • SSD: ultra-high I/O
                                                                                                                                              
-
                                                                                                                                              everest.io/crypt-key-id
                                                                                                                                              
-
                                                                                                                                              Encryption key ID. This field is mandatory when the volume is an encrypted volume.
                                                                                                                                              
-
                                                                                                                                              persistentVolumeReclaimPolicy
                                                                                                                                              
-
                                                                                                                                              A reclaim policy is supported when the cluster version is equal to or later than 1.19.10 and the everest version is equal to or later than 1.2.9.
                                                                                                                                              
-
                                                                                                                                              The Delete and Retain policies are supported.
                                                                                                                                              
-
                                                                                                                                              Delete:
                                                                                                                                              
-
                                                                                                                                              • If everest.io/reclaim-policy is not specified, both the PV and EVS disk are deleted when a PVC is deleted.
                                                                                                                                              • If everest.io/reclaim-policy is set to retain-volume-only, when a PVC is deleted, the PV is deleted but the EVS resources are retained.
                                                                                                                                              
-
                                                                                                                                              Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV resource is in the Released state and cannot be bound to the PVC again.
                                                                                                                                              
-
                                                                                                                                              If high data security is required, you are advised to select Retain to prevent data from being deleted by mistake.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Creating an SFS Volume
                                                                                                                                               
                                                                                                                                              • The SFS file system and the cluster must be in the same VPC.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Using the CCE Console
                                                                                                                                              
-
                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                              2. Click the cluster name and access the cluster console. Choose Storage from the navigation pane, and click the PersistentVolumes (PVs) tab.
                                                                                                                                              3. Click Create Volume in the upper right corner. In the dialog box displayed, set the volume parameters.
                                                                                                                                                • Volume Type: Select SFS.
                                                                                                                                                • Select SFS resources.
                                                                                                                                                • PV Name: Enter a PV name.
                                                                                                                                                • Access Mode: ReadWriteMany
                                                                                                                                                • Reclaim Policy: Select Delete or Retain as required. For details, see PV Reclaim Policy.
                                                                                                                                                • Mount Options: mount options. For details about the options, see Setting Mount Options.
                                                                                                                                                
-
                                                                                                                                              4. Click Create.
                                                                                                                                              
-
                                                                                                                                              Using YAML
                                                                                                                                              
-
                                                                                                                                              apiVersion: v1
+
                                                                                                                                              (kubectl) Using an Existing OBS Bucket
                                                                                                                                              1. Use kubectl to connect to the cluster.
                                                                                                                                              2. Create a PV.
                                                                                                                                                1. Create the pv-obs.yaml file.
                                                                                                                                                  apiVersion: v1
 kind: PersistentVolume
 metadata:
   annotations:
     pv.kubernetes.io/provisioned-by: everest-csi-provisioner
     everest.io/reclaim-policy: retain-volume-only      # (Optional) The PV is deleted while the underlying volume is retained.
-  name: cce-sfs-test
+  name: pv-obs       # PV name.
 spec:
   accessModes:
-  - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS.
+  - ReadWriteMany    # Access mode. The value must be ReadWriteMany for OBS.
   capacity:
-    storage: 1Gi       # File storage capacity.
-  csi:
-    driver: disk.csi.everest.io   # Mount the dependent storage driver.
-    fsType: nfs
-    volumeHandle: 30b3d92a-0bc7-4610-b484-534660db81be   # SFS file system ID.
-    volumeAttributes:
-      everest.io/share-export-location:   # Shared path of the file storage
-      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-  persistentVolumeReclaimPolicy: Retain    # Reclaim policy.
-  storageClassName: csi-nas                # Storage class name
-  mountOptions: []                         # Mount options
                                                                                                                                                  
-
-
                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                  Table 3 Key parameters
                                                                                                                                                  Parameter
                                                                                                                                                  
-
                                                                                                                                                  Description
                                                                                                                                                  
-
                                                                                                                                                  everest.io/reclaim-policy: retain-volume-only
                                                                                                                                                  
-
                                                                                                                                                  This field is optional.
                                                                                                                                                  
-
                                                                                                                                                  Currently, only retain-volume-only is supported.
                                                                                                                                                  
-
                                                                                                                                                  This field is valid only when the everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                                                                                  
-
                                                                                                                                                  volumeHandle
                                                                                                                                                  
-
                                                                                                                                                  • If SFS Capacity-Oriented file storage is used, enter the file storage ID.
                                                                                                                                                    On the management console, choose Service List > Storage > Scalable File Service. In the SFS file system list, click the name of the target file system and copy the content following ID on the page displayed.
                                                                                                                                                    
-
                                                                                                                                                  
-
                                                                                                                                                  everest.io/share-export-location
                                                                                                                                                  
-
                                                                                                                                                  Shared path of the file system.
                                                                                                                                                  
-
                                                                                                                                                  On the management console, choose Service List > Storage > Scalable File Service. You can obtain the shared path of the file system from the Mount Address column.
                                                                                                                                                  
-
                                                                                                                                                  mountOptions
                                                                                                                                                  
-
                                                                                                                                                  Mount options.
                                                                                                                                                  
-
                                                                                                                                                  If not specified, the following configurations are used by default. For details, see SFS Volume Mount Options.
                                                                                                                                                  
-
                                                                                                                                                  mountOptions:
-- vers=3
-- timeo=600
-- nolock
-- hard
                                                                                                                                                  
-
                                                                                                                                                  everest.io/crypt-key-id
                                                                                                                                                  
-
                                                                                                                                                  Encryption key ID. This field is mandatory when the volume is an encrypted volume.
                                                                                                                                                  
-
                                                                                                                                                  persistentVolumeReclaimPolicy
                                                                                                                                                  
-
                                                                                                                                                  A reclaim policy is supported when the cluster version is equal to or later than 1.19.10 and the everest version is equal to or later than 1.2.9.
                                                                                                                                                  
-
                                                                                                                                                  The options are as follows:
                                                                                                                                                  
-
                                                                                                                                                  Delete:
                                                                                                                                                  
-
                                                                                                                                                  • If everest.io/reclaim-policy is not specified, both the PV and SFS volume are deleted when a PVC is deleted.
                                                                                                                                                  • If everest.io/reclaim-policy is set to retain-volume-only, when a PVC is deleted, the PV is deleted but the file storage resources are retained.
                                                                                                                                                  
-
                                                                                                                                                  Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV resource is in the Released state and cannot be bound to the PVC again.
                                                                                                                                                  
-
                                                                                                                                                  If high data security is required, you are advised to select Retain to prevent data from being deleted by mistake.
                                                                                                                                                  
-
                                                                                                                                                  
-
                                                                                                                                                  
-
                                                                                                                                              
-
                                                                                                                                              Creating an OBS Volume
                                                                                                                                               
                                                                                                                                              Secure containers do not support OBS volumes.
                                                                                                                                              
-
                                                                                                                                              A single user can create a maximum of 100 OBS buckets on the console. If you have a large number of CCE workloads and you want to mount an OBS bucket to every workload, you may easily run out of buckets. In this scenario, you are advised to use OBS through the OBS API or SDK and do not mount OBS buckets to the workload on the console.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Using the CCE Console
                                                                                                                                              
-
                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                              2. Click the cluster name and access the cluster console. Choose Storage from the navigation pane, and click the PersistentVolumes (PVs) tab.
                                                                                                                                              3. Click Create Volume in the upper right corner. In the dialog box displayed, set the volume parameters.
                                                                                                                                                • Volume Type: Select OBS.
                                                                                                                                                • Select OBS resources.
                                                                                                                                                • PV Name: Enter a PV name.
                                                                                                                                                • Access Mode: ReadWriteMany
                                                                                                                                                • Reclaim Policy: Select Delete or Retain as required. For details, see PV Reclaim Policy.
                                                                                                                                                • Secret: You can customize the access key (AK/SK) for mounting an OBS volume. You can use the AK/SK to create a secret and mount the secret to the PV. For details, see Using a Custom AK/SK to Mount an OBS Volume.
                                                                                                                                                • Mount Options: mount options. For details about the options, see Setting Mount Options.
                                                                                                                                                
-
                                                                                                                                              4. Click Create.
                                                                                                                                              
-
                                                                                                                                              Using YAML
                                                                                                                                              
-
                                                                                                                                              apiVersion: v1
-kind: PersistentVolume
-metadata:
-  annotations:
-    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-    everest.io/reclaim-policy: retain-volume-only         # (Optional) The PV is deleted while the underlying volume is retained.
-  name: cce-obs-test
-spec:
-  accessModes:
-  - ReadWriteMany                      # Access mode. The value must be ReadWriteMany for OBS.
-  capacity:
-    storage: 1Gi      # Storage capacity. This parameter is set only to meet the PV format requirements. It can be set to any value. The actual OBS space size is not limited by this value.
+    storage: 1Gi     # OBS volume capacity.
   csi:
     driver: obs.csi.everest.io        # Dependent storage driver for the mounting.
-    fsType: obsfs                      # OBS file type.
-    volumeHandle: cce-obs-bucket       # OBS bucket name.
+    driver: obs.csi.everest.io        # Instance type.
+    volumeHandle: <your_volume_id>    # Name of the OBS volume.
     volumeAttributes:
+      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
       everest.io/obs-volume-type: STANDARD
-      everest.io/region: eu-de
-      
-      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-    nodePublishSecretRef:
-      name: test-user
-      namespace: default
-  persistentVolumeReclaimPolicy: Retain       # Reclaim policy.
-  storageClassName: csi-obs                   # Storage class name. The value must be csi-obs for OBS.
-  mountOptions: []                            # Mount options.
                                                                                                                                              
+      everest.io/region: <your_region>                        # Region where the OBS volume is.
+    nodePublishSecretRef:            # Custom secret of the OBS volume.
+      name: <your_secret_name>       # Custom secret name.
+      namespace: <your_namespace>    # Namespace of the custom secret.
+  persistentVolumeReclaimPolicy: Retain    # Reclaim policy.
+  storageClassName: csi-obs               # Storage class name.
+  mountOptions: []                         # Mount options.
                                                                                                                                              
 
-
                                                                                                                                              Table 4 Key parameters
                                                                                                                                              Parameter
                                                                                                                                              
+
                                                                                                                                              
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
+
+
+
+
+
+
+
+
                                                                                                                                              Table 2 Key parameters
                                                                                                                                              Parameter
                                                                                                                                              
 
                                                                                                                                              Description
                                                                                                                                              
+
                                                                                                                                              Mandatory
                                                                                                                                              
+
                                                                                                                                              Description
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              everest.io/reclaim-policy: retain-volume-only
                                                                                                                                              
+
                                                                                                                                              everest.io/reclaim-policy: retain-volume-only
                                                                                                                                              
 
                                                                                                                                              This field is optional.
                                                                                                                                              
-
                                                                                                                                              Currently, only retain-volume-only is supported.
                                                                                                                                              
-
                                                                                                                                              This field is valid only when the everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                                                                              
+
                                                                                                                                              No
                                                                                                                                              
+
                                                                                                                                              Optional.
                                                                                                                                              
+
                                                                                                                                              Currently, only retain-volume-only is supported.
                                                                                                                                              
+
                                                                                                                                              This field is valid only when the everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              fsType
                                                                                                                                              
+
                                                                                                                                              fsType
                                                                                                                                              
 
                                                                                                                                              File type. The value can be obsfs or s3fs. If the value is s3fs, an OBS bucket is created and mounted using s3fs. If the value is obsfs, an OBS parallel file system is created and mounted using obsfs. You are advised to set this field to obsfs.
                                                                                                                                              
+
                                                                                                                                              Yes
                                                                                                                                              
+
                                                                                                                                              Instance type. The value can be obsfs or s3fs.
                                                                                                                                              
+
                                                                                                                                              • obsfs: Parallel file system, which is mounted using obsfs (recommended).
                                                                                                                                              • s3fs: Object bucket, which is mounted using s3fs.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              volumeHandle
                                                                                                                                              
+
                                                                                                                                              volumeHandle
                                                                                                                                              
 
                                                                                                                                              OBS bucket name.
                                                                                                                                              
+
                                                                                                                                              Yes
                                                                                                                                              
+
                                                                                                                                              OBS volume name.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              everest.io/obs-volume-type
                                                                                                                                              
+
                                                                                                                                              everest.io/obs-volume-type
                                                                                                                                              
 
                                                                                                                                              Storage class, including STANDARD (standard bucket) and WARM (infrequent access bucket).
                                                                                                                                              
+
                                                                                                                                              Yes
                                                                                                                                              
+
                                                                                                                                              OBS storage class.
                                                                                                                                              
+
                                                                                                                                              • If fsType is set to s3fs, STANDARD (standard bucket) and WARM (infrequent access bucket) are supported.
                                                                                                                                              • This parameter is invalid when fsType is set to obsfs.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              everest.io/region
                                                                                                                                              
+
                                                                                                                                              everest.io/region
                                                                                                                                              
 
                                                                                                                                              Region where the OBS bucket is deployed.
                                                                                                                                              
-
                                                                                                                                              For details about the value of region, see Regions and Endpoints.
                                                                                                                                              
+
                                                                                                                                              Yes
                                                                                                                                              
+
                                                                                                                                              Region where the OBS bucket is deployed.
                                                                                                                                              
+
                                                                                                                                              For details about the value of region, see Regions and Endpoints.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              nodePublishSecretRef
                                                                                                                                              
+
                                                                                                                                              nodePublishSecretRef
                                                                                                                                              
 
                                                                                                                                              Access key (AK/SK) used for mounting the object storage volume. You can use the AK/SK to create a secret and mount it to the PV. For details, see Using a Custom AK/SK to Mount an OBS Volume.
                                                                                                                                              
+
                                                                                                                                              No
                                                                                                                                              
+
                                                                                                                                              Access key (AK/SK) used for mounting the object storage volume. You can use the AK/SK to create a secret and mount it to the PV. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
                                                                                                                                              
+
                                                                                                                                              An example is as follows:
                                                                                                                                              nodePublishSecretRef:
+  name: secret-demo
+  namespace: default
                                                                                                                                              
+
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              mountOptions
                                                                                                                                              
+
                                                                                                                                              mountOptions
                                                                                                                                              
 
                                                                                                                                              Mount options. For details, see OBS Volume Mount Options.
                                                                                                                                              
+
                                                                                                                                              No
                                                                                                                                              
+
                                                                                                                                              Mount options. For details, see Configuring OBS Mount Options.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              persistentVolumeReclaimPolicy
                                                                                                                                              
+
                                                                                                                                              persistentVolumeReclaimPolicy
                                                                                                                                              
 
                                                                                                                                              A reclaim policy is supported when the cluster version is equal to or later than 1.19.10 and the everest version is equal to or later than 1.2.9.
                                                                                                                                              
-
                                                                                                                                              The Delete and Retain policies are supported.
                                                                                                                                              
-
                                                                                                                                              Delete:
                                                                                                                                              
-
                                                                                                                                              • If everest.io/reclaim-policy is not specified, both the PV and OBS volume are deleted when a PVC is deleted.
                                                                                                                                              • If everest.io/reclaim-policy is set to retain-volume-only, when a PVC is deleted, the PV is deleted but the object storage resources are retained.
                                                                                                                                              
-
                                                                                                                                              Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV resource is in the Released state and cannot be bound to the PVC again.
                                                                                                                                              
-
                                                                                                                                              If high data security is required, you are advised to select Retain to prevent data from being deleted by mistake.
                                                                                                                                              
+
                                                                                                                                              Yes
                                                                                                                                              
+
                                                                                                                                              A reclaim policy is supported when the cluster version is or later than 1.19.10 and the everest version is or later than 1.2.9.
                                                                                                                                              
+
                                                                                                                                              The Delete and Retain reclaim policies are supported. For details, see PV Reclaim Policy. If multiple PVs use the same OBS volume, use Retain to avoid cascading deletion of underlying volumes.
                                                                                                                                              
+
                                                                                                                                              Delete:
                                                                                                                                              
+
                                                                                                                                              • If everest.io/reclaim-policy is not specified, both the PV and storage resources are deleted when a PVC is deleted.
                                                                                                                                              • If everest.io/reclaim-policy is set to retain-volume-only, when a PVC is deleted, the PV is deleted but the storage resources are retained.
                                                                                                                                              
+
                                                                                                                                              Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV is in the Released status and cannot be bound to the PVC again.
                                                                                                                                              
+
                                                                                                                                              storage
                                                                                                                                              
+
                                                                                                                                              Yes
                                                                                                                                              
+
                                                                                                                                              Storage capacity, in Gi.
                                                                                                                                              
+
                                                                                                                                              For OBS buckets, this field is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for OBS buckets. 
                                                                                                                                              
+
                                                                                                                                              storageClassName
                                                                                                                                              
+
                                                                                                                                              Yes
                                                                                                                                              
+
                                                                                                                                              The storage class name of OBS volumes is csi-obs.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
                                                                                                                                               
 
                                                                                                                                              
 
                                                                                                                                              
-
-
                                                                                                                                              Creating an SFS Turbo Volume
                                                                                                                                               
                                                                                                                                              SFS Turbo and the cluster must be in the same VPC.
                                                                                                                                              
-
                                                                                                                                              
-
                                                                                                                                              Using the CCE Console
                                                                                                                                              
-
                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                              2. Click the cluster name and access the cluster console. Choose Storage from the navigation pane, and click the PersistentVolumes (PVs) tab.
                                                                                                                                              3. Click Create Volume in the upper right corner. In the dialog box displayed, set the volume parameters.
                                                                                                                                                • Volume Type: Select SFS Turbo.
                                                                                                                                                • SFS Turbo: Select SFS Turbo resources.
                                                                                                                                                • PV Name: Enter a PV name.
                                                                                                                                                • Access Mode: ReadWriteMany
                                                                                                                                                • Reclaim Policy: Select Retain. For details, see PV Reclaim Policy.
                                                                                                                                                • Mount Options: mount options. For details about the options, see Setting Mount Options.
                                                                                                                                                
-
                                                                                                                                              4. Click Create.
                                                                                                                                              
-
                                                                                                                                              Using YAML
                                                                                                                                              
-
                                                                                                                                              apiVersion: v1
-kind: PersistentVolume
+
                                                                                                                                            • Run the following command to create a PV:
                                                                                                                                              kubectl apply -f pv-obs.yaml
                                                                                                                                              
+
                                                                                                                                              • 
+
                                                                                                                                            • Create a PVC.
                                                                                                                                              1. Create the pvc-obs.yaml file.
                                                                                                                                                apiVersion: v1
+kind: PersistentVolumeClaim
 metadata:
+  name: pvc-obs
+  namespace: default
   annotations:
-    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
-  name: cce-sfsturbo-test
-spec:
+    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
+    everest.io/obs-volume-type: STANDARD
+    csi.storage.k8s.io/fstype: obsfs
+    csi.storage.k8s.io/node-publish-secret-name: <your_secret_name>  # Custom secret name.
+    csi.storage.k8s.io/node-publish-secret-namespace: <your_namespace>        # Namespace of the custom secret.
+ spec:
   accessModes:
-    - ReadWriteMany       # Access mode. The value must be ReadWriteMany for SFS Turbo.
-  capacity:
-    storage: 100.00Gi     # SFS Turbo volume capacity.
-  csi:
-    driver: sfsturbo.csi.everest.io    # Dependent storage driver for the mounting.
-    fsType: nfs
-    volumeHandle: 6674bd0a-d760-49de-bb9e-805c7883f047      # SFS Turbo volume ID.
-    volumeAttributes:
-      everest.io/share-export-location: 192.168.0.85:/      # Shared path of the SFS Turbo volume.
-      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
-  persistentVolumeReclaimPolicy: Retain     # Reclaim policy.
-  storageClassName: csi-sfsturbo            # Storage class name. The value must be csi-sfsturbo for SFS Turbo.
-  mountOptions: []                          # Mount options.
                                                                                                                                                
+  - ReadWriteMany                  # The value must be ReadWriteMany for OBS.
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: csi-obs       # Storage class name, which must be the same as that of the PV.
+  volumeName: pv-obs    # PV name.
                                                                                                                                              • 
 
-
                                                                                                                                              Table 5 Key parameters
                                                                                                                                              Parameter
                                                                                                                                              
+
                                                                                                                                              
-
+
-
-
+
-
-
+
-
-
+
-
-
+
+
+
+
+
                                                                                                                                              Table 3 Key parameters
                                                                                                                                              Parameter
                                                                                                                                              
 
                                                                                                                                              Description
                                                                                                                                              
+
                                                                                                                                              Mandatory
                                                                                                                                              
+
                                                                                                                                              Description
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
 
                                                                                                                                              volumeHandle
                                                                                                                                              
+
                                                                                                                                              csi.storage.k8s.io/node-publish-secret-name
                                                                                                                                              
 
                                                                                                                                              SFS Turbo volume ID.
                                                                                                                                              
-
                                                                                                                                              You can obtain the ID on the SFS Turbo storage instance details page on the SFS console.
                                                                                                                                              
+
                                                                                                                                              No
                                                                                                                                              
+
                                                                                                                                              Name of the custom secret specified in the PV.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              everest.io/share-export-location
                                                                                                                                              
+
                                                                                                                                              csi.storage.k8s.io/node-publish-secret-namespace
                                                                                                                                              
 
                                                                                                                                              Shared path of the SFS Turbo volume.
                                                                                                                                              
+
                                                                                                                                              No
                                                                                                                                              
+
                                                                                                                                              Namespace of the custom secret specified in the PV.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              mountOptions
                                                                                                                                              
+
                                                                                                                                              storage
                                                                                                                                              
 
                                                                                                                                              Mount options.
                                                                                                                                              
-
                                                                                                                                              If not specified, the following configurations are used by default. For details, see SFS Volume Mount Options.
                                                                                                                                              
-
                                                                                                                                              mountOptions:
-- vers=3
-- timeo=600
-- nolock
-- hard
                                                                                                                                              
+
                                                                                                                                              Yes
                                                                                                                                              
+
                                                                                                                                              Requested capacity in the PVC, in Gi.
                                                                                                                                              
+
                                                                                                                                              For OBS, this field is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for OBS.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              persistentVolumeReclaimPolicy
                                                                                                                                              
+
                                                                                                                                              storageClassName
                                                                                                                                              
 
                                                                                                                                              A reclaim policy is supported when the cluster version is equal to or later than 1.19.10 and the everest version is equal to or later than 1.2.9.
                                                                                                                                              
-
                                                                                                                                              The Delete and Retain policies are supported.
                                                                                                                                              
-
                                                                                                                                              Delete:
                                                                                                                                              
-
                                                                                                                                              • If everest.io/reclaim-policy is not specified, both the PV and SFS Turbo volume are deleted when a PVC is deleted.
                                                                                                                                              • If everest.io/reclaim-policy is set to retain-volume-only, when a PVC is deleted, the PV is deleted but the SFF Turbo resources are retained.
                                                                                                                                              
-
                                                                                                                                              Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV resource is in the Released state and cannot be bound to the PVC again.
                                                                                                                                              
-
                                                                                                                                              If high data security is required, you are advised to select Retain to prevent data from being deleted by mistake.
                                                                                                                                              
+
                                                                                                                                              Yes
                                                                                                                                              
+
                                                                                                                                              Storage class name, which must be the same as the storage class of the PV in 1.
                                                                                                                                              
+
                                                                                                                                              The storage class name of OBS volumes is csi-obs.
                                                                                                                                              
+
                                                                                                                                              volumeName
                                                                                                                                              
+
                                                                                                                                              Yes
                                                                                                                                              
+
                                                                                                                                              PV name, which must be the same as the PV name in 1.
                                                                                                                                              
                                                                                                                                               		
 
                                                                                                                                              
                                                                                                                                               
 
                                                                                                                                              
 
                                                                                                                                              
+
                                                                                                                                            • Run the following command to create a PVC:
                                                                                                                                              kubectl apply -f pvc-obs.yaml
                                                                                                                                              
+
                                                                                                                                              • 
+
                                                                                                                                            • Create an application.
                                                                                                                                              1. Create a file named web-demo.yaml. In this example, the OBS volume is mounted to the /data path.
                                                                                                                                                apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web-demo
+  namespace: default
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: web-demo
+  template:
+    metadata:
+      labels:
+        app: web-demo
+    spec:
+      containers:
+      - name: container-1
+        image: nginx:latest
+        volumeMounts:
+        - name: pvc-obs-volume    #Volume name, which must be the same as the volume name in the volumes field.
+          mountPath: /data  #Location where the storage volume is mounted.
+      imagePullSecrets:
+        - name: default-secret
+      volumes:
+        - name: pvc-obs-volume    #Volume name, which can be customized.
+          persistentVolumeClaim:
+            claimName: pvc-obs    #Name of the created PVC.
                                                                                                                                                
+
                                                                                                                                              2. Run the following command to create an application to which the OBS volume is mounted:
                                                                                                                                                kubectl apply -f web-demo.yaml
                                                                                                                                                
+
                                                                                                                                                After the workload is created, you can try Verifying Data Persistence and Sharing.
                                                                                                                                                
+
                                                                                                                                              
+
                                                                                                                                              • 
+
+
                                                                                                                                              Verifying Data Persistence and Sharing
                                                                                                                                              1. View the deployed applications and files.
                                                                                                                                                1. Run the following command to view the created pod:
                                                                                                                                                  kubectl get pod | grep web-demo
                                                                                                                                                  
+
                                                                                                                                                  Expected output:
                                                                                                                                                  web-demo-846b489584-mjhm9   1/1     Running   0             46s
+web-demo-846b489584-wvv5s   1/1     Running   0             46s
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                2. Run the following commands in sequence to view the files in the /data path of the pods:
                                                                                                                                                  kubectl exec web-demo-846b489584-mjhm9 -- ls /data
+kubectl exec web-demo-846b489584-wvv5s -- ls /data
                                                                                                                                                  
+
                                                                                                                                                  If no result is returned for both pods, no file exists in the /data path.
                                                                                                                                                  
+
                                                                                                                                                
+
                                                                                                                                              2. Run the following command to create a file named static in the /data path:
                                                                                                                                                kubectl exec web-demo-846b489584-mjhm9 --  touch /data/static
                                                                                                                                                
+
                                                                                                                                              3. Run the following command to view the files in the /data path:
                                                                                                                                                kubectl exec web-demo-846b489584-mjhm9 -- ls /data
                                                                                                                                                
+
                                                                                                                                                Expected output:
                                                                                                                                                
+
                                                                                                                                                static
                                                                                                                                                
+
                                                                                                                                              4. Verify data persistence.
                                                                                                                                                1. Run the following command to delete the pod named web-demo-846b489584-mjhm9:
                                                                                                                                                  kubectl delete pod web-demo-846b489584-mjhm9
                                                                                                                                                  
+
                                                                                                                                                  Expected output:
                                                                                                                                                  
+
                                                                                                                                                  pod "web-demo-846b489584-mjhm9" deleted
                                                                                                                                                  
+
                                                                                                                                                  After the deletion, the Deployment controller automatically creates a replica.
                                                                                                                                                  
+
                                                                                                                                                2. Run the following command to view the created pod:
                                                                                                                                                  kubectl get pod | grep web-demo
                                                                                                                                                  
+
                                                                                                                                                  The expected output is as follows, in which web-demo-846b489584-d4d4j is the newly created pod:
                                                                                                                                                  web-demo-846b489584-d4d4j   1/1     Running   0             110s
+web-demo-846b489584-wvv5s    1/1     Running   0             7m50s
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                3. Run the following command to check whether the files in the /data path of the new pod have been modified:
                                                                                                                                                  kubectl exec web-demo-846b489584-d4d4j -- ls /data
                                                                                                                                                  
+
                                                                                                                                                  Expected output:
                                                                                                                                                  
+
                                                                                                                                                  static
                                                                                                                                                  
+
                                                                                                                                                  If the static file still exists, the data can be stored persistently.
                                                                                                                                                  
+
                                                                                                                                                
+
                                                                                                                                              5. Verify data sharing.
                                                                                                                                                1. Run the following command to view the created pod:
                                                                                                                                                  kubectl get pod | grep web-demo
                                                                                                                                                  
+
                                                                                                                                                  Expected output:
                                                                                                                                                  web-demo-846b489584-d4d4j   1/1     Running   0             7m
+web-demo-846b489584-wvv5s   1/1     Running   0             13m
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                2. Run the following command to create a file named share in the /data path of either pod: In this example, select the pod named web-demo-846b489584-d4d4j.
                                                                                                                                                  kubectl exec web-demo-846b489584-d4d4j --  touch /data/share
                                                                                                                                                  
+
                                                                                                                                                  Check the files in the /data path of the pod.
                                                                                                                                                  kubectl exec web-demo-846b489584-d4d4j -- ls /data
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                  Expected output:
                                                                                                                                                  
+
                                                                                                                                                  share
+static
                                                                                                                                                  
+
                                                                                                                                                3. Check whether the share file exists in the /data path of another pod (web-demo-846b489584-wvv5s) as well to verify data sharing.
                                                                                                                                                  kubectl exec web-demo-846b489584-wvv5s -- ls /data
                                                                                                                                                  
+
                                                                                                                                                  Expected output:
                                                                                                                                                  
+
                                                                                                                                                  share
+static
                                                                                                                                                  
+
                                                                                                                                                  After you create a file in the /data path of a pod, if the file is also created in the /data path of another pods, the two pods share the same volume.
                                                                                                                                                  
+
                                                                                                                                                
+
                                                                                                                                              
+
                                                                                                                                              
+
                                                                                                                                              Related Operations
                                                                                                                                              You can also perform the operations listed in Table 4.
+
                                                                                                                                              
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                              Table 4 Related operations
                                                                                                                                              Operation
                                                                                                                                              
+
                                                                                                                                              Description
                                                                                                                                              
+
                                                                                                                                              Procedure
                                                                                                                                              
+
                                                                                                                                              Creating a storage volume (PV)
                                                                                                                                              
+
                                                                                                                                              Create a PV on the CCE console.
                                                                                                                                              
+
                                                                                                                                              1. Choose Storage from the navigation pane, and click the PersistentVolumes (PVs) tab. Click Create Volume in the upper right corner. In the dialog box displayed, configure the parameters.
                                                                                                                                                • Volume Type: Select OBS.
                                                                                                                                                • OBS: Click Select OBS. On the displayed page, select the OBS storage that meets your requirements and click OK.
                                                                                                                                                • PV Name: Enter the PV name, which must be unique in the same cluster.
                                                                                                                                                • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                • Reclaim Policy: Delete or Retain. For details, see PV Reclaim Policy.
                                                                                                                                                   NOTE: 
                                                                                                                                                  If multiple PVs use the same underlying storage volume, use Retain to prevent the underlying volume from being deleted with a PV.
                                                                                                                                                  
+
                                                                                                                                                  
+
                                                                                                                                                • Custom: Customize a secret if you want to assign different user permissions to different OBS storage devices. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
                                                                                                                                                  Only secrets with the secret.kubernetes.io/used-by = csi label can be selected. The secret type is cfe/secure-opaque. If no secret is available, click Create Secret to create one.
                                                                                                                                                  
+
                                                                                                                                                • Mount Options: Enter the mounting parameter key-value pairs. For details, see Configuring OBS Mount Options.
                                                                                                                                                
+
                                                                                                                                              2. Click Create.
                                                                                                                                              
+
                                                                                                                                              Updating an access key
                                                                                                                                              
+
                                                                                                                                              Update the access key of object storage on the CCE console.
                                                                                                                                              
+
                                                                                                                                              1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab. Click More > Update Access Key in the Operation column of the PVC.
                                                                                                                                              2. Upload a key file in .csv format. For details, see Obtaining an Access Key. Click OK.
                                                                                                                                                 NOTE: 
                                                                                                                                                After a global access key is updated, all pods mounted with the object storage that uses this access key can be accessed only after being restarted.
                                                                                                                                                
+
                                                                                                                                                
+
                                                                                                                                              
+
                                                                                                                                              Viewing events
                                                                                                                                              
+
                                                                                                                                              You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                              
+
                                                                                                                                              1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                              2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                                              
+
                                                                                                                                              Viewing a YAML file
                                                                                                                                              
+
                                                                                                                                              You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                                              
+
                                                                                                                                              1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                              2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                              
+
                                                                                                                                              
+
                                                                                                                                              
+
                                                                                                                                              
 
                                                                                                                                              
 
 
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                              Parent topic: Storage
                                                                                                                                              
+
                                                                                                                                              Parent topic: Object Storage Service (OBS)
                                                                                                                                              
 
                                                                                                                                              
 
                                                                                                                                              
 
diff --git a/docs/cce/umn/cce_10_0380.html b/docs/cce/umn/cce_10_0380.html
index c368928ff..351bb47b3 100644
--- a/docs/cce/umn/cce_10_0380.html
+++ b/docs/cce/umn/cce_10_0380.html
@@ -1,17 +1,79 @@
 
 
 
                                                                                                                                              StorageClass
                                                                                                                                              
-
                                                                                                                                              StorageClass describes the storage class used in the cluster. You need to specify StorageClass when creating a PVC or PV. As of now, CCE provides storage classes such as csi-disk, csi-nas, and csi-obs by default. When defining a PVC, you can use a StorageClassName to automatically create a PV of the corresponding type and automatically create underlying storage resources.
                                                                                                                                              
-
                                                                                                                                              You can run the following command to query the storage classes that CCE supports. You can use the CSI plug-in provided by CCE to customize a storage class, which functions similarly as the default storage classes in CCE.
                                                                                                                                              
+
                                                                                                                                              Introduction
                                                                                                                                              StorageClass describes the classification of storage types in a cluster and can be represented as a configuration template for creating PVs. When creating a PVC or PV, specify StorageClass.
                                                                                                                                              
+
                                                                                                                                              As a user, you only need to specify storageClassName when defining a PVC to automatically create a PV and underlying storage, significantly reducing the workload of creating and maintaining a PV.
                                                                                                                                              
+
                                                                                                                                              In addition to the default storage classes provided by CCE, you can also customize storage classes.
+
                                                                                                                                              
+
                                                                                                                                              
+
                                                                                                                                              CCE Default Storage Classes
                                                                                                                                              As of now, CCE provides storage classes such as csi-disk, csi-nas, and csi-obs by default. When defining a PVC, you can use a storageClassName to automatically create a PV of the corresponding type and automatically create underlying storage resources.
                                                                                                                                              
+
                                                                                                                                              Run the following kubectl command to obtain the storage classes that CCE supports. Use the CSI add-on provided by CCE to create a storage class.
                                                                                                                                              
 
                                                                                                                                              # kubectl get sc
 NAME                PROVISIONER                     AGE
-csi-disk            everest-csi-provisioner         17d          # Storage class for EVS disks
-csi-nas             everest-csi-provisioner         17d          # Storage class for SFS 1.0 file systems
-csi-obs             everest-csi-provisioner         17d          # Storage class for OBS buckets
                                                                                                                                              
-
                                                                                                                                              After a StorageClass is set, PVs can be automatically created and maintained. You only need to specify the StorageClass when creating a PVC, which greatly reduces the workload.
                                                                                                                                              
-
                                                                                                                                              In addition to the predefined storage classes provided by CCE, you can also customize storage classes. The following sections describe the application status, solutions, and methods of customizing storage classes.
                                                                                                                                              
-
                                                                                                                                              Challenges
                                                                                                                                              When using storage resources in CCE, the most common method is to specify storageClassName to define the type of storage resources to be created when creating a PVC. The following configuration shows how to use a PVC to apply for an SAS (high I/O) EVS disk (block storage).
                                                                                                                                              
-
                                                                                                                                              apiVersion: v1
+csi-disk            everest-csi-provisioner         17d          # EVS disk
+csi-disk-topology   everest-csi-provisioner         17d          # EVS disks created with delayed
+csi-nas             everest-csi-provisioner         17d          # SFS 1.0
+csi-obs             everest-csi-provisioner         17d          # OBS
+csi-sfsturbo        everest-csi-provisioner         17d          # SFS Turbo
                                                                                                                                              
+
                                                                                                                                              Each storage class contains the default parameters used for dynamically creating a PV. The following is an example of storage class for EVS disks:
                                                                                                                                              kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: csi-disk
+provisioner: everest-csi-provisioner
+parameters:
+  csi.storage.k8s.io/csi-driver-name: disk.csi.everest.io
+  csi.storage.k8s.io/fstype: ext4
+  everest.io/disk-volume-type: SAS
+  everest.io/passthrough: 'true'
+reclaimPolicy: Delete
+allowVolumeExpansion: true
+volumeBindingMode: Immediate
                                                                                                                                              
+
+
                                                                                                                                              
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                              Parameter
                                                                                                                                              
+
                                                                                                                                              Description
                                                                                                                                              
+
                                                                                                                                              provisioner
                                                                                                                                              
+
                                                                                                                                              Specifies the storage resource provider, which is the everest add-on for CCE. Set this parameter to everest-csi-provisioner.
                                                                                                                                              
+
                                                                                                                                              parameters
                                                                                                                                              
+
                                                                                                                                              Specifies the storage parameters, which vary with storage types.
                                                                                                                                              
+
                                                                                                                                              reclaimPolicy
                                                                                                                                              
+
                                                                                                                                              Specifies the value of persistentVolumeReclaimPolicy for creating a PV. The value can be Delete or Retain. If reclaimPolicy is not specified when a StorageClass object is created, the value defaults to Delete.
                                                                                                                                              
+
                                                                                                                                              • Delete: indicates that a dynamically created PV will be automatically destroyed.
                                                                                                                                              • Retain: indicates that a dynamically created PV will not be automatically destroyed.
                                                                                                                                              
+
                                                                                                                                              allowVolumeExpansion
                                                                                                                                              
+
                                                                                                                                              Specifies whether the PV of this storage class supports dynamic capacity expansion. The default value is false. Dynamic capacity expansion is implemented by the underlying storage add-on. This is only a switch.
                                                                                                                                              
+
                                                                                                                                              volumeBindingMode
                                                                                                                                              
+
                                                                                                                                              Specifies the volume binding mode, that is, the time when a PV is dynamically created. The value can be Immediate or WaitForFirstConsumer.
                                                                                                                                              
+
                                                                                                                                              • Immediate: PV binding and dynamic creation are completed when a PVC is created.
                                                                                                                                              • WaitForFirstConsumer: PV binding and creation are delayed. The PV creation and binding processes are executed only when the PVC is used in the workload.
                                                                                                                                              
+
                                                                                                                                              mountOptions
                                                                                                                                              
+
                                                                                                                                              This field must be supported by the underlying storage. If this field is not supported but is specified, the PV creation will fail.
                                                                                                                                              
+
                                                                                                                                              
+
                                                                                                                                              
+
                                                                                                                                              
+
                                                                                                                                              
+
                                                                                                                                              Application Scenarios of Custom Storage
                                                                                                                                              When using storage resources in CCE, the most common method is to specify storageClassName to define the type of storage resources to be created when creating a PVC. The following configuration shows how to use a PVC to apply for a SAS (high I/O) EVS disk (block storage).
                                                                                                                                              
+
                                                                                                                                              apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: pvc-evs-example
@@ -25,41 +87,58 @@ spec:
     requests:
       storage: 10Gi
   storageClassName: csi-disk
                                                                                                                                              
-
                                                                                                                                              If you need to specify the EVS disk type, you can set the everest.io/disk-volume-type field. The value SAS is used as an example here, indicating the high I/O EVS disk type. Or you can choose SATA (common I/O) and SSD (ultra-high I/O).
                                                                                                                                              
-
                                                                                                                                              This configuration method may not work if you want to:
                                                                                                                                              
-
                                                                                                                                              • Set storageClassName only, which is simpler than specifying the EVS disk type by using everest.io/disk-volume-type.
                                                                                                                                              • Avoid modifying YAML files or Helm charts. Some users switch from self-built or other Kubernetes services to CCE and have written YAML files of many applications. In these YAML files, different types of storage resources are specified by different StorageClassNames. When using CCE, they need to modify a large number of YAML files or Helm charts to use storage resources, which is labor-consuming and error-prone.
                                                                                                                                              • Set the default storageClassName for all applications to use the default storage class. In this way, you can create storage resources of the default type without needing to specify storageClassName in the YAML file.
                                                                                                                                              
+
                                                                                                                                              To specify the EVS disk type on CCE, use the everest.io/disk-volume-type field. SAS indicates the EVS disk type.
                                                                                                                                              
+
                                                                                                                                              The preceding is a basic method of using StorageClass. In real-world scenarios, you can use StorageClass to perform other operations.
+
                                                                                                                                              
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                              Application Scenario
                                                                                                                                              
+
                                                                                                                                              Solution
                                                                                                                                              
+
                                                                                                                                              Procedure
                                                                                                                                              
+
                                                                                                                                              When annotations is used to specify storage configuration, the configuration is complex. For example, the everest.io/disk-volume-type field is used to specify the EVS disk type.
                                                                                                                                              
+
                                                                                                                                              Define PVC annotations in the parameters field of StorageClass. When compiling a YAML file, you only need to specify storageClassName.
                                                                                                                                              
+
                                                                                                                                              For example, you can define SAS EVS disk and SSD EVS disk as a storage class, respectively. If a storage class named csi-disk-sas is defined, it is used to create SAS storage.
                                                                                                                                              
+
                                                                                                                                              Custom Storage Class
                                                                                                                                              
+
                                                                                                                                              When a user migrates services from a self-built Kubernetes cluster or other Kubernetes services to CCE, the storage class used in the original application YAML file is different from that used in CCE. As a result, a large number of YAML files or Helm chart packages need to be modified when the storage is used, which is complex and error-prone.
                                                                                                                                              
+
                                                                                                                                              Create a storage class with the same name as that in the original application YAML file in the CCE centralization. After the migration, you do not need to modify the storageClassName in the application YAML file.
                                                                                                                                              
+
                                                                                                                                              For example, the EVS disk storage class used before the migration is disk-standard. After migrating services to a CCE cluster, you can copy the YAML file of the csi-disk storage class in the CCE cluster, change its name to disk-standard, and create another storage class.
                                                                                                                                              
+
                                                                                                                                              storageClassName must be specified in the YAML file to use the storage. If not, the storage cannot be created.
                                                                                                                                              
+
                                                                                                                                              If you set the default StorageClass in the cluster, you can create storage without specifying the storageClassName in the YAML file.
                                                                                                                                              
+
                                                                                                                                              Specifying a Default StorageClass
                                                                                                                                              
+
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                              Solution
                                                                                                                                              This section describes how to set a custom storage class in CCE and how to set the default storage class. You can specify different types of storage resources by setting storageClassName.
                                                                                                                                              
-
                                                                                                                                              • For the first scenario, you can define custom storageClassNames for SAS and SSD EVS disks. For example, define a storage class named csi-disk-sas for creating SAS disks. The following figure shows the differences before and after you use a custom storage class.
                                                                                                                                                
-
                                                                                                                                              • For the second scenario, you can define a storage class with the same name as that in the existing YAML file without needing to modify storageClassName in the YAML file.
                                                                                                                                              • For the third scenario, you can set the default storage class as described below to create storage resources without specifying storageClassName in YAML files.
                                                                                                                                                apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: pvc-evs-example
-  namespace: default
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 10Gi
                                                                                                                                                
-
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                              Custom Storage Class
                                                                                                                                              You can customize a high I/O storage class in a YAML file. For example, the name csi-disk-sas indicates that the disk type is SAS (high I/O).
                                                                                                                                              
-
                                                                                                                                              apiVersion: storage.k8s.io/v1
+
                                                                                                                                              
+
                                                                                                                                              Custom Storage Class
                                                                                                                                              This section uses the custom storage class of EVS disks as an example to describe how to define SAS EVS disk and SSD EVS disk as a storage class, respectively. For example, if you define a storage class named csi-disk-sas, which is used to create SAS storage, the differences are shown in the following figure. When compiling a YAML file, you only need to specify storageClassName.
                                                                                                                                              
+
                                                                                                                                              
+
                                                                                                                                              • You can customize a high I/O storage class in a YAML file. For example, the name csi-disk-sas indicates that the disk type is SAS (high I/O).
                                                                                                                                                apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
   name: csi-disk-sas                          # Name of the high I/O storage class, which can be customized.
 parameters:
   csi.storage.k8s.io/csi-driver-name: disk.csi.everest.io
   csi.storage.k8s.io/fstype: ext4
-  everest.io/disk-volume-type: SAS            # High I/O EVS disk type, which cannot be customized.
+   everest.io/disk-volume-type: SAS            # High I/O EVS disk type, which cannot be customized.
   everest.io/passthrough: "true"
 provisioner: everest-csi-provisioner
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
-allowVolumeExpansion: true                    # true indicates that capacity expansion is allowed.
                                                                                                                                                
-
                                                                                                                                                For an ultra-high I/O storage class, you can set the class name to csi-disk-ssd to create SSD EVS disk (ultra-high I/O).
                                                                                                                                                
-
                                                                                                                                                apiVersion: storage.k8s.io/v1
+allowVolumeExpansion: true                    # true indicates that capacity expansion is allowed.
                                                                                                                                                
+
                                                                                                                                              • For an ultra-high I/O storage class, you can set the class name to csi-disk-ssd to create SSD EVS disk (ultra-high I/O).
                                                                                                                                                apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
   name: csi-disk-ssd                       # Name of the ultra-high I/O storage class, which can be customized.
@@ -72,18 +151,17 @@ provisioner: everest-csi-provisioner
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
 allowVolumeExpansion: true
                                                                                                                                                
-
                                                                                                                                                reclaimPolicy: indicates the reclaim policies of the underlying cloud storage. The value can be Delete or Retain.
                                                                                                                                                
-
                                                                                                                                                • Delete: When a PVC is deleted, both the PV and the EVS disk are deleted.
                                                                                                                                                • Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After a PVC is deleted, the PV resource is in the Released state and cannot be bound to the PVC again.
                                                                                                                                                
-
                                                                                                                                                 
                                                                                                                                                The reclamation policy set here has no impact on the SFS Turbo storage.
                                                                                                                                                
-
                                                                                                                                                
-
                                                                                                                                                If high data security is required, you are advised to select Retain to prevent data from being deleted by mistake.
                                                                                                                                                
-
                                                                                                                                                After the definition is complete, run the kubectl create commands to create storage resources.
                                                                                                                                                
-
                                                                                                                                                # kubectl create -f sas.yaml
+
                                                                                                                                              
+
                                                                                                                                              reclaimPolicy: indicates the reclaim policies of the underlying cloud storage. The value can be Delete or Retain.
                                                                                                                                              
+
                                                                                                                                              • Delete: When a PVC is deleted, both the PV and the EVS disk are deleted.
                                                                                                                                              • Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV is in the Released status and cannot be bound to the PVC again.
                                                                                                                                              
+
                                                                                                                                              If high data security is required, you are advised to select Retain to prevent data from being deleted by mistake.
                                                                                                                                              
+
                                                                                                                                              After the definition is complete, run the kubectl create commands to create storage resources.
                                                                                                                                              
+
                                                                                                                                              # kubectl create -f sas.yaml
 storageclass.storage.k8s.io/csi-disk-sas created
 # kubectl create -f ssd.yaml
 storageclass.storage.k8s.io/csi-disk-ssd created
                                                                                                                                              
-
                                                                                                                                              Query the storage class again. Two more types of storage classes are displayed in the command output, as shown below.
                                                                                                                                              
-
                                                                                                                                              # kubectl get sc
+
                                                                                                                                              Query StorageClass again. The command output is as follows:
                                                                                                                                              
+
                                                                                                                                              # kubectl get sc
 NAME                PROVISIONER                     AGE
 csi-disk            everest-csi-provisioner         17d
 csi-disk-sas        everest-csi-provisioner         2m28s
@@ -92,39 +170,9 @@ csi-disk-topology   everest-csi-provisioner         17d
 csi-nas             everest-csi-provisioner         17d
 csi-obs             everest-csi-provisioner         17d
 csi-sfsturbo        everest-csi-provisioner         17d
                                                                                                                                              
-
                                                                                                                                              Other types of storage resources can be defined in the similar way. You can use kubectl to obtain the YAML file and modify it as required.
                                                                                                                                              
-
                                                                                                                                              • File Storage
                                                                                                                                                # kubectl get sc csi-nas -oyaml
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
-  name: csi-nas
-provisioner: everest-csi-provisioner
-parameters:
-  csi.storage.k8s.io/csi-driver-name: nas.csi.everest.io
-  csi.storage.k8s.io/fstype: nfs
-  everest.io/share-access-level: rw
-  everest.io/share-access-to: 5e3864c6-e78d-4d00-b6fd-de09d432c632   # ID of the VPC to which the cluster belongs
-  everest.io/share-is-public: 'false'
-  everest.io/zone: xxxxx          # AZ
-reclaimPolicy: Delete
-allowVolumeExpansion: true
-volumeBindingMode: Immediate
                                                                                                                                                
-
                                                                                                                                              • Object storage
                                                                                                                                                # kubectl get sc csi-obs -oyaml
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
-  name: csi-obs
-provisioner: everest-csi-provisioner
-parameters:
-  csi.storage.k8s.io/csi-driver-name: obs.csi.everest.io
-  csi.storage.k8s.io/fstype: s3fs           # Object storage type. s3fs indicates an object bucket, and obsfs indicates a parallel file system.
-  everest.io/obs-volume-type: STANDARD      # Storage class of the OBS bucket
-reclaimPolicy: Delete
-volumeBindingMode: Immediate
                                                                                                                                                
-
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                              Setting a Default Storage Class
                                                                                                                                              You can specify a storage class as the default class. In this way, if you do not specify storageClassName when creating a PVC, the PVC is created using the default storage class.
                                                                                                                                              
-
                                                                                                                                              For example, to specify csi-disk-ssd as the default storage class, edit your YAML file as follows:
                                                                                                                                              
+
                                                                                                                                              Specifying a Default StorageClass
                                                                                                                                              You can specify a storage class as the default class. In this way, if you do not specify storageClassName when creating a PVC, the PVC is created using the default storage class.
                                                                                                                                              
+
                                                                                                                                              For example, to specify csi-disk-ssd as the default storage class, edit your YAML file as follows:
                                                                                                                                              
 
                                                                                                                                              apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
@@ -140,7 +188,7 @@ provisioner: everest-csi-provisioner
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
 allowVolumeExpansion: true
                                                                                                                                              
-
                                                                                                                                              Delete the created csi-disk-ssd disk, run the kubectl create command to create a csi-disk-ssd disk again, and then query the storage class. The following information is displayed.
                                                                                                                                              
+
                                                                                                                                              Delete the created csi-disk-ssd disk, run the kubectl create command to create a csi-disk-ssd disk again, and then query the storage class. The following information is displayed.
                                                                                                                                              
 
                                                                                                                                              # kubectl delete sc csi-disk-ssd
 storageclass.storage.k8s.io "csi-disk-ssd" deleted
 # kubectl create -f ssd.yaml
@@ -155,7 +203,7 @@ csi-nas                  everest-csi-provisioner         17d
 csi-obs                  everest-csi-provisioner         17d
 csi-sfsturbo             everest-csi-provisioner         17d
                                                                                                                                              
 
                                                                                                                                              
-
                                                                                                                                              Verification
                                                                                                                                              • Use csi-disk-sas to create a PVC.
                                                                                                                                                apiVersion: v1
+
                                                                                                                                                Verification
                                                                                                                                                • Use csi-disk-sas to create a PVC.
                                                                                                                                                  apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name:  sas-disk
@@ -166,7 +214,7 @@ spec:
     requests:
       storage: 10Gi
   storageClassName: csi-disk-sas
                                                                                                                                                  
-
                                                                                                                                                  Create a storage class and view its details. As shown below, the object can be created and the value of STORAGECLASS is csi-disk-sas.
                                                                                                                                                  
+
                                                                                                                                                  Create a storage class and view its details. As shown below, the object can be created and the value of STORAGECLASS is csi-disk-sas.
                                                                                                                                                  
 
                                                                                                                                                  # kubectl create -f sas-disk.yaml 
 persistentvolumeclaim/sas-disk created
 # kubectl get pvc
@@ -177,7 +225,7 @@ NAME                                       CAPACITY   ACCESS MODES   RECLAIM POL
 pvc-6e2f37f9-7346-4419-82f7-b42e79f7964c   10Gi       RWO            Delete           Bound       default/sas-disk          csi-disk-sas            30s
                                                                                                                                                  
 
                                                                                                                                                  View the PVC details on the CCE console. On the PV details page, you can see that the disk type is high I/O.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                • If storageClassName is not specified, the default configuration is used, as shown below.
                                                                                                                                                  apiVersion: v1
+
                                                                                                                                                • If storageClassName is not specified, the default configuration is used, as shown below.
                                                                                                                                                  apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name:  ssd-disk
diff --git a/docs/cce/umn/cce_10_0381.html b/docs/cce/umn/cce_10_0381.html
index fda481b98..34d33455d 100644
--- a/docs/cce/umn/cce_10_0381.html
+++ b/docs/cce/umn/cce_10_0381.html
@@ -1,66 +1,67 @@
 
 
 
                                                                                                                                                  Snapshots and Backups
                                                                                                                                                  
-
                                                                                                                                                  CCE works with EVS to support snapshots. A snapshot is a complete copy or image of EVS disk data at a certain point of time, which can be used for data DR.
                                                                                                                                                  
-
                                                                                                                                                  You can create snapshots to rapidly save the disk data at specified time points. In addition, you can use snapshots to create new disks so that the created disks will contain the snapshot data in the beginning.
                                                                                                                                                  
-
                                                                                                                                                  Precautions
                                                                                                                                                  • The snapshot function is available only for clusters of v1.15 or later and requires the CSI-based everest add-on.
                                                                                                                                                  • The subtype (common I/O, high I/O, or ultra-high I/O), disk mode (SCSI or VBD), data encryption, sharing status, and capacity of an EVS disk created from a snapshot must be the same as those of the disk associated with the snapshot. These attributes cannot be modified after being queried or set.
                                                                                                                                                  • Snapshots can be created only for available or in-use CSI disks. During the free trial, you can create up to 7 snapshots per disk.
                                                                                                                                                  • Snapshot data of encrypted disks is stored encrypted, and that of non-encrypted disks is stored non-encrypted.
                                                                                                                                                  
+
                                                                                                                                                  CCE works with EVS to support snapshots. A snapshot is a complete copy or image of EVS disk data at a certain point of time, which can be used for data DR.
                                                                                                                                                  
+
                                                                                                                                                  You can create snapshots to rapidly save the disk data at a certain point of time. In addition, you can use snapshots to create disks so that the created disks will contain the snapshot data in the beginning.
                                                                                                                                                  
+
                                                                                                                                                  Precautions
                                                                                                                                                  • The snapshot function is available only for clusters of v1.15 or later and requires the CSI-based everest add-on.
                                                                                                                                                  • The subtype (common I/O, high I/O, or ultra-high I/O), disk mode (SCSI or VBD), data encryption, sharing status, and capacity of an EVS disk created from a snapshot must be the same as those of the disk associated with the snapshot. These attributes cannot be modified after being queried or set.
                                                                                                                                                  • Snapshots can be created only for EVS disks that are available or in use, and a maximum of seven snapshots can be created for a single EVS disk.
                                                                                                                                                  • Snapshots can be created only for PVCs created using the storage class (whose name starts with csi) provided by the everest add-on. Snapshots cannot be created for PVCs created using the Flexvolume storage class whose name is ssd, sas, or sata.
                                                                                                                                                  • Snapshot data of encrypted disks is stored encrypted, and that of non-encrypted disks is stored non-encrypted.
                                                                                                                                                  
 
                                                                                                                                                  
-
                                                                                                                                                  Application Scenario
                                                                                                                                                  The snapshot feature helps address your following needs:
                                                                                                                                                  
-
                                                                                                                                                  • Routine data backup
                                                                                                                                                    You can create snapshots for EVS disks regularly and use snapshots to recover your data in case that data loss or data inconsistency occurred due to misoperations, viruses, or attacks.
                                                                                                                                                    
-
                                                                                                                                                  • Rapid data restoration
                                                                                                                                                    You can create a snapshot or multiple snapshots before an OS change, application software upgrade, or a service data migration. If an exception occurs during the upgrade or migration, service data can be rapidly restored to the time point when the snapshot was created.
                                                                                                                                                    
+
                                                                                                                                                    Application Scenarios
                                                                                                                                                    The snapshot feature helps address your following needs:
                                                                                                                                                    
+
                                                                                                                                                    • Routine data backup
                                                                                                                                                      You can create snapshots for EVS disks regularly and use snapshots to recover your data in case that data loss or data inconsistency occurred due to misoperations, viruses, or attacks.
                                                                                                                                                      
+
                                                                                                                                                    • Rapid data restoration
                                                                                                                                                      You can create a snapshot or multiple snapshots before an OS change, application software upgrade, or a service data migration. If an exception occurs during the upgrade or migration, service data can be rapidly restored to the time point when the snapshot was created.
                                                                                                                                                      
 
                                                                                                                                                      For example, a fault occurred on system disk A of ECS A, and therefore ECS A cannot be started. Because system disk A is already faulty, the data on system disk A cannot be restored by rolling back snapshots. In this case, you can use an existing snapshot of system disk A to create EVS disk B and attach it to ECS B that is running properly. Then, ECS B can read data from system disk A using EVS disk B.
                                                                                                                                                       
                                                                                                                                                      The snapshot capability provided by CCE is the same as the CSI snapshot function provided by the Kubernetes community. EVS disks can be created only based on snapshots, and snapshots cannot be rolled back to source EVS disks.
                                                                                                                                                      
 
                                                                                                                                                      
 
                                                                                                                                                      
-
                                                                                                                                                    • Rapid deployment of multiple services
                                                                                                                                                      You can use a snapshot to create multiple EVS disks containing the same initial data, and these disks can be used as data resources for various services, for example, data mining, report query, and development and testing. This method protects the initial data and creates disks rapidly, meeting the diversified service data requirements.
                                                                                                                                                      
+
                                                                                                                                                    • Rapid deployment of multiple services
                                                                                                                                                      You can use a snapshot to create multiple EVS disks containing the same initial data, and these disks can be used as data resources for various services, for example, data mining, report query, and development and testing. This method protects the initial data and creates disks rapidly, meeting the diversified service data requirements.
                                                                                                                                                      
 
                                                                                                                                                    
 
                                                                                                                                                    
-
                                                                                                                                                    Creating a Snapshot
                                                                                                                                                    Using the CCE Console
                                                                                                                                                    
-
                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                    2. Click the cluster name and go to the cluster console. Choose Storage from the navigation pane, and click the Snapshots and Backups tab.
                                                                                                                                                    3. Click Create Snapshot in the upper right corner. In the dialog box displayed, set related parameters.
                                                                                                                                                      • Snapshot Name: Enter a snapshot name.
                                                                                                                                                      • Storage: Select a PVC. Only EVS PVCs can create a snapshot.
                                                                                                                                                      
-
                                                                                                                                                    4. Click Create.
                                                                                                                                                    
-
                                                                                                                                                    Creating from YAML
                                                                                                                                                    
+
                                                                                                                                                    Creating a Snapshot
                                                                                                                                                    Using the CCE console
                                                                                                                                                    
+
                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                    2. Click the cluster name and go to the cluster console. Choose Storage from the navigation pane, and click the Snapshots and Backups tab.
                                                                                                                                                    3. Click Create Snapshot in the upper right corner. In the dialog box displayed, set related parameters.
                                                                                                                                                      • Snapshot Name: Enter a snapshot name.
                                                                                                                                                      • Storage: Select an EVS PVC.
                                                                                                                                                      
+
                                                                                                                                                    4. Click Create.
                                                                                                                                                    
+
                                                                                                                                                    Using YAML
                                                                                                                                                    
 
                                                                                                                                                    kind: VolumeSnapshot
 apiVersion: snapshot.storage.k8s.io/v1beta1
 metadata:
   finalizers:
     - snapshot.storage.kubernetes.io/volumesnapshot-as-source-protection
     - snapshot.storage.kubernetes.io/volumesnapshot-bound-protection
-  name: cce-disksnap-test
+  name: cce-disksnap-test   # Snapshot name
   namespace: default
 spec:
   source:
-    persistentVolumeClaimName: pvc-evs-test     # PVC name. Only an EVS PVC can be created.
+    persistentVolumeClaimName: pvc-evs-test     # PVC name. Only an EVS PVC can be selected.
   volumeSnapshotClassName: csi-disk-snapclass
                                                                                                                                                    
 
                                                                                                                                                    
-
                                                                                                                                                    Using a Snapshot to Creating a PVC
                                                                                                                                                    The disk type, encryption setting, and disk mode of the created EVS PVC are consistent with those of the snapshot's source EVS disk.
                                                                                                                                                    
-
                                                                                                                                                    Using the CCE Console
                                                                                                                                                    
-
                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                    2. Click the cluster name and go to the cluster console. Choose Storage from the navigation pane, and click the Snapshots and Backups tab.
                                                                                                                                                    3. Locate the snapshot for which you want to create a PVC, click Create PVC, and specify the PVC name in the displayed dialog box.
                                                                                                                                                    4. Click Create.
                                                                                                                                                    
-
                                                                                                                                                    Creating from YAML
                                                                                                                                                    
+
                                                                                                                                                    Using a Snapshot to Create a PVC
                                                                                                                                                    The disk type, encryption setting, and disk mode of the created EVS PVC are consistent with those of the snapshot's source EVS disk.
                                                                                                                                                    
+
                                                                                                                                                    Using the CCE console
                                                                                                                                                    
+
                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                    2. Click the cluster name and go to the cluster console. Choose Storage from the navigation pane, and click the Snapshots and Backups tab.
                                                                                                                                                    3. Locate the snapshot that you want to use for creating a PVC, click Create PVC, and configure PVC parameters in the displayed dialog box.
                                                                                                                                                      • PVC Name: Enter a PVC name.
                                                                                                                                                      
+
                                                                                                                                                    4. Click Create.
                                                                                                                                                    
+
                                                                                                                                                    Using YAML
                                                                                                                                                    
 
                                                                                                                                                    apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: pvc-test
   namespace: default
   annotations:
-    everest.io/disk-volume-type: SSD     # EVS disk type, which must be the same as that of the source EVS disk of the snapshot.
+    everest.io/disk-volume-type: SSD     # EVS disk type, which must be the same as that of the snapshot's source EVS disk.
   labels:
-    failure-domain.beta.kubernetes.io/region: eu-de
-    failure-domain.beta.kubernetes.io/zone: 
+    failure-domain.beta.kubernetes.io/region: <your_region>   # Replace the region with the one where the EVS disk is located.
+    failure-domain.beta.kubernetes.io/zone: <your_zone>       # Replace the AZ with the one where the EVS disk is located.
 spec:
   accessModes:
   - ReadWriteOnce
   resources:
     requests:
-      storage: '10'
+      storage: 10Gi
   storageClassName: csi-disk
   dataSource:
-    name: cce-disksnap-test             # Snapshot name
+    name: cce-disksnap-test             # Snapshot name
     kind: VolumeSnapshot
     apiGroup: snapshot.storage.k8s.io
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    
-
                                                                                                                                                    Parent topic: Storage
                                                                                                                                                    
+
                                                                                                                                                    Parent topic: Elastic Volume Service (EVS)
                                                                                                                                                    
 
                                                                                                                                                    
 
                                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0382.html b/docs/cce/umn/cce_10_0382.html
new file mode 100644
index 000000000..a906c775a
--- /dev/null
+++ b/docs/cce/umn/cce_10_0382.html
@@ -0,0 +1,119 @@
+
+
+
                                                                                                                                                    Configuring QoS Rate Limiting for Inter-Pod Access
                                                                                                                                                    
+
                                                                                                                                                    Scenario
                                                                                                                                                    Bandwidth preemption occurs between different containers deployed on the same node, which may cause service jitter. You can configure QoS rate limiting for inter-pod access to prevent this problem.
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    Constraints
                                                                                                                                                    The following shows constraints on setting the rate limiting for inter-pod access:
+
                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                    Constraint Type
                                                                                                                                                    
+
                                                                                                                                                    Tunnel Network Model
                                                                                                                                                    
+
                                                                                                                                                    VPC Network Model
                                                                                                                                                    
+
                                                                                                                                                    Cloud Native 2.0 Network Model
                                                                                                                                                    
+
                                                                                                                                                    Supported versions
                                                                                                                                                    
+
                                                                                                                                                    All versions
                                                                                                                                                    
+
                                                                                                                                                    Clusters of v1.19.10 and later
                                                                                                                                                    
+
                                                                                                                                                    Clusters of v1.19.10 and later
                                                                                                                                                    
+
                                                                                                                                                    Supported runtime types
                                                                                                                                                    
+
                                                                                                                                                    Only common containers (runC as the container runtime) are supported.
                                                                                                                                                    
+
                                                                                                                                                    Secure containers are not supported.
                                                                                                                                                    
+
                                                                                                                                                    Only common containers (runC as the container runtime) are supported.
                                                                                                                                                    
+
                                                                                                                                                    Secure containers (Kata as the container runtime) are not supported.
                                                                                                                                                    
+
                                                                                                                                                    Only common containers (runC as the container runtime) are supported.
                                                                                                                                                    
+
                                                                                                                                                    Secure containers (Kata as the container runtime) are not supported.
                                                                                                                                                    
+
                                                                                                                                                    Supported pod types
                                                                                                                                                    
+
                                                                                                                                                    Only non-HostNetwork pods
                                                                                                                                                    
+
                                                                                                                                                    Supported scenarios
                                                                                                                                                    
+
                                                                                                                                                    Inter-pod access, pods accessing nodes, and pods accessing services
                                                                                                                                                    
+
                                                                                                                                                    Constraints
                                                                                                                                                    
+
                                                                                                                                                    None
                                                                                                                                                    
+
                                                                                                                                                    None
                                                                                                                                                    
+
                                                                                                                                                    • Pods access external cloud service CIDR blocks 100.64.0.0/10 and 214.0.0.0/8.
                                                                                                                                                    • Traffic rate limiting of health check
                                                                                                                                                    
+
                                                                                                                                                    Upper rate limit
                                                                                                                                                    
+
                                                                                                                                                    Minimum value between the upper bandwidth limit and 34 Gbit/s
                                                                                                                                                    
+
                                                                                                                                                    Minimum value between the upper bandwidth limit and 4.3 Gbit/s
                                                                                                                                                    
+
                                                                                                                                                    Minimum value between the upper bandwidth limit and 4.3 Gbit/s
                                                                                                                                                    
+
                                                                                                                                                    Lower rate limit
                                                                                                                                                    
+
                                                                                                                                                    Only the rate limit of Kbit/s or higher is supported.
                                                                                                                                                    
+
                                                                                                                                                    Currently, only the rate limit of Mbit/s or higher is supported.
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    Using the CCE Console
                                                                                                                                                    When creating a workload on the console, you can set pod ingress and egress bandwidth limits on the Advanced Settings > Network Configuration area.
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    Using kubectl
                                                                                                                                                    You can add annotations to a workload to specify its egress and ingress bandwidth.
                                                                                                                                                    apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: test
+  namespace: default
+  labels:
+    app: test
+spec:
+  replicas: 2
+  selector:
+    matchLabels: 
+      app: test
+  template:
+    metadata:
+      labels:
+        app: test
+      annotations:
+        kubernetes.io/ingress-bandwidth: 100M
+        kubernetes.io/egress-bandwidth: 100M
+    spec:
+      containers:
+        - name: container-1
+          image: nginx:alpine
+          imagePullPolicy: IfNotPresent
+      imagePullSecrets:
+        - name: default-secret
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    • kubernetes.io/ingress-bandwidth: ingress bandwidth of the pod
                                                                                                                                                    • kubernetes.io/egress-bandwidth: egress bandwidth of the pod
                                                                                                                                                    
+
                                                                                                                                                    If these two parameters are not specified, the bandwidth is not limited.
                                                                                                                                                    
+
                                                                                                                                                     
                                                                                                                                                    After modifying the ingress or egress bandwidth limit of a pod, restart the container for the modification to take effect. After annotations are modified in a pod not managed by workloads, the container will not be restarted, so the bandwidth limits do not take effect. You can create a pod again or manually restart the container.
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    Parent topic: Container Network Settings
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0384.html b/docs/cce/umn/cce_10_0384.html
index f2a8c26ac..66caa0e6b 100644
--- a/docs/cce/umn/cce_10_0384.html
+++ b/docs/cce/umn/cce_10_0384.html
@@ -1,15 +1,13 @@
 
 
-
                                                                                                                                                    Hybrid Deployment of Online and Offline Jobs
                                                                                                                                                    
-
                                                                                                                                                    Online and Offline Jobs
                                                                                                                                                    Jobs can be classified into online jobs and offline jobs based on whether services are always online.
                                                                                                                                                    
-
                                                                                                                                                    • Online job: Such jobs run for a long time, with regular traffic surges, tidal resource requests, and high requirements on SLA, such as advertising and e-commerce services.
                                                                                                                                                    • Offline jobs: Such jobs run for a short time, have high computing requirements, and can tolerate high latency, such as AI and big data services.
                                                                                                                                                    
-
                                                                                                                                                    
-
                                                                                                                                                    Resource Oversubscription and Hybrid Deployment
                                                                                                                                                    Many services see surges in traffic. To ensure performance and stability, resources are often requested at the maximum needed. However, the surges may ebb very shortly and resources, if not released, are wasted in non-peak hours. Especially for online jobs that request a large quantity of resources to ensure SLA, resource utilization can be as low as it gets.
                                                                                                                                                    
+
                                                                                                                                                    Dynamic Resource Oversubscription
                                                                                                                                                    
+
                                                                                                                                                    Many services see surges in traffic. To ensure performance and stability, resources are often requested at the maximum needed. However, the surges may ebb very shortly and resources, if not released, are wasted in non-peak hours. Especially for online jobs that request a large quantity of resources to ensure SLA, resource utilization can be as low as it gets.
                                                                                                                                                    
 
                                                                                                                                                    Resource oversubscription is the process of making use of idle requested resources. Oversubscribed resources are suitable for deploying offline jobs, which focus on throughput but have low SLA requirements and can tolerate certain failures.
                                                                                                                                                    
 
                                                                                                                                                    Hybrid deployment of online and offline jobs in a cluster can better utilize cluster resources.
                                                                                                                                                    
-
                                                                                                                                                    Figure 1 Resource oversubscription
                                                                                                                                                    
-
                                                                                                                                                    
-
                                                                                                                                                    Oversubscription for Hybrid Deployment
                                                                                                                                                    Hybrid deployment is supported, and CPU and memory resources can be oversubscribed. The key features are as follows:
                                                                                                                                                    
+
                                                                                                                                                    Figure 1 Resource oversubscription
                                                                                                                                                    
+
                                                                                                                                                    Features
                                                                                                                                                     
                                                                                                                                                    After dynamic resource oversubscription and elastic scaling are enabled in a node pool, oversubscribed resources change rapidly because the resource usage of high-priority applications changes in real time. To prevent frequent node scale-ins and scale-outs, do not consider oversubscribed resources when evaluating node scale-ins.
                                                                                                                                                    
+
                                                                                                                                                    
+
                                                                                                                                                    Hybrid deployment is supported, and CPU and memory resources can be oversubscribed. The key features are as follows:
                                                                                                                                                    
 
                                                                                                                                                    • Offline jobs preferentially run on oversubscribed nodes.
                                                                                                                                                      If both oversubscribed and non-oversubscribed nodes exist, the former will score higher than the latter and offline jobs are preferentially scheduled to oversubscribed nodes.
                                                                                                                                                      
 
                                                                                                                                                    
 
                                                                                                                                                    • Online jobs can use only non-oversubscribed resources if scheduled to an oversubscribed node.
                                                                                                                                                      Offline jobs can use both oversubscribed and non-oversubscribed resources of an oversubscribed node.
                                                                                                                                                      
@@ -19,52 +17,52 @@
 
                                                                                                                                                      Memory isolation: When system memory resources are used up and OOM Kill is triggered, the kernel evicts offline jobs first.
                                                                                                                                                      
 
                                                                                                                                                    • kubelet offline jobs admission rules:
                                                                                                                                                      After the the pod is scheduled to a node, kubelet starts the pod only when the node resources can meet the pod request (predicateAdmitHandler.Admit). kubelet starts the pod when both of the following conditions are met:
                                                                                                                                                      
 
                                                                                                                                                      • The total request of pods to be started and online running jobs < allocatable nodes
                                                                                                                                                      • The total request of pods to be started and online/offline running job < allocatable nodes+oversubscribed nodes
                                                                                                                                                      
-
                                                                                                                                                    • Resource oversubscription and hybrid deployment:
                                                                                                                                                      If only hybrid deployment is used, you need to configure the label volcano.sh/colocation=true for the node and delete the node label volcano.sh/oversubscription or set its value to false.
                                                                                                                                                      
-
                                                                                                                                                      If the label volcano.sh/colocation=true is configured for a node, hybrid deployment is enabled. If the label volcano.sh/oversubscription=true is configured, resource oversubscription is enabled. The following table lists the available feature combinations after hybrid deployment or resource oversubscription is enabled.
-
                                                                                                                                                      Hybrid Deployment Enabled (volcano.sh/colocation=true)
                                                                                                                                                      
+
                                                                                                                                                    • Resource oversubscription and hybrid deployment:
                                                                                                                                                      If only hybrid deployment is used, configure the label volcano.sh/colocation=true for the node and delete the node label volcano.sh/oversubscription or set its value to false.
                                                                                                                                                      
+
                                                                                                                                                      If the label volcano.sh/colocation=true is configured for a node, hybrid deployment is enabled. If the label volcano.sh/oversubscription=true is configured, resource oversubscription is enabled. The following table lists the available feature combinations after hybrid deployment or resource oversubscription is enabled.
+
                                                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -73,64 +71,66 @@
 
-
                                                                                                                                                      Notes and Constraints
                                                                                                                                                      Specifications
                                                                                                                                                      • Kubernetes version:
                                                                                                                                                        • v1.19: v1.19.16-r4 or later
                                                                                                                                                        • v1.21: v1.21.7-r0 or later
                                                                                                                                                        • v1.23: v1.23.5-r0 or later
                                                                                                                                                        • v1.25 or later
                                                                                                                                                        
-
                                                                                                                                                      • Cluster type: CCE or CCE Turbo
                                                                                                                                                      • Node OS: EulerOS 2.9 (kernel-4.18.0-147.5.1.6.h729.6.eulerosv2r9.x86_64)
                                                                                                                                                      • Node type: ECS
                                                                                                                                                      • volcano add-on version: 1.7.0 or later
                                                                                                                                                      
+
                                                                                                                                                      kubelet Oversubscription 
                                                                                                                                                       
                                                                                                                                                      Specifications
                                                                                                                                                      • Cluster Version
                                                                                                                                                        • v1.19: v1.19.16-r4 or later
                                                                                                                                                        • v1.21: v1.21.7-r0 or later
                                                                                                                                                        • v1.23: v1.23.5-r0 or later
                                                                                                                                                        • v1.25 or later
                                                                                                                                                        
+
                                                                                                                                                      • Cluster Type: CCE or CCE Turbo
                                                                                                                                                      • Node OS: EulerOS 2.9 (kernel-4.18.0-147.5.1.6.h729.6.eulerosv2r9.x86_64) 
                                                                                                                                                      • Node Type: ECS
                                                                                                                                                      • The volcano add-on version: 1.7.0 or later
                                                                                                                                                      
 
                                                                                                                                                      
-
                                                                                                                                                      Constraints
                                                                                                                                                      • Before enabling the volcano oversubscription plug-in, ensure that the overcommit plug-in is not enabled.
                                                                                                                                                      • Modifying the label of an oversubscribed node does not affect the running pods.
                                                                                                                                                      • Running pods cannot be converted between online and offline services. To convert services, you need to rebuild pods.
                                                                                                                                                      • If the label volcano.sh/oversubscription=true is configured for a node in the cluster, the oversubscription configuration must be added to the volcano add-on. Otherwise, the scheduling of oversubscribed nodes will be abnormal. Ensure that you have correctly configure labels because the scheduler does not check the add-on and node configurations. For details about the labels, see Configuring Oversubscription Labels for Scheduling.
                                                                                                                                                      • To disable oversubscription, perform the following operations:
                                                                                                                                                        • Remove the volcano.sh/oversubscription label from the oversubscribed node.
                                                                                                                                                        • Set over-subscription-resource to false.
                                                                                                                                                        • Modify the configmap of the volcano scheduler named volcano-scheduler-configmap and remove the oversubscription add-on.
                                                                                                                                                        
-
                                                                                                                                                      • If cpu-manager-policy is set to static core binding on a node, do not assign the QoS class of Guaranteed to offline pods. If core binding is required, change the pods to online pods. Otherwise, offline pods may occupy the CPUs of online pods, causing online pod startup failures, and offline pods fail to be started although they are successfully scheduled.
                                                                                                                                                      • If cpu-manager-policy is set to static core binding on a node, do not bind cores to all online pods. Otherwise, online pods occupy all CPU or memory resources, leaving a small number of oversubscribed resources.
                                                                                                                                                      
+
                                                                                                                                                      Constraints
                                                                                                                                                      • Before enabling oversubscription, ensure that the overcommit add-on is not enabled on volcano.
                                                                                                                                                      • Modifying the label of an oversubscribed node does not affect the running pods.
                                                                                                                                                      • Running pods cannot be converted between online and offline services. To convert services, you need to rebuild pods.
                                                                                                                                                      • If the label volcano.sh/oversubscription=true is configured for a node in the cluster, the oversubscription configuration must be added to the volcano add-on. Otherwise, the scheduling of oversold nodes will be abnormal. Ensure that you have correctly configure labels because the scheduler does not check the add-on and node configurations. For details about the labels, see Table 1.
                                                                                                                                                      • To disable oversubscription, perform the following operations:
                                                                                                                                                        • Remove the volcano.sh/oversubscription label from the oversubscribed node.
                                                                                                                                                        • Set over-subscription-resource to false.
                                                                                                                                                        • Modify the configmap of the volcano scheduler named volcano-scheduler-configmap and remove the oversubscription add-on.
                                                                                                                                                        
+
                                                                                                                                                      • If cpu-manager-policy is set to static core binding on a node, do not assign the QoS class of Guaranteed to offline pods. If core binding is required, change the pods to online pods. Otherwise, offline pods may occupy the CPUs of online pods, causing online pod startup failures, and offline pods fail to be started although they are successfully scheduled.
                                                                                                                                                      • If cpu-manager-policy is set to static core binding on a node, do not bind cores to all online pods. Otherwise, online pods occupy all CPU or memory resources, leaving a small number of oversubscribed resources.
                                                                                                                                                      
 
                                                                                                                                                      
+
                                                                                                                                                      
 
                                                                                                                                                      
-
                                                                                                                                                      Configuring Oversubscription Labels for Scheduling
                                                                                                                                                      If the label volcano.sh/oversubscription=true is configured for a node in the cluster, the oversubscription configuration must be added to the volcano add-on. Otherwise, the scheduling of oversubscribed nodes will be abnormal. For details about the related configuration, see Table 1.
                                                                                                                                                      
+
                                                                                                                                                      If the label volcano.sh/oversubscription=true is configured for a node in the cluster, the oversubscription configuration must be added to the volcano add-on. Otherwise, the scheduling of oversold nodes will be abnormal. For details about the related configuration, see Table 1.
                                                                                                                                                      
 
                                                                                                                                                      Ensure that you have correctly configure labels because the scheduler does not check the add-on and node configurations.
-
                                                                                                                                                      Hybrid Deployment Enabled (volcano.sh/colocation=true)
                                                                                                                                                      
 
                                                                                                                                                      Resource oversubscription Enabled (volcano.sh/oversubscription=true)
                                                                                                                                                      
+
                                                                                                                                                      Resource oversubscription Enabled (volcano.sh/oversubscription=true)
                                                                                                                                                      
 
                                                                                                                                                      Use Oversubscribed Resources?
                                                                                                                                                      
+
                                                                                                                                                      Use Oversubscribed Resources
                                                                                                                                                      
 
                                                                                                                                                      Conditions for Evicting Offline Pods
                                                                                                                                                      
+
                                                                                                                                                      Conditions for Evicting Offline Pods
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      
 
                                                                                                                                                      No
                                                                                                                                                      
+
                                                                                                                                                      No
                                                                                                                                                      
 
                                                                                                                                                      No
                                                                                                                                                      
+
                                                                                                                                                      No
                                                                                                                                                      
 
                                                                                                                                                      No
                                                                                                                                                      
+
                                                                                                                                                      No
                                                                                                                                                      
 
                                                                                                                                                      None
                                                                                                                                                      
+
                                                                                                                                                      None
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
 
                                                                                                                                                      No
                                                                                                                                                      
+
                                                                                                                                                      No
                                                                                                                                                      
 
                                                                                                                                                      No
                                                                                                                                                      
+
                                                                                                                                                      No
                                                                                                                                                      
 
                                                                                                                                                      The node resource usage exceeds the high threshold.
                                                                                                                                                      
+
                                                                                                                                                      The node resource usage exceeds the high threshold.
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      No
                                                                                                                                                      
+
                                                                                                                                                      No
                                                                                                                                                      
 
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
 
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
 
                                                                                                                                                      The node resource usage exceeds the high threshold, and the node request exceeds 100%.
                                                                                                                                                      
+
                                                                                                                                                      The node resource usage exceeds the high threshold, and the node request exceeds 100%.
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
 
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
 
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
 
                                                                                                                                                      The node resource usage exceeds the high threshold.
                                                                                                                                                      
+
                                                                                                                                                      The node resource usage exceeds the high threshold.
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      
                                                                                                                                                       
 
 
                                                                                                                                                      Table 1 Configuring oversubscription labels for scheduling
                                                                                                                                                      Oversubscription in Add-on
                                                                                                                                                      
+
                                                                                                                                                      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                      Table 1 Configuring oversubscription labels for scheduling
                                                                                                                                                      Oversubscription in Add-on
                                                                                                                                                      
 
                                                                                                                                                      Oversubscription Label on Node
                                                                                                                                                      
+
                                                                                                                                                      Oversubscription Label on Node
                                                                                                                                                      
 
                                                                                                                                                      Scheduling
                                                                                                                                                      
+
                                                                                                                                                      Scheduling
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      
 
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
 
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
 
                                                                                                                                                      Triggered by oversubscription
                                                                                                                                                      
+
                                                                                                                                                      Triggered by oversubscription
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
 
                                                                                                                                                      No
                                                                                                                                                      
+
                                                                                                                                                      No
                                                                                                                                                      
 
                                                                                                                                                      Triggered
                                                                                                                                                      
+
                                                                                                                                                      Triggered
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      No
                                                                                                                                                      
+
                                                                                                                                                      No
                                                                                                                                                      
 
                                                                                                                                                      No
                                                                                                                                                      
+
                                                                                                                                                      No
                                                                                                                                                      
 
                                                                                                                                                      Triggered
                                                                                                                                                      
+
                                                                                                                                                      Triggered
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      No
                                                                                                                                                      
+
                                                                                                                                                      No
                                                                                                                                                      
 
                                                                                                                                                      Yes
                                                                                                                                                      
+
                                                                                                                                                      Yes
                                                                                                                                                      
 
                                                                                                                                                      Not triggered or failed. Avoid this configuration.
                                                                                                                                                      
+
                                                                                                                                                      Not triggered or failed. Avoid this configuration.
                                                                                                                                                      
                                                                                                                                                       		
 
                                                                                                                                                      
                                                                                                                                                       
 
                                                                                                                                                      
 
                                                                                                                                                      
 
-
-
                                                                                                                                                      Using Hybrid Deployment
                                                                                                                                                      1. Configure the volcano add-on.
                                                                                                                                                        1. Use kubectl to connect to the cluster.
                                                                                                                                                        2. Install the volcano plug-in and add the oversubscription plug-in to volcano-scheduler-configmap. Ensure that the plug-in configuration does not contain the overcommit plug-in. If - name: overcommit exists, delete this configuration.
                                                                                                                                                          # kubectl edit cm volcano-scheduler-configmap -n kube-system
+
                                                                                                                                                          1. Configure the volcano add-on.
                                                                                                                                                            1. Use kubectl to connect to the cluster.
                                                                                                                                                            2. Install the volcano add-on and add the oversubscription add-on to volcano-scheduler-configmap. Ensure that the add-on configuration does not contain the overcommit add-on. If - name: overcommit exists, delete this configuration. In addition, set enablePreemptable and enableJobStarving of the gang add-on to false and configure a preemption action.
                                                                                                                                                              # kubectl edit cm volcano-scheduler-configmap -n kube-system
 apiVersion: v1
 data:
   volcano-scheduler.conf: |
-    actions: "enqueue, allocate, backfill"
+    actions: "enqueue, allocate, preempt"   # Configure a preemption action.
     tiers:
     - plugins:
       - name: gang
+        enablePreemptable: false
+        enableJobStarving: false
       - name: priority
       - name: conformance
       - name: oversubscription
@@ -145,8 +145,8 @@ data:
       - name: cce-gpu
                                                                                                                                                              
 
                                                                                                                                                            
 
                                                                                                                                                          2. Enable the node oversubscription feature.
                                                                                                                                                            A label can be configured to use oversubscribed resources only after the oversubscription feature is enabled for a node. Related nodes can be created only in a node pool. To enable the oversubscription feature, perform the following steps:
                                                                                                                                                            
-
                                                                                                                                                            1. Create a node pool.
                                                                                                                                                            2. Choose More > Manage in the Operation column of the created node pool.
                                                                                                                                                            3. In the Manage Component window that is displayed, set over-subscription-resource under kubelet to true and click OK.
                                                                                                                                                            
-
                                                                                                                                                            
+
                                                                                                                                                            1. Create a node pool.
                                                                                                                                                            2. Choose More > Manage in the Operation column of the created node pool.
                                                                                                                                                            3. In the Manage Components window that is displayed, set over-subscription-resource under kubelet to true and click OK.
                                                                                                                                                            
+
                                                                                                                                                            
 
                                                                                                                                                          3. Set the node oversubscription label.
                                                                                                                                                            The volcano.sh/oversubscription label needs to be configured for an oversubscribed node. If this label is set for a node and the value is true, the node is an oversubscribed node. Otherwise, the node is not an oversubscribed node.
                                                                                                                                                            
 
                                                                                                                                                            kubectl label node 192.168.0.0 volcano.sh/oversubscription=true
                                                                                                                                                            
 
                                                                                                                                                            An oversubscribed node also supports the oversubscription thresholds, as listed in Table 2. For example:
                                                                                                                                                            
@@ -160,39 +160,39 @@ Labels:           ...
 Annotations:      ...
                   volcano.sh/evicting-cpu-high-watermark: 70
                                                                                                                                                          
 
-
                                                                                                                                                          Table 2 Node oversubscription annotations
                                                                                                                                                          Name
                                                                                                                                                          
+
                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
@@ -200,8 +200,27 @@ Annotations:      ...
 
                                                                                                                                                          Table 2 Node oversubscription annotations
                                                                                                                                                          Name
                                                                                                                                                          
 
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
                                                                                                                                                          volcano.sh/evicting-cpu-high-watermark
                                                                                                                                                          
+
                                                                                                                                                          volcano.sh/evicting-cpu-high-watermark
                                                                                                                                                          
 
                                                                                                                                                          When the CPU usage of a node exceeds the specified value, offline job eviction is triggered and the node becomes unschedulable.
                                                                                                                                                          
+
                                                                                                                                                          When the CPU usage of a node exceeds the specified value, offline job eviction is triggered and the node becomes unschedulable.
                                                                                                                                                          
 
                                                                                                                                                          The default value is 80, indicating that offline job eviction is triggered when the CPU usage of a node exceeds 80%.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          volcano.sh/evicting-cpu-low-watermark
                                                                                                                                                          
+
                                                                                                                                                          volcano.sh/evicting-cpu-low-watermark
                                                                                                                                                          
 
                                                                                                                                                          After eviction is triggered, the scheduling starts again when the CPU usage of a node is lower than the specified value.
                                                                                                                                                          
+
                                                                                                                                                          After eviction is triggered, the scheduling starts again when the CPU usage of a node is lower than the specified value.
                                                                                                                                                          
 
                                                                                                                                                          The default value is 30, indicating that scheduling starts again when the CPU usage of a node is lower than 30%.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          volcano.sh/evicting-memory-high-watermark
                                                                                                                                                          
+
                                                                                                                                                          volcano.sh/evicting-memory-high-watermark
                                                                                                                                                          
 
                                                                                                                                                          When the memory usage of a node exceeds the specified value, offline job eviction is triggered and the node becomes unschedulable.
                                                                                                                                                          
+
                                                                                                                                                          When the memory usage of a node exceeds the specified value, offline job eviction is triggered and the node becomes unschedulable.
                                                                                                                                                          
 
                                                                                                                                                          The default value is 60, indicating that offline job eviction is triggered when the memory usage of a node exceeds 60%.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          volcano.sh/evicting-memory-low-watermark
                                                                                                                                                          
+
                                                                                                                                                          volcano.sh/evicting-memory-low-watermark
                                                                                                                                                          
 
                                                                                                                                                          After eviction is triggered, the scheduling starts again when the memory usage of a node is lower than the specified value.
                                                                                                                                                          
+
                                                                                                                                                          After eviction is triggered, the scheduling starts again when the memory usage of a node is lower than the specified value.
                                                                                                                                                          
 
                                                                                                                                                          The default value is 30, indicating that the scheduling starts again when the memory usage of a node is less than 30%.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          volcano.sh/oversubscription-types
                                                                                                                                                          
+
                                                                                                                                                          volcano.sh/oversubscription-types
                                                                                                                                                          
 
                                                                                                                                                          Oversubscribed resource type. The options are as follows:
                                                                                                                                                          
+
                                                                                                                                                          Oversubscribed resource type. The options are as follows:
                                                                                                                                                          
 
                                                                                                                                                          • CPU (oversubscribed CPU)
                                                                                                                                                          • memory (oversubscribed memory)
                                                                                                                                                          • cpu,memory (oversubscribed CPU and memory)
                                                                                                                                                          
 
                                                                                                                                                          The default value is cpu,memory.
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          
-
                                                                                                                                                        3. Deploy online and offline jobs.
                                                                                                                                                          The volcano.sh/qos-level label needs to be added to annotation to distinguish offline jobs. The value is an integer ranging from -7 to 7. If the value is less than 0, the job is an offline job. If the value is greater than or equal to 0, the job is a high-priority job, that is, online job. You do not need to set this label for online jobs. For both online and offline jobs, set schedulerName to volcano to enable the Volcano scheduler.
                                                                                                                                                          
-
                                                                                                                                                           
                                                                                                                                                          The priorities of online/online and offline/offline jobs are not differentiated, and the value validity is not verified. If the value of volcano.sh/qos-level of an offline job is not a negative integer ranging from -7 to 0, the job is processed as an online job.
                                                                                                                                                          
+
                                                                                                                                                        4. Create resources at a high- and low-priorityClass, respectively.
                                                                                                                                                          cat <<EOF | kubectl apply -f -
+ 
+apiVersion: scheduling.k8s.io/v1
+description: Used for high priority pods
+kind: PriorityClass
+metadata:
+  name: production
+preemptionPolicy: PreemptLowerPriority
+value: 999999
+---
+apiVersion: scheduling.k8s.io/v1
+description: Used for low priority pods
+kind: PriorityClass
+metadata:
+  name: testing
+preemptionPolicy: PreemptLowerPriority
+value: -99999
+ 
+EOF
                                                                                                                                                          
+
                                                                                                                                                        5. Deploy online and offline jobs and configure priorityClasses for these jobs.
                                                                                                                                                          The volcano.sh/qos-level label needs to be added to annotation to distinguish offline jobs. The value is an integer ranging from -7 to 7. If the value is less than 0, the job is an offline job. If the value is greater than or equal to 0, the job is a high-priority job, that is, online job. You do not need to set this label for online jobs. For both online and offline jobs, set schedulerName to volcano to enable the volcano scheduler.
                                                                                                                                                          
+
                                                                                                                                                           
                                                                                                                                                          The priorities of online/online and offline/offline jobs are not differentiated, and the value validity is not verified. If the value of volcano.sh/qos-level of an offline job is not a negative integer ranging from -7 to 0, the job is processed as an online job.
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          For an offline job:
                                                                                                                                                          
 
                                                                                                                                                          kind: Deployment
@@ -212,9 +231,10 @@ spec:
     metadata:
       annotations:
         metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"","path":"","port":"","names":""}]'
-        volcano.sh/qos-level: "-1" # Offline job label
+        volcano.sh/qos-level: "-1"       # Offline job label
     spec:
-      schedulerName: volcano             # The Volcano scheduler is used.
+      schedulerName: volcano             # The volcano scheduler is used.
+      priorityClassName: testing         # Configure the testing priorityClass.
       ...
                                                                                                                                                          
 
                                                                                                                                                          For an online job:
                                                                                                                                                          
 
                                                                                                                                                          kind: Deployment
@@ -226,7 +246,8 @@ spec:
       annotations:
         metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"","path":"","port":"","names":""}]'
     spec:
-      schedulerName: volcano          # The Volcano scheduler is used.
+      schedulerName: volcano          # The volcano scheduler is used.
+      priorityClassName: production   # Configure the production priorityClass.
       ...
                                                                                                                                                          
 
                                                                                                                                                        6. Run the following command to check the number of oversubscribed resources and the resource usage:
                                                                                                                                                          kubectl describe node <nodeIP>
                                                                                                                                                          
 
                                                                                                                                                          # kubectl describe node 192.168.0.0
@@ -247,13 +268,12 @@ Allocated resources:
   cpu                 4950m (126%)  4950m (126%)
   memory             1712Mi (27%)  1712Mi (27%)
                                                                                                                                                          
 
                                                                                                                                                          7. 
-
-
                                                                                                                                                          Hybrid Deployment Example
                                                                                                                                                          The following uses an example to describe how to deploy online and offline jobs in hybrid mode.
                                                                                                                                                          
+
                                                                                                                                                          Deployment Example
                                                                                                                                                          The following uses an example to describe how to deploy online and offline jobs in hybrid mode.
                                                                                                                                                          
 
                                                                                                                                                          1. Assume that a cluster has two nodes: one oversubscribed node and one non-oversubscribed node.
                                                                                                                                                            # kubectl get node
 NAME           STATUS   ROLES    AGE    VERSION
 192.168.0.173   Ready    <none>   4h58m   v1.19.16-r2-CCE22.5.1
 192.168.0.3     Ready    <none>   148m    v1.19.16-r2-CCE22.5.1
                                                                                                                                                            
-
                                                                                                                                                            • 192.168.0.173 is an oversubscribed node (with the volcano.sh/oversubscirption=true label).
                                                                                                                                                            • 192.168.0.3 is a non-oversubscribed node (without the volcano.sh/oversubscirption=true label).
                                                                                                                                                            
+
                                                                                                                                                            • 192.168.0.173 is an oversubscribed node (with the volcano.sh/oversubscription=true label).
                                                                                                                                                            • 192.168.0.3 is a non-oversubscribed node (without the volcano.sh/oversubscription=true label).
                                                                                                                                                            
 
                                                                                                                                                            # kubectl describe node 192.168.0.173
 Name:               192.168.0.173
 Roles:              <none>
@@ -275,9 +295,10 @@ spec:
       labels:
         app: offline
       annotations:
-        volcano.sh/qos-level: "-1"       #Offline job label
+        volcano.sh/qos-level: "-1"       # Offline job label
     spec:
-      schedulerName: volcano             # The Volcano scheduler is used.
+      schedulerName: volcano             # The volcano scheduler is used.
+      priorityClassName: testing         # Configure the testing priorityClass.
       containers:
         - name: container-1
           image: nginx:latest
@@ -312,7 +333,8 @@ spec:
       labels:
         app: online
     spec:
-      schedulerName: volcano                 # The Volcano scheduler is used.
+      schedulerName: volcano                 # The volcano scheduler is used.
+      priorityClassName: production          # Configure the production priorityClass.
       containers:
         - name: container-1
           image: resource_consumer:latest
@@ -347,7 +369,7 @@ spec:
       labels:
         app: online
     spec:
-       affinity:                              # Submit an online job to an oversubscribed node.
+       affinity:                             # Submit an online job to an oversubscribed node.
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
@@ -356,7 +378,8 @@ spec:
                 operator: In
                 values:
                 - 192.168.0.173
-      schedulerName: volcano                 # The Volcano scheduler is used.
+      schedulerName: volcano                 # The volcano scheduler is used.
+      priorityClassName: production          # Configure the production priorityClass.
       containers:
         - name: container-1
           image: resource_consumer:latest
@@ -406,157 +429,13 @@ online-6f44bb68bd-g6xk8   1/1     Running   0       24m   192.168.10.69  192.168
 
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          
-
                                                                                                                                                          1. Log in to the CCE console and access the cluster console.
                                                                                                                                                          2. In the navigation pane on the left, choose Nodes. Click the Node Pools tab. When creating or updating a node pool, enable hybrid deployment of online and offline services in Advanced Settings.
                                                                                                                                                            
-
                                                                                                                                                          3. In the navigation pane on the left, choose Add-ons. Click Install under volcano. In the Advanced Settings area, set colocation_enable to true to enable hybrid deployment of online and offline services. For details about the installation, see volcano.
                                                                                                                                                            If the volcano add-on has been installed, click Edit to view or modify the parameter colocation_enable.
                                                                                                                                                            
-
                                                                                                                                                            
-
                                                                                                                                                          4. Enable CPU Burst.
                                                                                                                                                            After confirming that the volcano add-on is working, run the following command to edit the parameter configmap of volcano-agent-configuration in the namespace kube-system. If enable is set to true, CPU Burst is enabled. If enable is set to false, CPU Burst is disabled.
                                                                                                                                                            kubectl edit configmap -nkube-system volcano-agent-configuration
                                                                                                                                                            
-
                                                                                                                                                            
-
                                                                                                                                                            Example:
                                                                                                                                                            
-
                                                                                                                                                            cpuBurstConfig: 
-  enable: true
                                                                                                                                                            
-
                                                                                                                                                          5. Deploy a workload in a node pool where hybrid deployment has been enabled. Take Nginx as an example. Set cpu under requests to 2 and cpu under limits to 4, and create a Service that can be accessed in the cluster for the workload.
                                                                                                                                                            apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nginx
-  namespace: default
-spec:
-  replicas: 2
-  selector:
-    matchLabels:
-      app: nginx
-  template:
-    metadata:
-      labels:
-        app: nginx
-      annotations: 
-        volcano.sh/enable-quota-burst=true
-        volcano.sh/quota-burst-time=200000
-    spec:
-      containers:
-      - name: container-1
-        image: nginx:latest
-        resources:
-          limits:
-            cpu: "4"
-          requests:
-            cpu: "2"
-      imagePullSecrets:
-        - name: default-secret
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: nginx
-  namespace: default
-  labels:
-    app: nginx
-spec:
-  selector:
-    app: nginx
-  ports:
-    - name: cce-service-0
-      targetPort: 80
-      nodePort: 0
-      port: 80
-      protocol: TCP
-  type: ClusterIP
                                                                                                                                                            
-
                                                                                                                                                            
-
                                                                                                                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                            Annotation
                                                                                                                                                            
-
                                                                                                                                                            Mandatory
                                                                                                                                                            
-
                                                                                                                                                            Description
                                                                                                                                                            
-
                                                                                                                                                            volcano.sh/enable-quota-burst=true
                                                                                                                                                            
-
                                                                                                                                                            Yes
                                                                                                                                                            
-
                                                                                                                                                            CPU Burst is enabled for the workload.
                                                                                                                                                            
-
                                                                                                                                                            volcano.sh/quota-burst-time=200000
                                                                                                                                                            
-
                                                                                                                                                            No
                                                                                                                                                            
-
                                                                                                                                                            To ensure CPU scheduling stability and reduce contention when multiple containers encounter CPU bursts at the same time, the default CPU Burst value is the same as the CPU Quota value. That is, a container can use a maximum of twice the CPU Limit value. By default, CPU Burst is set for all service containers in a pod.
                                                                                                                                                            
-
                                                                                                                                                            In this example, the CPU Limit of the container is 4, that is, the default value is 400,000 (1 core = 100,000), indicating that a maximum of four additional cores can be used after the CPU Limit value is reached.
                                                                                                                                                            
-
                                                                                                                                                            
-
                                                                                                                                                            
-
                                                                                                                                                            
-
                                                                                                                                                          6. Verify CPU Burst.
                                                                                                                                                            You can use the wrk tool to increase load of the workload and observe the service latency, traffic limiting, and CPU limit exceeding when CPU Burst is enabled and disabled, respectively.
                                                                                                                                                            
-
                                                                                                                                                            1. Run the following command to increase load of the pod. $service_ip indicates the service IP address associated with the pod.
                                                                                                                                                              # You need to download and install the wrk tool on the node.
-# The Gzip compression module is enabled in the Apache configuration to simulate the computing logic for the server to process requests.
-# Run the following command to increase the load. Note that you need to change the IP address of the target application.
-wrk -H "Accept-Encoding: deflate, gzip" -t 4 -c 28 -d 120  --latency --timeout 2s http://$service_ip
                                                                                                                                                              
-
                                                                                                                                                            2. Obtain the pod ID.
                                                                                                                                                              kubectl get pods -n <namespace> <pod-name> -o jsonpath='{.metadata.uid}'
                                                                                                                                                              
-
                                                                                                                                                            3. You can run the following command on the node to view the traffic limiting status and CPU limit exceeding status. In the command, $PodID indicates the pod ID.
                                                                                                                                                              $cat /sys/fs/cgroup/cpuacct/kubepods/$PodID/cpu.stat
-nr_periods 0  # Number of scheduling periods
-nr_throttled 0  # Traffic limiting times
-throttled_time 0  # Traffic limiting duration (ns)
-nr_bursts 0 # CPU Limit exceeding times
-burst_time 0 # Total Limit exceeding duration
                                                                                                                                                              
-
-
                                                                                                                                                              
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                              Table 3 Result summary in this example
                                                                                                                                                              CPU Burst
                                                                                                                                                              
-
                                                                                                                                                              P99 Latency
                                                                                                                                                              
-
                                                                                                                                                              nr_throttled
                                                                                                                                                              
-
                                                                                                                                                              Traffic Limiting Times
                                                                                                                                                              
-
                                                                                                                                                              throttled_time
                                                                                                                                                              
-
                                                                                                                                                              Traffic Limiting Duration
                                                                                                                                                              
-
                                                                                                                                                              nr_bursts
                                                                                                                                                              
-
                                                                                                                                                              Limit Exceeding Times
                                                                                                                                                              
-
                                                                                                                                                              bursts_time
                                                                                                                                                              
-
                                                                                                                                                              Total Limit Exceeding Duration
                                                                                                                                                              
-
                                                                                                                                                              CPU Burst not enabled
                                                                                                                                                              
-
                                                                                                                                                              2.96 ms
                                                                                                                                                              
-
                                                                                                                                                              986
                                                                                                                                                              
-
                                                                                                                                                              14.3s
                                                                                                                                                              
-
                                                                                                                                                              0
                                                                                                                                                              
-
                                                                                                                                                              0
                                                                                                                                                              
-
                                                                                                                                                              CPU Burst enabled
                                                                                                                                                              
-
                                                                                                                                                              456 µs
                                                                                                                                                              
-
                                                                                                                                                              0
                                                                                                                                                              
-
                                                                                                                                                              0
                                                                                                                                                              
-
                                                                                                                                                              469
                                                                                                                                                              
-
                                                                                                                                                              3.7s
                                                                                                                                                              
-
                                                                                                                                                              
-
                                                                                                                                                              
-
                                                                                                                                                            
-
                                                                                                                                                          
 
                                                                                                                                                          Handling Suggestions
                                                                                                                                                          • After kubelet of the oversubscribed node is restarted, the resource view of the Volcano scheduler is not synchronized with that of kubelet. As a result, OutOfCPU occurs in some newly scheduled jobs, which is normal. After a period of time, the Volcano scheduler can properly schedule online and offline jobs.
                                                                                                                                                          • After online and offline jobs are submitted, you are not advised to dynamically change the job type (adding or deleting annotation volcano.sh/qos-level: "-1") because the current kernel does not support the change of an offline job to an online job.
                                                                                                                                                          • CCE collects the resource usage (CPU/memory) of all pods running on a node based on the status information in the cgroups system. The resource usage may be different from the monitored resource usage, for example, the resource statistics displayed by running the top command.
                                                                                                                                                          • You can add oversubscribed resources (such as CPU and memory) at any time.
                                                                                                                                                            You can reduce the oversubscribed resource types only when the resource allocation rate does not exceed 100%.
                                                                                                                                                            
-
                                                                                                                                                          
+
                                                                                                                                                        7. If an offline job is deployed on a node ahead of an online job and the online job cannot be scheduled due to insufficient resources, configure a higher priorityClass for the online job than that for the offline job.
                                                                                                                                                        8. If there are only online jobs on a node and the eviction threshold is reached, the offline jobs that are scheduled to the current node will be evicted soon. This is normal.
                                                                                                                                                          9. 
 
                                                                                                                                                          
 
 
                                                                                                                                                          
 
                                                                                                                                                          
-
                                                                                                                                                          Parent topic: Volcano Scheduling
                                                                                                                                                          
+
                                                                                                                                                          Parent topic: Cloud Native Hybrid Deployment
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          
 
diff --git a/docs/cce/umn/cce_10_0385.html b/docs/cce/umn/cce_10_0385.html
index b45204457..255acb320 100644
--- a/docs/cce/umn/cce_10_0385.html
+++ b/docs/cce/umn/cce_10_0385.html
@@ -1,275 +1,636 @@
 
 
-
                                                                                                                                                          Service Annotations
                                                                                                                                                          
-
                                                                                                                                                          CCE allows you to add annotations to a YAML file to realize some advanced Service functions. The following table describes the annotations you can add.
                                                                                                                                                          
-
                                                                                                                                                          The annotations of a Service are the parameters that need to be specified for connecting to a load balancer. For details about how to use the annotations, see Using kubectl to Create a Service (Automatically Creating a Load Balancer).
                                                                                                                                                          
-
-
                                                                                                                                                          Table 1 Service annotations
                                                                                                                                                          Parameter
                                                                                                                                                          
+
                                                                                                                                                          Using Annotations to Configure Load Balancing
                                                                                                                                                          
+
                                                                                                                                                          You can add annotations to a YAML file to use some CCE advanced functions. This section describes the available annotations when a LoadBalancer service is created.
                                                                                                                                                          
+
+
                                                                                                                                                          Interconnection with ELB
                                                                                                                                                          
+
                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                          Table 1 Annotations for interconnecting with ELB
                                                                                                                                                          Parameter
                                                                                                                                                          
 
                                                                                                                                                          Type
                                                                                                                                                          
+
                                                                                                                                                          Type
                                                                                                                                                          
 
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
 
                                                                                                                                                          Default Value on the Console
                                                                                                                                                          
-
                                                                                                                                                          Supported Cluster Version
                                                                                                                                                          
+
                                                                                                                                                          Supported Cluster Version
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
                                                                                                                                                          kubernetes.io/elb.class
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.class
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          Select a proper load balancer type.
                                                                                                                                                          
-
                                                                                                                                                          The value can be:
                                                                                                                                                          
-
                                                                                                                                                          • union: shared load balancer
                                                                                                                                                          • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                                                                                                                                                          
+
                                                                                                                                                          Select a proper load balancer type.
                                                                                                                                                          
+
                                                                                                                                                          • union: shared load balancer
                                                                                                                                                          • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                                                                                                                                                          
 
                                                                                                                                                          performance
                                                                                                                                                          
-
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
+
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          kubernetes.io/elb.id
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.id
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          ID of a load balancer. The value can contain 1 to 100 characters.
                                                                                                                                                          
-
                                                                                                                                                          Mandatory when an existing load balancer is to be associated.
                                                                                                                                                          
-
                                                                                                                                                          How to obtain:
                                                                                                                                                          
-
                                                                                                                                                          On the management console, click Service List, and choose Networking > Elastic Load Balance. Click the name of the target load balancer. On the Summary tab page, find and copy the ID.
                                                                                                                                                          
+
                                                                                                                                                          Mandatory when an existing load balancer is to be associated.
                                                                                                                                                          
+
                                                                                                                                                          ID of a load balancer.
                                                                                                                                                          
+
                                                                                                                                                          How to obtain:
                                                                                                                                                          
+
                                                                                                                                                          On the management console, click Service List, and choose Networking > Elastic Load Balance. Click the name of the target load balancer. On the Summary tab page, find and copy the ID.
                                                                                                                                                          
+
                                                                                                                                                           NOTE: 
                                                                                                                                                          The system preferentially connects to the load balancer based on the kubernetes.io/elb.id field. If this field is not specified, the spec.loadBalancerIP field is used (optional and available only in 1.23 and earlier versions).
                                                                                                                                                          
+
                                                                                                                                                          Do not use the spec.loadBalancerIP field to connect to the load balancer. This field will be discarded by Kubernetes. For details, see Deprecation.
                                                                                                                                                          
+
                                                                                                                                                          
 
                                                                                                                                                          None
                                                                                                                                                          
-
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
+
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          kubernetes.io/elb.subnet-id
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.autocreate
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Table 9
                                                                                                                                                          
 
                                                                                                                                                          ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                                                                                                                                                          
-
                                                                                                                                                          • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                                                                                                                                                          • Optional for clusters later than v1.11.7-r0.
                                                                                                                                                          
-
                                                                                                                                                          None
                                                                                                                                                          
-
                                                                                                                                                          Mandatory for versions earlier than v1.11.7-r0
                                                                                                                                                          
-
                                                                                                                                                          Discarded in versions later than v1.11.7-r0
                                                                                                                                                          
-
                                                                                                                                                          kubernetes.io/elb.autocreate
                                                                                                                                                          
-
                                                                                                                                                          Table 2
                                                                                                                                                          
-
                                                                                                                                                          Whether to automatically create a load balancer associated with the Service.
                                                                                                                                                          
-
                                                                                                                                                          Example:
                                                                                                                                                          
-
                                                                                                                                                          • If a public network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                                                            {"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}
                                                                                                                                                            
-
                                                                                                                                                          • If a private network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                                                            {"type":"inner","name":"A-location-d-test"}
                                                                                                                                                            
+
                                                                                                                                                          Mandatory when load balancers are automatically created.
                                                                                                                                                          
+
                                                                                                                                                          Example:
                                                                                                                                                          
+
                                                                                                                                                          • If a public network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                                                            {"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}
                                                                                                                                                            
+
                                                                                                                                                          • If a private network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                                                            {"type":"inner","name":"A-location-d-test"}
                                                                                                                                                            
 
                                                                                                                                                          
 
                                                                                                                                                          None
                                                                                                                                                          
-
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
+
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          kubernetes.io/elb.lb-algorithm
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.subnet-id
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          Specifies the load balancing algorithm of the backend server group.
                                                                                                                                                          
-
                                                                                                                                                          Value:
                                                                                                                                                          
-
                                                                                                                                                          • ROUND_ROBIN: weighted round robin algorithm
                                                                                                                                                          • LEAST_CONNECTIONS: weighted least connections algorithm
                                                                                                                                                          • SOURCE_IP: source IP hash algorithm
                                                                                                                                                          
-
                                                                                                                                                          When the value is SOURCE_IP, the weights of backend servers in the server group are invalid.
                                                                                                                                                          
+
                                                                                                                                                          Optional when load balancers are automatically created.
                                                                                                                                                          
+
                                                                                                                                                          ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                                                                                                                                                          
+
                                                                                                                                                          • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                                                                                                                                                          • Optional for clusters later than v1.11.7-r0.
                                                                                                                                                          
 
                                                                                                                                                          ROUND_ROBIN
                                                                                                                                                          
-
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
+
                                                                                                                                                          Mandatory for versions earlier than v1.11.7-r0
                                                                                                                                                          
+
                                                                                                                                                          Discarded in versions later than v1.11.7-r0
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          kubernetes.io/elb.health-check-flag
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.lb-algorithm
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          Whether to enable the ELB health check.
                                                                                                                                                          
-
                                                                                                                                                          • Enabling health check: Leave blank this parameter or set it to on.
                                                                                                                                                          • Disabling health check: Set this parameter to off.
                                                                                                                                                          
-
                                                                                                                                                          If this parameter is enabled, the kubernetes.io/elb.health-check-option field must also be specified at the same time.
                                                                                                                                                          
+
                                                                                                                                                          Specifies the load balancing algorithm of the backend server group. The default value is ROUND_ROBIN.
                                                                                                                                                          
+
                                                                                                                                                          Options:
                                                                                                                                                          
+
                                                                                                                                                          • ROUND_ROBIN: weighted round robin algorithm
                                                                                                                                                          • LEAST_CONNECTIONS: weighted least connections algorithm
                                                                                                                                                          • SOURCE_IP: source IP hash algorithm
                                                                                                                                                          
+
                                                                                                                                                           NOTE: 
                                                                                                                                                          If this parameter is set to SOURCE_IP, the weight setting (weight field) of backend servers bound to the backend server group is invalid, and sticky session cannot be enabled.
                                                                                                                                                          
+
                                                                                                                                                          
 
                                                                                                                                                          off
                                                                                                                                                          
-
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
-
                                                                                                                                                          kubernetes.io/elb.health-check-option
                                                                                                                                                          
-
                                                                                                                                                          Table 3
                                                                                                                                                          
-
                                                                                                                                                          ELB health check configuration items.
                                                                                                                                                          
-
                                                                                                                                                          None
                                                                                                                                                          
-
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
-
                                                                                                                                                          kubernetes.io/elb.session-affinity-mode
                                                                                                                                                          
-
                                                                                                                                                          String
                                                                                                                                                          
-
                                                                                                                                                          Listeners ensure session stickiness based on IP addresses. Requests from the same IP address will be forwarded to the same backend server.
                                                                                                                                                          
-
                                                                                                                                                          • Disabling sticky session: Do not set this parameter.
                                                                                                                                                          • Enabling sticky session: Set this parameter to SOURCE_IP, indicating that the sticky session is based on the source IP address.
                                                                                                                                                          
-
                                                                                                                                                          None
                                                                                                                                                          
-
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
-
                                                                                                                                                          kubernetes.io/elb.session-affinity-option
                                                                                                                                                          
-
                                                                                                                                                          Table 4
                                                                                                                                                          
-
                                                                                                                                                          Sticky session timeout.
                                                                                                                                                          
-
                                                                                                                                                          None
                                                                                                                                                          
-
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
-
                                                                                                                                                          kubernetes.io/hws-hostNetwork
                                                                                                                                                          
-
                                                                                                                                                          Boolean
                                                                                                                                                          
-
                                                                                                                                                          Whether the workload Services use the host network. Setting this parameter to true will enable the load balancer to forward requests to the host network.
                                                                                                                                                          
-
                                                                                                                                                          The value is true or false.
                                                                                                                                                          
-
                                                                                                                                                          The default value is false, indicating that the host network is not used.
                                                                                                                                                          
-
                                                                                                                                                          None
                                                                                                                                                          
-
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
+
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
                                                                                                                                                           
 
                                                                                                                                                          
 
                                                                                                                                                          
-
-
                                                                                                                                                          Table 2 Data structure of the elb.autocreate field
                                                                                                                                                          Parameter
                                                                                                                                                          
+
                                                                                                                                                          The following shows how to use the preceding annotations:
                                                                                                                                                          
+
                                                                                                                                                          • Associating an existing load balancer. For details, see Using kubectl to Create a Service (Using an Existing Load Balancer).
                                                                                                                                                            apiVersion: v1 
+kind: Service 
+metadata: 
+  name: nginx
+  annotations:
+    kubernetes.io/elb.id: <your_elb_id>                         # ELB ID. Replace it with the actual value.
+    kubernetes.io/elb.class: performance                        # Load balancer type
+    kubernetes.io/elb.lb-algorithm: ROUND_ROBIN                   # Load balancer algorithm
+spec:
+  selector: 
+     app: nginx
+  ports: 
+  - name: service0 
+    port: 80
+    protocol: TCP 
+    targetPort: 80
+  type: LoadBalancer
                                                                                                                                                            
+
                                                                                                                                                          • Automatically creating a load balancer. For details, see Using kubectl to Create a Service (Automatically Creating a Load Balancer).
                                                                                                                                                            Shared load balancer:
                                                                                                                                                            apiVersion: v1 
+kind: Service 
+metadata: 
+  annotations:   
+    kubernetes.io/elb.class: union
+    kubernetes.io/elb.autocreate: '{
+      "type": "public",
+      "bandwidth_name": "cce-bandwidth-1551163379627",
+      "bandwidth_chargemode": "bandwidth",
+      "bandwidth_size": 5,
+      "bandwidth_sharetype": "PER",
+      "eip_type": "5_bgp"
+    }'
+    kubernetes.io/elb.enterpriseID: '0'               # ID of the enterprise project to which the load balancer belongs
+    kubernetes.io/elb.lb-algorithm: ROUND_ROBIN     # Load balancer algorithm
+  labels: 
+    app: nginx 
+  name: nginx 
+spec: 
+  ports: 
+  - name: service0 
+    port: 80
+    protocol: TCP 
+    targetPort: 80
+  selector: 
+    app: nginx 
+  type: LoadBalancer
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            Dedicated load balancer:
                                                                                                                                                            apiVersion: v1
+kind: Service
+metadata:
+  name: nginx
+  labels:
+    app: nginx
+  namespace: default
+  annotations:
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.autocreate: '{
+      "type": "public",
+      "bandwidth_name": "cce-bandwidth-1626694478577",
+      "bandwidth_chargemode": "bandwidth",
+      "bandwidth_size": 5,
+      "bandwidth_sharetype": "PER",
+      "eip_type": "5_bgp",
+      "available_zone": [
+         ""
+      ],
+      "l4_flavor_name": "L4_flavor.elb.s1.small"
+    }'
+    kubernetes.io/elb.enterpriseID: '0'               # ID of the enterprise project to which the load balancer belongs
+    kubernetes.io/elb.lb-algorithm: ROUND_ROBIN     # Load balancer algorithm
+spec:
+  selector:
+    app: nginx
+  ports:
+  - name: cce-service-0
+    targetPort: 80
+    nodePort: 0
+    port: 80
+    protocol: TCP
+  type: LoadBalancer
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                          
+
+
                                                                                                                                                          Sticky Session
                                                                                                                                                          
+
                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
+
                                                                                                                                                          Table 2 Annotations for sticky session
                                                                                                                                                          Parameter
                                                                                                                                                          
 
                                                                                                                                                          Mandatory
                                                                                                                                                          
+
                                                                                                                                                          Type
                                                                                                                                                          
 
                                                                                                                                                          Type
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
 
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          Supported Cluster Version
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
                                                                                                                                                          name
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.session-affinity-mode
                                                                                                                                                          
 
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Source IP address-based sticky session is supported. That is, access requests from the same IP address are forwarded to the same backend server.
                                                                                                                                                          
+
                                                                                                                                                          • Disabling sticky session: Do not configure this parameter.
                                                                                                                                                          • Enabling sticky session: Set this parameter to SOURCE_IP, indicating that the sticky session is based on the source IP address.
                                                                                                                                                          
+
                                                                                                                                                           NOTE: 
                                                                                                                                                          When kubernetes.io/elb.lb-algorithm is set to SOURCE_IP (source IP address algorithm), sticky session cannot be enabled.
                                                                                                                                                          
+
                                                                                                                                                          
 
                                                                                                                                                          Name of the load balancer that is automatically created.
                                                                                                                                                          
-
                                                                                                                                                          Value range: 1 to 64 characters, including lowercase letters, digits, and underscores (_). The value must start with a lowercase letter and end with a lowercase letter or digit.
                                                                                                                                                          
-
                                                                                                                                                          Default: cce-lb+service.UID
                                                                                                                                                          
+
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          type
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.session-affinity-option
                                                                                                                                                          
 
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          Table 12
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Sticky session timeout.
                                                                                                                                                          
 
                                                                                                                                                          Network type of the load balancer.
                                                                                                                                                          
-
                                                                                                                                                          • public: public network load balancer
                                                                                                                                                          • inner: private network load balancer
                                                                                                                                                          
-
                                                                                                                                                          Default: inner
                                                                                                                                                          
+
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          bandwidth_name
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          The following shows how to use the preceding annotations:
                                                                                                                                                          apiVersion: v1 
+kind: Service 
+metadata: 
+  name: nginx
+  annotations:
+    kubernetes.io/elb.id: <your_elb_id>                         # ELB ID. Replace it with the actual value.
+    kubernetes.io/elb.class: union                   # Load balancer type
+    kubernetes.io/elb.session-affinity-mode: SOURCE_IP          # The sticky session type is source IP address.
+    kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration (min)
+spec:
+  selector: 
+     app: nginx
+  ports: 
+  - name: service0 
+    port: 80
+    protocol: TCP 
+    targetPort: 80
+  type: LoadBalancer
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          Health Check
                                                                                                                                                          
+
                                                                                                                                                          
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
+
                                                                                                                                                          Table 3 Annotations for health check
                                                                                                                                                          Parameter
                                                                                                                                                          
+
                                                                                                                                                          Type
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          Supported Cluster Version
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.health-check-flag
                                                                                                                                                          
 
                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Whether to enable the ELB health check.
                                                                                                                                                          
+
                                                                                                                                                          • Enabling health check: Leave blank this parameter or set it to on.
                                                                                                                                                          • Disabling health check: Set this parameter to off.
                                                                                                                                                          
+
                                                                                                                                                          If this parameter is enabled, the kubernetes.io/elb.health-check-option field must also be specified at the same time.
                                                                                                                                                          
 
                                                                                                                                                          Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                                                          
-
                                                                                                                                                          Value range: 1 to 64 characters, including lowercase letters, digits, and underscores (_). The value must start with a lowercase letter and end with a lowercase letter or digit.
                                                                                                                                                          
+
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          bandwidth_chargemode
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.health-check-option
                                                                                                                                                          
 
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          Table 10
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          ELB health check configuration items.
                                                                                                                                                          
 
                                                                                                                                                          Bandwidth mode.
                                                                                                                                                          
-
+
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          bandwidth_size
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.health-check-options
                                                                                                                                                          
 
                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                          
+
                                                                                                                                                          Table 11
                                                                                                                                                          
 
                                                                                                                                                          Integer
                                                                                                                                                          
+
                                                                                                                                                          ELB health check configuration item. Each Service port can be configured separately, and you can configure only some ports.
                                                                                                                                                          
+
                                                                                                                                                           NOTE: 
                                                                                                                                                          kubernetes.io/elb.health-check-option and kubernetes.io/elb.health-check-options cannot be configured at the same time.
                                                                                                                                                          
+
                                                                                                                                                          
 
                                                                                                                                                          Bandwidth size. The default value is 1 to 2000 Mbit/s. Set this parameter based on the bandwidth range allowed in your region.
                                                                                                                                                          
+
                                                                                                                                                          v1.19.16-r5 or later
                                                                                                                                                          
+
                                                                                                                                                          v1.21.8-r0 or later
                                                                                                                                                          
+
                                                                                                                                                          v1.23.6-r0 or later
                                                                                                                                                          
+
                                                                                                                                                          v1.25.2-r0 or later
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          bandwidth_sharetype
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          • The following shows how to use kubernetes.io/elb.health-check-option:
                                                                                                                                                            apiVersion: v1 
+kind: Service 
+metadata: 
+  name: nginx
+  annotations:
+    kubernetes.io/elb.id: <your_elb_id>                         # ELB ID. Replace it with the actual value.
+    kubernetes.io/elb.class: union                   # Load balancer type
+    kubernetes.io/elb.health-check-flag: 'on'                   # Enable the ELB health check function.
+    kubernetes.io/elb.health-check-option: '{
+      "protocol":"TCP",
+      "delay":"5",
+      "timeout":"10",
+      "max_retries":"3"
+    }'
+spec:
+  selector: 
+     app: nginx
+  ports: 
+  - name: service0 
+    port: 80
+    protocol: TCP 
+    targetPort: 80
+  type: LoadBalancer
                                                                                                                                                            
+
                                                                                                                                                          • For details about how to use kubernetes.io/elb.health-check-options, see Configuring Health Check for Multiple Ports.
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          HTTP Protocol
                                                                                                                                                          
+
                                                                                                                                                          
+
+
+
+
+
+
-
-
-
-
-
-
-
-
+
                                                                                                                                                          Table 4 Annotations for using HTTP protocols
                                                                                                                                                          Parameter
                                                                                                                                                          
+
                                                                                                                                                          Type
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          Supported Cluster Version
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.protocol-port
                                                                                                                                                          
 
                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Layer-7 forwarding configuration port used by the Service.
                                                                                                                                                          
 
                                                                                                                                                          Bandwidth sharing mode.
                                                                                                                                                          
-
                                                                                                                                                          • PER: dedicated bandwidth
                                                                                                                                                          
+
                                                                                                                                                          v1.19.16 or later
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          eip_type
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.cert-id
                                                                                                                                                          
 
                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          HTTP certificate used by the Service for Layer-7 forwarding.
                                                                                                                                                          
 
                                                                                                                                                          EIP type.
                                                                                                                                                          
-
                                                                                                                                                          • 5_bgp: dynamic BGP
                                                                                                                                                          • 5_sbgp: static BGP
                                                                                                                                                          
+
                                                                                                                                                          v1.19.16 or later
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          available_zone
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          For details about the application scenarios, see Service Using HTTP.
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          Dynamic Adjustment of the Weight of the Backend ECS
                                                                                                                                                          
+
                                                                                                                                                          
+
+
+
+
+
+
-
-
-
-
+
                                                                                                                                                          Table 5 Annotations for dynamically adjusting the weight of the backend ECS
                                                                                                                                                          Parameter
                                                                                                                                                          
+
                                                                                                                                                          Type
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          Supported Cluster Version
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.adaptive-weight
                                                                                                                                                          
 
                                                                                                                                                          Yes
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          Array of strings
                                                                                                                                                          
+
                                                                                                                                                          Dynamically adjusts the weight of the load balancer backend ECS based on pods. The requests received by each pod are more balanced.
                                                                                                                                                          
+
                                                                                                                                                          • true: enabled
                                                                                                                                                          • false: disabled
                                                                                                                                                          
+
                                                                                                                                                          This parameter applies only to clusters of v1.21 or later and is invalid in passthrough networking.
                                                                                                                                                          
 
                                                                                                                                                          AZ where the load balancer is located.
                                                                                                                                                          
-
                                                                                                                                                          This parameter is available only for dedicated load balancers.
                                                                                                                                                          
+
                                                                                                                                                          v1.21 or later
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          l4_flavor_name
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          The following shows how to use the preceding annotations:
                                                                                                                                                          apiVersion: v1 
+kind: Service 
+metadata: 
+  name: nginx
+  annotations:
+    kubernetes.io/elb.id: <your_elb_id>                         # ELB ID. Replace it with the actual value.
+    kubernetes.io/elb.class: union                   # Load balancer type
+    kubernetes.io/elb.adaptive-weight: 'true'                   # Enable dynamic adjustment of the weight of the backend ECS.
+spec:
+  selector: 
+     app: nginx
+  ports: 
+  - name: service0 
+    port: 80
+    protocol: TCP 
+    targetPort: 80
+  type: LoadBalancer
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          Pass-through Capability
                                                                                                                                                          
+
                                                                                                                                                          
+
+
+
+
+
+
-
-
-
-
+
                                                                                                                                                          Table 6 Annotations for pass-through capability
                                                                                                                                                          Parameter
                                                                                                                                                          
+
                                                                                                                                                          Type
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          Supported Cluster Version
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.pass-through
                                                                                                                                                          
 
                                                                                                                                                          Yes
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Whether the access requests from within the cluster to the Service pass through the ELB load balancer.
                                                                                                                                                          
 
                                                                                                                                                          Flavor name of the layer-4 load balancer.
                                                                                                                                                          
-
                                                                                                                                                          This parameter is available only for dedicated load balancers.
                                                                                                                                                          
+
                                                                                                                                                          v1.19 or later
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          l7_flavor_name
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          For details about the application scenarios, see Enabling Passthrough Networking for LoadBalancer Services.
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          Whitelist
                                                                                                                                                          
+
                                                                                                                                                          
+
+
+
+
+
+
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
                                                                                                                                                          Table 7 Annotations for ELB access list
                                                                                                                                                          Parameter
                                                                                                                                                          
+
                                                                                                                                                          Type
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          Supported Cluster Version
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.acl-id
                                                                                                                                                          
 
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          This parameter is mandatory when you configure an IP address whitelist for a load balancer. The value of this parameter is the IP address group ID of the load balancer..
                                                                                                                                                          
+
                                                                                                                                                          This parameter takes effect only for dedicated load balancers and takes effect only when a Service is created or a new service port (listener) is specified.
                                                                                                                                                          
+
                                                                                                                                                          How to obtain:
                                                                                                                                                          
+
                                                                                                                                                          Log in to the console. In the Service List, choose Networking > Elastic Load Balance. On the Network Console, choose Elastic Load Balance > IP Address Groups and copy the ID of the target IP address group.
                                                                                                                                                          
 
                                                                                                                                                          Flavor name of the layer-7 load balancer.
                                                                                                                                                          
-
                                                                                                                                                          This parameter is available only for dedicated load balancers.
                                                                                                                                                          
+
                                                                                                                                                          v1.19.16, v1.21.4, or later
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          elb_virsubnet_ids
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.acl-status
                                                                                                                                                          
 
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          Array of strings
                                                                                                                                                          
+
                                                                                                                                                          This parameter is mandatory when you set an IP address whitelist for a load balancer. The value is on, indicating that access control is enabled.
                                                                                                                                                          
+
                                                                                                                                                          This parameter takes effect only for dedicated load balancers and takes effect only when a Service is created or a new service port (listener) is specified.
                                                                                                                                                          
 
                                                                                                                                                          Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Therefore, you are not advised to use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                                                                          
-
                                                                                                                                                          This parameter is available only for dedicated load balancers.
                                                                                                                                                          
-
                                                                                                                                                          Example:
                                                                                                                                                          
-
                                                                                                                                                          "elb_virsubnet_ids": [
+
                                                                                                                                                          v1.19.16, v1.21.4, or later
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/elb.acl-type
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          This parameter is mandatory when you set the IP address whitelist for a load balancer.
                                                                                                                                                          
+
                                                                                                                                                          • black: indicates the blacklist. The selected IP address group cannot access the ELB address.
                                                                                                                                                          • white: indicates the whitelist. Only the selected IP address group can access the ELB address.
                                                                                                                                                          
+
                                                                                                                                                          This parameter takes effect only for dedicated load balancers and takes effect only when a Service is created or a new service port (listener) is specified.
                                                                                                                                                          
+
                                                                                                                                                          v1.19.16, v1.21.4, or later
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          The following shows how to use the preceding annotations:
                                                                                                                                                          apiVersion: v1 
+kind: Service 
+metadata: 
+  name: nginx
+  annotations:
+    kubernetes.io/elb.id: <your_elb_id>                    # ELB ID. Replace it with the actual value.
+    kubernetes.io/elb.class: performance                   # Load balancer type
+    kubernetes.io/elb.acl-id: <your_acl_id>               # ELB IP address group ID
+    kubernetes.io/elb.acl-status: 'on'                    # Enable access control.
+    kubernetes.io/elb.acl-type: 'white'                   # Whitelist control
+spec:
+  selector: 
+     app: nginx
+  ports: 
+  - name: service0 
+    port: 80
+    protocol: TCP 
+    targetPort: 80
+  type: LoadBalancer
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          Host Network
                                                                                                                                                          
+
                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                          Table 8 Annotations for host network
                                                                                                                                                          Parameter
                                                                                                                                                          
+
                                                                                                                                                          Type
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          Supported Cluster Version
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/hws-hostNetwork
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          If the pod uses hostNetwork, the ELB forwards the request to the host network after this annotation is used.
                                                                                                                                                          
+
                                                                                                                                                          Options:
                                                                                                                                                          
+
                                                                                                                                                          • true: enabled
                                                                                                                                                          • false (default): disabled
                                                                                                                                                          
+
                                                                                                                                                          v1.9 or later
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          The following shows how to use the preceding annotations:
                                                                                                                                                          apiVersion: v1 
+kind: Service 
+metadata: 
+  name: nginx
+  annotations:
+    kubernetes.io/elb.id: <your_elb_id>                         # ELB ID. Replace it with the actual value.
+    kubernetes.io/elb.class: union                   # Load balancer type
+    kubernetes.io/hws-hostNetwork: 'true'                     # The load balancer forwards the request to the host network.
+spec:
+  selector: 
+     app: nginx
+  ports: 
+  - name: service0 
+    port: 80
+    protocol: TCP 
+    targetPort: 80
+  type: LoadBalancer
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          Data Structure
                                                                                                                                                          
+
                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -278,99 +639,185 @@
 
                                                                                                                                                          Table 9 Data structure of the elb.autocreate field
                                                                                                                                                          Parameter
                                                                                                                                                          
+
                                                                                                                                                          Mandatory
                                                                                                                                                          
+
                                                                                                                                                          Type
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          name
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Name of the automatically created load balancer.
                                                                                                                                                          
+
                                                                                                                                                          The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                                          
+
                                                                                                                                                          Default: cce-lb+service.UID
                                                                                                                                                          
+
                                                                                                                                                          type
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Network type of the load balancer.
                                                                                                                                                          
+
                                                                                                                                                          • public: public network load balancer
                                                                                                                                                          • inner: private network load balancer
                                                                                                                                                          
+
                                                                                                                                                          Default: inner
                                                                                                                                                          
+
                                                                                                                                                          bandwidth_name
                                                                                                                                                          
+
                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                                                          
+
                                                                                                                                                          The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                                          
+
                                                                                                                                                          bandwidth_chargemode
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Bandwidth mode.
                                                                                                                                                          
+
                                                                                                                                                          • bandwidth: billed by bandwidth
                                                                                                                                                          • traffic: billed by traffic
                                                                                                                                                          
+
                                                                                                                                                          Default: bandwidth
                                                                                                                                                          
+
                                                                                                                                                          bandwidth_size
                                                                                                                                                          
+
                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                          
+
                                                                                                                                                          Integer
                                                                                                                                                          
+
                                                                                                                                                          Bandwidth size. The default value is 1 to 2000 Mbit/s. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                                                          
+
                                                                                                                                                          The minimum increment for bandwidth adjustment varies depending on the bandwidth range.
                                                                                                                                                          • The minimum increment is 1 Mbit/s if the allowed bandwidth does not exceed 300 Mbit/s.
                                                                                                                                                          • The minimum increment is 50 Mbit/s if the allowed bandwidth ranges from 300 Mbit/s to 1000 Mbit/s.
                                                                                                                                                          • The minimum increment is 500 Mbit/s if the allowed bandwidth exceeds 1000 Mbit/s.
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          bandwidth_sharetype
                                                                                                                                                          
+
                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Bandwidth sharing mode.
                                                                                                                                                          
+
                                                                                                                                                          • PER: dedicated bandwidth
                                                                                                                                                          
+
                                                                                                                                                          eip_type
                                                                                                                                                          
+
                                                                                                                                                          Yes for public network load balancers
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          EIP type.
                                                                                                                                                          
+
                                                                                                                                                          • 5_bgp: dynamic BGP
                                                                                                                                                          
+
                                                                                                                                                          The specific type varies with regions. For details, see the EIP console.
                                                                                                                                                          
+
                                                                                                                                                          available_zone
                                                                                                                                                          
+
                                                                                                                                                          Yes
                                                                                                                                                          
+
                                                                                                                                                          Array of strings
                                                                                                                                                          
+
                                                                                                                                                          AZ where the load balancer is located.
                                                                                                                                                          
+
                                                                                                                                                          This parameter is available only for dedicated load balancers.
                                                                                                                                                          
+
                                                                                                                                                          l4_flavor_name
                                                                                                                                                          
+
                                                                                                                                                          Yes
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Flavor name of the layer-4 load balancer.
                                                                                                                                                          
+
                                                                                                                                                          This parameter is available only for dedicated load balancers.
                                                                                                                                                          
+
                                                                                                                                                          l7_flavor_name
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Flavor name of the layer-7 load balancer.
                                                                                                                                                          
+
                                                                                                                                                          This parameter is available only for dedicated load balancers. The value of this parameter must be the same as that of l4_flavor_name, that is, both are elastic specifications or fixed specifications.
                                                                                                                                                          
+
                                                                                                                                                          elb_virsubnet_ids
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          Array of strings
                                                                                                                                                          
+
                                                                                                                                                          Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Therefore, you are not advised to use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                                                                          
+
                                                                                                                                                          This parameter is available only for dedicated load balancers.
                                                                                                                                                          
+
                                                                                                                                                          Example:
                                                                                                                                                          
+
                                                                                                                                                          "elb_virsubnet_ids": [
    "14567f27-8ae4-42b8-ae47-9f847a4690dd"
  ]
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          
 
-
                                                                                                                                                          Table 3 Data structure description of the elb.health-check-option field
                                                                                                                                                          Parameter
                                                                                                                                                          
+
                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                          Table 10 Data structure description of the elb.health-check-option field
                                                                                                                                                          Parameter
                                                                                                                                                          
 
                                                                                                                                                          Mandatory
                                                                                                                                                          
+
                                                                                                                                                          Mandatory
                                                                                                                                                          
 
                                                                                                                                                          Type
                                                                                                                                                          
+
                                                                                                                                                          Type
                                                                                                                                                          
 
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
                                                                                                                                                          delay
                                                                                                                                                          
+
                                                                                                                                                          delay
                                                                                                                                                          
 
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          Initial waiting time (in seconds) for starting the health check.
                                                                                                                                                          
-
                                                                                                                                                          Value range: 1 to 50. Default value: 5
                                                                                                                                                          
+
                                                                                                                                                          Initial waiting time (in seconds) for starting the health check.
                                                                                                                                                          
+
                                                                                                                                                          Value range: 1 to 50. Default value: 5
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          timeout
                                                                                                                                                          
+
                                                                                                                                                          timeout
                                                                                                                                                          
 
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          Health check timeout, in seconds.
                                                                                                                                                          
-
                                                                                                                                                          Value range: 1 to 50. Default value: 10
                                                                                                                                                          
+
                                                                                                                                                          Health check timeout, in seconds.
                                                                                                                                                          
+
                                                                                                                                                          Value range: 1 to 50. Default value: 10
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          max_retries
                                                                                                                                                          
+
                                                                                                                                                          max_retries
                                                                                                                                                          
 
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          Maximum number of health check retries.
                                                                                                                                                          
-
                                                                                                                                                          Value range: 1 to 10. Default value: 3
                                                                                                                                                          
+
                                                                                                                                                          Maximum number of health check retries.
                                                                                                                                                          
+
                                                                                                                                                          Value range: 1 to 10. Default value: 3
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          protocol
                                                                                                                                                          
+
                                                                                                                                                          protocol
                                                                                                                                                          
 
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          Health check protocol.
                                                                                                                                                          
-
                                                                                                                                                          Default value: protocol of the associated Service
                                                                                                                                                          
-
                                                                                                                                                          Value options: TCP, UDP, or HTTP
                                                                                                                                                          
+
                                                                                                                                                          Health check protocol.
                                                                                                                                                          
+
                                                                                                                                                          Value options: TCP or HTTP
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          path
                                                                                                                                                          
+
                                                                                                                                                          path
                                                                                                                                                          
 
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                                                                          
-
                                                                                                                                                          Default value: /
                                                                                                                                                          
-
                                                                                                                                                          The value can contain 1 to 10,000 characters.
                                                                                                                                                          
+
                                                                                                                                                          Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                                                                          
+
                                                                                                                                                          Default value: /
                                                                                                                                                          
+
                                                                                                                                                          The value can contain 1 to 10,000 characters.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
                                                                                                                                                           
 
                                                                                                                                                          
 
                                                                                                                                                          
 
-
                                                                                                                                                          Table 4 Data structure of the elb.session-affinity-option field
                                                                                                                                                          Parameter
                                                                                                                                                          
+
                                                                                                                                                          
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                          Table 11 Data structure description of the elb.health-check-options field
                                                                                                                                                          Parameter
                                                                                                                                                          
 
                                                                                                                                                          Mandatory
                                                                                                                                                          
+
                                                                                                                                                          Mandatory
                                                                                                                                                          
 
                                                                                                                                                          Type
                                                                                                                                                          
+
                                                                                                                                                          Type
                                                                                                                                                          
 
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
                                                                                                                                                          persistence_timeout
                                                                                                                                                          
+
                                                                                                                                                          target_service_port
                                                                                                                                                          
 
                                                                                                                                                          Yes
                                                                                                                                                          
+
                                                                                                                                                          Yes
                                                                                                                                                          
 
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
 
                                                                                                                                                          Sticky session timeout, in minutes. This parameter is valid only when elb.session-affinity-mode is set to SOURCE_IP.
                                                                                                                                                          
-
                                                                                                                                                          Value range: 1 to 60. Default value: 60
                                                                                                                                                          
+
                                                                                                                                                          Port for health check specified by spec.ports. The value consists of the protocol and port number, for example, TCP:80.
                                                                                                                                                          
+
                                                                                                                                                          monitor_port
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Re-specified port for health check. If this parameter is not specified, the service port is used by default.
                                                                                                                                                          
+
                                                                                                                                                           NOTE: 
                                                                                                                                                          Ensure that the port is in the listening state on the node where the pod is located. Otherwise, the health check result will be affected.
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          delay
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Initial waiting time (in seconds) for starting the health check.
                                                                                                                                                          
+
                                                                                                                                                          Value range: 1 to 50. Default value: 5
                                                                                                                                                          
+
                                                                                                                                                          timeout
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Health check timeout, in seconds.
                                                                                                                                                          
+
                                                                                                                                                          Value range: 1 to 50. Default value: 10
                                                                                                                                                          
+
                                                                                                                                                          max_retries
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Maximum number of health check retries.
                                                                                                                                                          
+
                                                                                                                                                          Value range: 1 to 10. Default value: 3
                                                                                                                                                          
+
                                                                                                                                                          protocol
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Health check protocol.
                                                                                                                                                          
+
                                                                                                                                                          Default value: protocol of the associated Service
                                                                                                                                                          
+
                                                                                                                                                          Value options: TCP, UDP, or HTTP
                                                                                                                                                          
+
                                                                                                                                                          path
                                                                                                                                                          
+
                                                                                                                                                          No
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                                                                          
+
                                                                                                                                                          Default value: /
                                                                                                                                                          
+
                                                                                                                                                          The value can contain 1 to 10,000 characters.
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
                                                                                                                                                           
 
                                                                                                                                                          
 
                                                                                                                                                          
+
+
                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                          Table 12 Data structure of the elb.session-affinity-option field
                                                                                                                                                          Parameter
                                                                                                                                                          
+
                                                                                                                                                          Mandatory
                                                                                                                                                          
+
                                                                                                                                                          Type
                                                                                                                                                          
+
                                                                                                                                                          Description
                                                                                                                                                          
+
                                                                                                                                                          persistence_timeout
                                                                                                                                                          
+
                                                                                                                                                          Yes
                                                                                                                                                          
+
                                                                                                                                                          String
                                                                                                                                                          
+
                                                                                                                                                          Sticky session timeout, in minutes. This parameter is valid only when elb.session-affinity-mode is set to SOURCE_IP.
                                                                                                                                                          
+
                                                                                                                                                          Value range: 1 to 60. Default value: 60
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
 
 
                                                                                                                                                          
 
                                                                                                                                                          
-
                                                                                                                                                          Parent topic: Services
                                                                                                                                                          
+
                                                                                                                                                          Parent topic: LoadBalancer
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          
 
diff --git a/docs/cce/umn/cce_10_0386.html b/docs/cce/umn/cce_10_0386.html
index 2482173b7..3a291d523 100644
--- a/docs/cce/umn/cce_10_0386.html
+++ b/docs/cce/umn/cce_10_0386.html
@@ -1,9 +1,9 @@
 
 
-
                                                                                                                                                          Pod Labels and Annotations
                                                                                                                                                          
+
                                                                                                                                                          Labels and Annotations
                                                                                                                                                          
 
                                                                                                                                                          Pod Annotations
                                                                                                                                                          CCE allows you to add annotations to a YAML file to realize some advanced pod functions. The following table describes the annotations you can add.
                                                                                                                                                          
 
-
                                                                                                                                                          Table 1 Pod annotations
                                                                                                                                                          Annotation
                                                                                                                                                          
+
                                                                                                                                                          
@@ -15,34 +15,52 @@
 
-
-
+
+
+
+
+
+
+
+
                                                                                                                                                          Table 1 Pod annotations
                                                                                                                                                          Annotation
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          Description
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          Standard output parameter. If not specified, the standard log output of all containers is reported to AOM. You can collect stdout logs from certain containers or ignore them at all.
                                                                                                                                                          
 
                                                                                                                                                          Example:
                                                                                                                                                          
-
                                                                                                                                                          • Collecting none of the stdout logs:
                                                                                                                                                            kubernetes.AOM.log.stdout: '[]'
                                                                                                                                                            
-
                                                                                                                                                          • Collecting stdout logs of container-1 and container-2:
                                                                                                                                                            kubernetes.AOM.log.stdout: '["container-1","container-2"]'
                                                                                                                                                            
+
                                                                                                                                                            • Collecting none of the stdout logs:
                                                                                                                                                              kubernetes.AOM.log.stdout: '[]'
                                                                                                                                                              
+
                                                                                                                                                            • Collecting stdout logs of container-1 and container-2:
                                                                                                                                                              kubernetes.AOM.log.stdout: '["container-1","container-2"]'
                                                                                                                                                              
 
                                                                                                                                                            
 
                                                                                                                                                          -
                                                                                                                                                          
+
                                                                                                                                                          None
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
                                                                                                                                                          metrics.alpha.kubernetes.io/custom-endpoints
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          Parameter for reporting AOM monitoring metrics that you specify.
                                                                                                                                                          
-
                                                                                                                                                          For details, see Custom Monitoring.
                                                                                                                                                          
+
                                                                                                                                                          For details, see Monitoring Custom Metrics on AOM.
                                                                                                                                                          
 
                                                                                                                                                          -
                                                                                                                                                          
+
                                                                                                                                                          None
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/ingress-bandwidth
                                                                                                                                                          
+
                                                                                                                                                          Ingress bandwidth of a pod.
                                                                                                                                                          
+
                                                                                                                                                          For details, see Configuring QoS Rate Limiting for Inter-Pod Access.
                                                                                                                                                          
+
                                                                                                                                                          None
                                                                                                                                                          
+
                                                                                                                                                          kubernetes.io/egress-bandwidth
                                                                                                                                                          
+
                                                                                                                                                          Egress bandwidth of a pod.
                                                                                                                                                          
+
                                                                                                                                                          For details, see Configuring QoS Rate Limiting for Inter-Pod Access.
                                                                                                                                                          
+
                                                                                                                                                          None
                                                                                                                                                          
                                                                                                                                                           		
 
                                                                                                                                                          
 
 
                                                                                                                                                          
 
                                                                                                                                                          
 
-
                                                                                                                                                          Pod Labels
                                                                                                                                                          When you create a workload on the console, the following labels are added to the pod by default. The value of app is the workload name. You can add labels as required.
                                                                                                                                                          
-
                                                                                                                                                          
-
                                                                                                                                                          The pod labels added here will be added to the selector.matchLabels parameter in the workload definition. The following is an example YAML file:
                                                                                                                                                          
+
                                                                                                                                                          Pod Labels
                                                                                                                                                          When you create a workload on the console, the following labels are added to the pod by default. The value of app is the workload name.
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          Example YAML:
                                                                                                                                                          
 
                                                                                                                                                          ...
 spec:
   selector:
-    matchLabels:
-      app: nginx
-      version: v1
+    matchLabels:
+      app: nginx
+      version: v1
   template:
     metadata:
       labels:
@@ -50,11 +68,15 @@ spec:
         version: v1
     spec:
       ...
                                                                                                                                                          
+
                                                                                                                                                          You can also add other labels to the pod for affinity and anti-affinity scheduling. In the following figure, three pod labels (release, env, and role) are defined for workload APP 1, APP 2, and APP 3. The values of these labels vary with workload.
                                                                                                                                                          
+
                                                                                                                                                          • APP 1: [release:alpha;env:development;role:frontend]
                                                                                                                                                          • APP 2: [release:beta;env:testing;role:frontend]
                                                                                                                                                          • APP 3: [release:alpha;env:production;role:backend]
                                                                                                                                                          
+
                                                                                                                                                          Figure 1 Label example
                                                                                                                                                          
+
                                                                                                                                                          For example, if key/value is set to role/backend, APP 3 will be selected for affinity scheduling. For details, see Workload Affinity (podAffinity).
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          
-
                                                                                                                                                          Parent topic: Workloads
                                                                                                                                                          
+
                                                                                                                                                          Parent topic: Configuring a Container
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          
 
diff --git a/docs/cce/umn/cce_10_0388.html b/docs/cce/umn/cce_10_0388.html
index 42e2def09..faffb495d 100644
--- a/docs/cce/umn/cce_10_0388.html
+++ b/docs/cce/umn/cce_10_0388.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                          By default, CCE creates the following secrets in each namespace:
                                                                                                                                                          
 
                                                                                                                                                          • default-secret
                                                                                                                                                          • paas.elb
                                                                                                                                                          • default-token-xxxxx (xxxxx is a random number.)
                                                                                                                                                          
 
                                                                                                                                                          The functions of these secrets are described as follows.
                                                                                                                                                          
-
                                                                                                                                                          default-secret
                                                                                                                                                          The type of default-secret is kubernetes.io/dockerconfigjson. The data is the credential for logging in to the SWR image repository and is used to pull images from SWR. If you need to pull an image from SWR when creating a workload on CCE, set imagePullSecrets to default-secret.
                                                                                                                                                          
+
                                                                                                                                                          default-secret
                                                                                                                                                          The type of default-secret is kubernetes.io/dockerconfigjson. The data is the credential for logging in to the SWR image repository and is used to pull images from SWR. To pull an image from SWR when creating a workload on CCE, set imagePullSecrets to default-secret.
                                                                                                                                                          
 
                                                                                                                                                          apiVersion: v1                      
 kind: Pod                          
 metadata:
@@ -50,8 +50,8 @@ Namespace:           default
 Labels:              <none>
 Annotations:         <none>
 Image pull secrets:  <none>
-Mountable secrets:   default-token-vssmw
-Tokens:              default-token-vssmw
+Mountable secrets:   default-token-xxxxx
+Tokens:              default-token-xxxxx
 Events:              <none>
                                                                                                                                                          
 
                                                                                                                                                          
 
                                                                                                                                                          
diff --git a/docs/cce/umn/cce_10_0391.html b/docs/cce/umn/cce_10_0391.html
new file mode 100644
index 000000000..2fd683e6e
--- /dev/null
+++ b/docs/cce/umn/cce_10_0391.html
@@ -0,0 +1,22 @@
+
+
+
                                                                                                                                                          Local Persistent Volumes (Local PVs)
                                                                                                                                                          
+
                                                                                                                                                          
+
                                                                                                                                                          
+
+
diff --git a/docs/cce/umn/cce_10_0393.html b/docs/cce/umn/cce_10_0393.html
deleted file mode 100644
index 05d4838f7..000000000
--- a/docs/cce/umn/cce_10_0393.html
+++ /dev/null
@@ -1,24 +0,0 @@
-
-
-
                                                                                                                                                          Deployment Examples
                                                                                                                                                          
-
                                                                                                                                                          
-
                                                                                                                                                          
-
-
diff --git a/docs/cce/umn/cce_10_0396.html b/docs/cce/umn/cce_10_0396.html
deleted file mode 100644
index 1519bd294..000000000
--- a/docs/cce/umn/cce_10_0396.html
+++ /dev/null
@@ -1,72 +0,0 @@
-
-
-
                                                                                                                                                          Setting Basic Container Information
                                                                                                                                                          
-
                                                                                                                                                          A workload is an abstract model of a group of pods. One pod can encapsulate one or more containers. You can click Add Container in the upper right corner to add multiple container images and set them separately.
                                                                                                                                                          
-
                                                                                                                                                          
-
-
                                                                                                                                                          
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                          Table 1 Image parameters
                                                                                                                                                          Parameter
                                                                                                                                                          
-
                                                                                                                                                          Description
                                                                                                                                                          
-
                                                                                                                                                          Container Name
                                                                                                                                                          
-
                                                                                                                                                          Name the container.
                                                                                                                                                          
-
                                                                                                                                                          Image Name
                                                                                                                                                          
-
                                                                                                                                                          Click Select Image and select the image used by the container.
                                                                                                                                                          
-
                                                                                                                                                          If you need to use a third-party image, see Using a Third-Party Image.
                                                                                                                                                          
-
                                                                                                                                                          Image Tag
                                                                                                                                                          
-
                                                                                                                                                          Select the image tag to be deployed.
                                                                                                                                                          
-
                                                                                                                                                          Pull Policy
                                                                                                                                                          
-
                                                                                                                                                          Image update or pull policy. If you select Always, the image is pulled from the image repository each time. If you do not select Always, the existing image of the node is preferentially used. If the image does not exist, the image is pulled from the image repository.
                                                                                                                                                          
-
                                                                                                                                                          CPU Quota
                                                                                                                                                          
-
                                                                                                                                                          • Request: minimum number of CPU cores required by a container. The default value is 0.25 cores.
                                                                                                                                                          • Limit: maximum number of CPU cores available for a container. Do not leave Limit unspecified. Otherwise, intensive use of container resources will occur and your workload may exhibit unexpected behavior.
                                                                                                                                                          
-
                                                                                                                                                          Memory Quota
                                                                                                                                                          
-
                                                                                                                                                          • Request: minimum amount of memory required by a container. The default value is 512 MiB.
                                                                                                                                                          • Limit: maximum amount of memory available for a container. When memory usage exceeds the specified memory limit, the container will be terminated.
                                                                                                                                                          
-
                                                                                                                                                          For more information about Request and Limit, see Setting Container Specifications.
                                                                                                                                                          
-
                                                                                                                                                          GPU Quota
                                                                                                                                                          
-
                                                                                                                                                          It is configurable only when the cluster contains GPU nodes.
                                                                                                                                                          
-
                                                                                                                                                          • All: The GPU is not used.
                                                                                                                                                          • Dedicated: GPU resources are exclusively used by the container.
                                                                                                                                                          • Shared: percentage of GPU resources used by the container. For example, if this parameter is set to 10%, the container uses 10% of GPU resources.
                                                                                                                                                          
-
                                                                                                                                                          Privileged Container
                                                                                                                                                          
-
                                                                                                                                                          Programs in a privileged container have certain privileges.
                                                                                                                                                          
-
                                                                                                                                                          If Privileged Container is enabled, the container is assigned privileges. For example, privileged containers can manipulate network devices on the host machine and modify kernel parameters.
                                                                                                                                                          
-
                                                                                                                                                          Init Container
                                                                                                                                                          
-
                                                                                                                                                          Indicates whether to use the container as an init container.
                                                                                                                                                          
-
                                                                                                                                                          An init container is a special container that run before app containers in a pod. For details, see Init Container.
                                                                                                                                                          
-
                                                                                                                                                          
-
                                                                                                                                                          
-
                                                                                                                                                          
-
                                                                                                                                                          
-
                                                                                                                                                          
-
                                                                                                                                                          Parent topic: Configuring a Container
                                                                                                                                                          
-
                                                                                                                                                          
-
                                                                                                                                                          
-
diff --git a/docs/cce/umn/cce_10_0397.html b/docs/cce/umn/cce_10_0397.html
index f91b4cf78..a05555707 100644
--- a/docs/cce/umn/cce_10_0397.html
+++ b/docs/cce/umn/cce_10_0397.html
@@ -5,16 +5,63 @@
 
                                                                                                                                                          You can set different upgrade policies:
                                                                                                                                                          
 
                                                                                                                                                          • Rolling upgrade: New pods are created gradually and then old pods are deleted. This is the default policy.
                                                                                                                                                          • Replace upgrade: The current pods are deleted and then new pods are created.
                                                                                                                                                          
 
                                                                                                                                                          
-
                                                                                                                                                          Upgrade Parameters
                                                                                                                                                          • Max. Surge (maxSurge)
                                                                                                                                                            Specifies the maximum number of pods that can exist over spec.replicas. The default value is 25%. For example, if spec.replicas is set to 4, no more than 5 pods can exist during the upgrade process, that is, the upgrade step is 1. The absolute number is calculated from the percentage by rounding up. The value can also be set to an absolute number.
                                                                                                                                                            
-
                                                                                                                                                            This parameter is supported only by Deployments.
                                                                                                                                                            
-
                                                                                                                                                          • Max. Unavailable Pods (maxUnavailable)
                                                                                                                                                            Specifies the maximum number of pods that can be unavailable during the update process. The default value is 25%. For example, if spec.replicas is set to 4, at least 3 pods exist during the upgrade process, that is, the deletion step is 1. The value can also be set to an absolute number.
                                                                                                                                                            
-
                                                                                                                                                            This parameter is supported only by Deployments.
                                                                                                                                                            
-
                                                                                                                                                          • Min. Ready Seconds (minReadySeconds)
                                                                                                                                                            A pod is considered available only when the minimum readiness time is exceeded without any of its containers crashing. The default value is 0 (the pod is considered available immediately after it is ready).
                                                                                                                                                            
-
                                                                                                                                                          • Revision History Limit (revisionHistoryLimit)
                                                                                                                                                            Specifies the number of old ReplicaSets to retain to allow rollback. These old ReplicaSets consume resources in etcd and crowd the output of kubectl get rs. The configuration of each Deployment revision is stored in its ReplicaSets. Therefore, once the old ReplicaSet is deleted, you lose the ability to roll back to that revision of Deployment. By default, 10 old ReplicaSets will be kept, but the ideal value depends on the frequency and stability of the new Deployments.
                                                                                                                                                            
-
                                                                                                                                                          • Max. Upgrade Duration (progressDeadlineSeconds)
                                                                                                                                                            Specifies the number of seconds that the system waits for a Deployment to make progress before reporting a Deployment progress failure. It is surfaced as a condition with Type=Progressing, Status=False, and Reason=ProgressDeadlineExceeded in the status of the resource. The Deployment controller will keep retrying the Deployment. In the future, once automatic rollback will be implemented, the Deployment controller will roll back a Deployment as soon as it observes such a condition.
                                                                                                                                                            
+
                                                                                                                                                            Upgrade Parameters
                                                                                                                                                            
+
                                                                                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                            Parameter
                                                                                                                                                            
+
                                                                                                                                                            Description
                                                                                                                                                            
+
                                                                                                                                                            Constraint
                                                                                                                                                            
+
                                                                                                                                                            Max. Surge (maxSurge)
                                                                                                                                                            
+
                                                                                                                                                            Specifies the maximum number of pods that can exist compared with spec.replicas. The default value is 25%.
                                                                                                                                                            
+
                                                                                                                                                            For example, if spec.replicas is set to 4, a maximum of five pods can exist during the upgrade. That is, the upgrade is performed at a step of 1. During the actual upgrade, the value is converted into a number and rounded up. The value can also be set to an absolute number.
                                                                                                                                                            
+
                                                                                                                                                            This parameter is supported only by Deployments and DaemonSets.
                                                                                                                                                            
+
                                                                                                                                                            Max. Unavailable Pods (maxUnavailable)
                                                                                                                                                            
+
                                                                                                                                                            Specifies the maximum number of pods that can be unavailable compared with spec.replicas. The default value is 25%
                                                                                                                                                            
+
                                                                                                                                                            For example, if spec.replicas is set to 4, at least three pods exist during the upgrade. That is, the deletion is performed at a step of 1. The value can also be set to an absolute number.
                                                                                                                                                            
+
                                                                                                                                                            This parameter is supported only by Deployments and DaemonSets.
                                                                                                                                                            
+
                                                                                                                                                            Min. Ready Seconds (minReadySeconds)
                                                                                                                                                            
+
                                                                                                                                                            A pod is considered available only when the minimum readiness time is exceeded without any of its containers crashing. The default value is 0 (the pod is considered available immediately after it is ready).
                                                                                                                                                            
+
                                                                                                                                                            None
                                                                                                                                                            
+
                                                                                                                                                            Revision History Limit (revisionHistoryLimit)
                                                                                                                                                            
+
                                                                                                                                                            Specifies the number of old ReplicaSets to retain to allow rollback. These old ReplicaSets consume resources in etcd and crowd the output of kubectl get rs. The configuration of each Deployment revision is stored in its ReplicaSets. Therefore, once the old ReplicaSet is deleted, you lose the ability to roll back to that revision of Deployment. By default, 10 old ReplicaSets will be kept, but the ideal value depends on the frequency and stability of the new Deployments.
                                                                                                                                                            
+
                                                                                                                                                            None
                                                                                                                                                            
+
                                                                                                                                                            Max. Upgrade Duration (progressDeadlineSeconds)
                                                                                                                                                            
+
                                                                                                                                                            Specifies the number of seconds that the system waits for a Deployment to make progress before reporting a Deployment progress failure. It is surfaced as a condition with Type=Progressing, Status=False, and Reason=ProgressDeadlineExceeded in the status of the resource. The Deployment controller will keep retrying the Deployment. In the future, once automatic rollback will be implemented, the Deployment controller will roll back a Deployment as soon as it observes such a condition.
                                                                                                                                                            
 
                                                                                                                                                            If this parameter is specified, the value of this parameter must be greater than that of .spec.minReadySeconds.
                                                                                                                                                            
-
                                                                                                                                                          • Scale-In Time Window (terminationGracePeriodSeconds)
                                                                                                                                                            Graceful deletion time. The default value is 30 seconds. When a pod is deleted, a SIGTERM signal is sent and the system waits for the applications in the container to terminate. If the application is not terminated within the time specified by terminationGracePeriodSeconds, a SIGKILL signal is sent to forcibly terminate the pod.
                                                                                                                                                            
-
                                                                                                                                                            • 
+
                                                                                                                                                            None
                                                                                                                                                            
+
                                                                                                                                                            Scale-In Time Window (terminationGracePeriodSeconds)
                                                                                                                                                            
+
                                                                                                                                                            Graceful deletion time. The default value is 30 seconds. When a pod is deleted, a SIGTERM signal is sent and the system waits for the applications in the container to terminate. If the application is not terminated within the time specified by terminationGracePeriodSeconds, a SIGKILL signal is sent to forcibly terminate the pod.
                                                                                                                                                            
+
                                                                                                                                                            None
                                                                                                                                                            
+
                                                                                                                                                            
+
                                                                                                                                                            
 
                                                                                                                                                            
 
                                                                                                                                                            Upgrade Example
                                                                                                                                                            The Deployment can be upgraded in a declarative mode. That is, you only need to modify the YAML definition of the Deployment. For example, you can run the kubectl edit command to change the Deployment image to nginx:alpine. After the modification, query the ReplicaSet and pod. The query result shows that a new ReplicaSet is created and the pod is re-created.
                                                                                                                                                            
 
                                                                                                                                                            $ kubectl edit deploy nginx
diff --git a/docs/cce/umn/cce_10_0398.html b/docs/cce/umn/cce_10_0398.html
index 97e692cbb..7c80f150e 100644
--- a/docs/cce/umn/cce_10_0398.html
+++ b/docs/cce/umn/cce_10_0398.html
@@ -47,7 +47,7 @@ Address: 172.16.0.19
                                                                                                                                                            
 
                                                                                                                                                            
 
                                                                                                                                                            
 
                                                                                                                                                            
-
                                                                                                                                                            Parent topic: Services
                                                                                                                                                            
+
                                                                                                                                                            Parent topic: Service
                                                                                                                                                            
 
                                                                                                                                                            
 
                                                                                                                                                            
 
diff --git a/docs/cce/umn/cce_10_0399.html b/docs/cce/umn/cce_10_0399.html
index 340595cff..9e20769fd 100644
--- a/docs/cce/umn/cce_10_0399.html
+++ b/docs/cce/umn/cce_10_0399.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                            This section describes how to access an intranet from a container (outside the cluster in a VPC), including intra-VPC access and cross-VPC access.
                                                                                                                                                            
 
                                                                                                                                                            Intra-VPC Access
                                                                                                                                                            The performance of accessing an intranet from a container varies depending on the container network models of a cluster.
                                                                                                                                                            
 
                                                                                                                                                            • Container tunnel network
                                                                                                                                                              The container tunnel network encapsulates network data packets through tunnels based on the node network. A container can access other resources in the same VPC as long as the node can access the resources. If the access fails, check whether the security group of the peer resource allows access from the node where the container is located.
                                                                                                                                                              
-
                                                                                                                                                            • Cloud Native Network 2.0
                                                                                                                                                              In the Cloud Native Network 2.0 model, a container is assigned an IP address from the CIDR block of a VPC. The container CIDR block is the subnet of the VPC where the node is located. The container can naturally communicate with other addresses in the VPC. If the access fails, check whether the security group of peer resources allows the access from the container CIDR block.
                                                                                                                                                              
+
                                                                                                                                                            • Cloud Native 2.0 Network
                                                                                                                                                              In the Cloud Native 2.0 network model, a container is assigned an IP address from the CIDR block of a VPC. The container CIDR block is the subnet of the VPC where the node is located. The container can naturally communicate with other addresses in the VPC. If the access fails, check whether the security group of peer resources allows the access from the container CIDR block.
                                                                                                                                                              
 
                                                                                                                                                            • VPC network
                                                                                                                                                              The VPC network model uses VPC routes to forward container traffic. The container CIDR block and the node VPC are not in the same CIDR block. When a container accesses other resources in the same VPC, the security group of the peer resource must allow access of the container CIDR block.
                                                                                                                                                              
 
                                                                                                                                                              For example, the CIDR block where the cluster node resides is 192.168.10.0/24, and the container CIDR block is 172.16.0.0/16.
                                                                                                                                                              
 
                                                                                                                                                              There is an ECS whose IP address is 192.168.10.52 in the VPC (outside the cluster). The security group of the ECS allows access of only the CIDR block of the cluster node.
                                                                                                                                                              
@@ -34,7 +34,7 @@ PING 192.168.10.25 (192.168.10.25): 56 data bytes
 
                                                                                                                                                              Cross-VPC Access
                                                                                                                                                              Cross-VPC access is implemented by establishing a peering connection between VPCs.
                                                                                                                                                              
 
                                                                                                                                                              • In the container tunnel network model, a container can access the peer VPC only when the communication is enabled between the node network and the peer VPC.
                                                                                                                                                              • Cloud Native Network 2.0 is similar to the container tunnel network. You only need to enable the communication between the subnet where the container is located and the peer VPC.
                                                                                                                                                              • Each VPC network has an independent container CIDR block. In addition to the VPC CIDR block, the container CIDR block also needs to be connected.
                                                                                                                                                                Assume that there are two VPCs.
                                                                                                                                                                • vpc-demo: Its CIDR block is 192.168.0.0/16, the cluster is in vpc-demo, and the container CIDR block is 10.0.0.0/16.
                                                                                                                                                                • vpc-demo2: Its CIDR block is 10.1.0.0/16.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Create a peering connection named peering-demo (the local VPC is vpc-demo and the peer VPC is vpc-demo2). Add the container CIDR block to the route of the peer VPC.
                                                                                                                                                                
+
                                                                                                                                                                Create a peering connection named peering-demo (the local VPC is vpc-demo and the peer VPC is vpc-demo2). Add the container CIDR block to the route of the peer VPC.
                                                                                                                                                                
 
                                                                                                                                                                After this configuration, you can access the container CIDR block 10.0.0.0/16 in vpc-demo2. During the access, pay attention to the security group configuration and enable the port configuration.
                                                                                                                                                                
 
                                                                                                                                                              
 
                                                                                                                                                              
@@ -48,7 +48,7 @@ PING 192.168.10.25 (192.168.10.25): 56 data bytes
 
                                                                                                                                                            
 
                                                                                                                                                            
 
                                                                                                                                                            
-
                                                                                                                                                            Parent topic: Networking
                                                                                                                                                            
+
                                                                                                                                                            Parent topic: Network
                                                                                                                                                            
 
                                                                                                                                                            
 
                                                                                                                                                            
 
diff --git a/docs/cce/umn/cce_10_0400.html b/docs/cce/umn/cce_10_0400.html
index 3b74e67f6..2704b359e 100644
--- a/docs/cce/umn/cce_10_0400.html
+++ b/docs/cce/umn/cce_10_0400.html
@@ -1,28 +1,28 @@
 
 
 
                                                                                                                                                            Accessing Public Networks from a Container
                                                                                                                                                            
-
                                                                                                                                                            Containers can access public networks in either of the following ways:
                                                                                                                                                            
-
                                                                                                                                                            • Bind a public IP address to the node where the container is located if the network model is VPC network or tunnel network.
                                                                                                                                                            • Bind a public IP address to the pod. (When the Cloud Native Network 2.0 model is used, manually bind an EIP to the ENI or sub-ENI of the pod on the VPC console. This method is not recommended because the IP address of a pod changes after the pod is rescheduled. As a result, the new pod cannot access the public network.)
                                                                                                                                                            • Configure SNAT rules through NAT Gateway.
                                                                                                                                                            
-
                                                                                                                                                            You can use NAT Gateway to enable container pods in a VPC to access public networks. NAT Gateway provides source network address translation (SNAT), which translates private IP addresses to a public IP address by binding an elastic IP address (EIP) to the gateway, providing secure and efficient access to the Internet. Figure 1 shows the SNAT architecture. The SNAT function allows the container pods in a VPC to access the Internet without being bound to an EIP. SNAT supports a large number of concurrent connections, which makes it suitable for applications involving a large number of requests and connections.
                                                                                                                                                            
-
                                                                                                                                                            Figure 1 SNAT
                                                                                                                                                            
-
                                                                                                                                                            To enable a container pod to access the Internet, perform the following steps:
                                                                                                                                                            
-
                                                                                                                                                            1. Assign an EIP.
                                                                                                                                                              1. Log in to the management console.
                                                                                                                                                              2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                              3. Click  at the upper left corner and choose Networking > Elastic IP in the expanded list.
                                                                                                                                                              4. On the EIPs page, click Create EIP.
                                                                                                                                                              5. Set parameters as required.
                                                                                                                                                                 
                                                                                                                                                                Set Region to the region where container pods are located.
                                                                                                                                                                
+
                                                                                                                                                                Containers can access public networks in either of the following ways:
                                                                                                                                                                
+
                                                                                                                                                                • Bind an EIP to the node where the container is located if the network model is VPC or tunnel.
                                                                                                                                                                • Bind an EIP to the pod. (This function applies only to Cloud Native 2.0 clusters. To do so, manually bind an EIP to the ENI or sub-ENI of the pod on the VPC console. This method is not recommended because the IP address of a pod changes after the pod is rescheduled. As a result, the new pod cannot access the public network.)
                                                                                                                                                                • Configure SNAT rules through NAT Gateway.
                                                                                                                                                                
+
                                                                                                                                                                You can use NAT Gateway to enable container pods in a VPC to access public networks. NAT Gateway provides source network address translation (SNAT), which translates private IP addresses to a public IP address by binding an elastic IP address (EIP) to the gateway, providing secure and efficient access to the Internet. Figure 1 shows the SNAT architecture. The SNAT function allows the container pods in a VPC to access the Internet without being bound to an EIP. SNAT supports a large number of concurrent connections, which makes it suitable for applications involving a large number of requests and connections.
                                                                                                                                                                
+
                                                                                                                                                                Figure 1 SNAT
                                                                                                                                                                
+
                                                                                                                                                                To enable a container pod to access the Internet, perform the following steps:
                                                                                                                                                                
+
                                                                                                                                                                1. Assign an EIP.
                                                                                                                                                                  1. Log in to the management console.
                                                                                                                                                                  2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                  3. Click  at the upper left corner and choose Networking > Elastic IP in the expanded list.
                                                                                                                                                                  4. On the EIPs page, click Create EIP.
                                                                                                                                                                  5. Configure parameters as required.
                                                                                                                                                                     
                                                                                                                                                                    Set Region to the region where container pods are located.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                  
-
                                                                                                                                                                2. Create a NAT gateway.
                                                                                                                                                                  1. Log in to the management console.
                                                                                                                                                                  2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                  3. Click  at the upper left corner and choose Networking > NAT Gateway in the expanded list.
                                                                                                                                                                  4. On the displayed page, click Create Public NAT Gateway in the upper right corner.
                                                                                                                                                                  5. Set parameters as required.
                                                                                                                                                                     
                                                                                                                                                                    Select the same VPC.
                                                                                                                                                                    
+
                                                                                                                                                                  6. Create a NAT gateway.
                                                                                                                                                                    1. Log in to the management console.
                                                                                                                                                                    2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                    3. Click  at the upper left corner and choose Networking > NAT Gateway in the expanded list.
                                                                                                                                                                    4. On the displayed page, click Create Public NAT Gateway in the upper right corner.
                                                                                                                                                                    5. Configure parameters as required.
                                                                                                                                                                       
                                                                                                                                                                      Select the same VPC.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                    
-
                                                                                                                                                                  7. Configure an SNAT rule and bind the EIP to the subnet.
                                                                                                                                                                    1. Log in to the management console.
                                                                                                                                                                    2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                    3. Click  at the upper left corner and choose Networking > NAT Gateway in the expanded list.
                                                                                                                                                                    4. On the page displayed, click the name of the NAT gateway for which you want to add the SNAT rule.
                                                                                                                                                                    5. On the SNAT Rules tab page, click Add SNAT Rule.
                                                                                                                                                                    6. Set parameters as required.
                                                                                                                                                                    
-
                                                                                                                                                                     
                                                                                                                                                                    SNAT rules take effect by CIDR block. As different container network models use different communication modes, the subnet needs to be selected according to the following rules:
                                                                                                                                                                    
-
                                                                                                                                                                    • Tunnel network and VPC network: Select the subnet where the node is located, that is, the subnet selected during node creation.
                                                                                                                                                                    
-
                                                                                                                                                                    If there are multiple CIDR blocks, you can create multiple SNAT rules or customize a CIDR block as long as the CIDR block contains the node subnet.
                                                                                                                                                                    
+
                                                                                                                                                                  8. Configure an SNAT rule and bind the EIP to the subnet.
                                                                                                                                                                    1. Log in to the management console.
                                                                                                                                                                    2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                    3. Click  at the upper left corner and choose Networking > NAT Gateway in the expanded list.
                                                                                                                                                                    4. On the page displayed, click the name of the NAT gateway for which you want to add the SNAT rule.
                                                                                                                                                                    5. On the SNAT Rules tab page, click Add SNAT Rule.
                                                                                                                                                                    6. Set parameters as required.
                                                                                                                                                                    
+
                                                                                                                                                                     
                                                                                                                                                                    SNAT rules take effect by CIDR block. As different container network models use different communication modes, the subnet needs to be selected according to the following rules:
                                                                                                                                                                    
+
                                                                                                                                                                    • Tunnel network and VPC network: Select the subnet where the node is located, that is, the subnet selected during node creation.
                                                                                                                                                                    • Cloud Native Network 2.0: Select the subnet where the container is located, that is, the container subnet selected during cluster creation.
                                                                                                                                                                    
+
                                                                                                                                                                    If there are multiple CIDR blocks, you can create multiple SNAT rules or customize a CIDR block as long as the CIDR block contains the container subnet (Cloud Native 2.0 Network) or the node subnet.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    After the SNAT rule is configured, workloads can access public networks from the container. Public networks can be pinged from the container.
                                                                                                                                                                    
+
                                                                                                                                                                    After the SNAT rule is configured, workloads can access public networks from the container. Public networks can be pinged from the container.
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Parent topic: Networking
                                                                                                                                                                
+
                                                                                                                                                                Parent topic: Network
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_10_0402.html b/docs/cce/umn/cce_10_0402.html
index 0e079431c..f8b7e58f8 100644
--- a/docs/cce/umn/cce_10_0402.html
+++ b/docs/cce/umn/cce_10_0402.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                Host Network
                                                                                                                                                                
-
                                                                                                                                                                Scenario
                                                                                                                                                                Kubernetes allows pods to directly use the host/node network.
                                                                                                                                                                
+
                                                                                                                                                                Scenario
                                                                                                                                                                Kubernetes allows pods to directly use the host/node network. When a pod is configured with hostNetwork: true, applications running in the pod can directly view the network interface of the host where the pod is located.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Configuration
                                                                                                                                                                Add hostNetwork: true to the pod definition.
                                                                                                                                                                
 
                                                                                                                                                                apiVersion: apps/v1
@@ -30,7 +30,7 @@ NAME                    READY   STATUS    RESTARTS   AGE     IP          NODE
 nginx-6fdf99c8b-6wwft   1/1     Running   0          3m41s   10.1.0.55   10.1.0.55   <none>           <none>
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Precautions
                                                                                                                                                                If a pod uses the host network, it occupies a host port. The pod IP is the host IP. To use the host network, you must confirm pods do not conflict with each other in terms of the host ports they occupy. Do not use the host network unless you know exactly which host port is used by which pod.
                                                                                                                                                                
-
                                                                                                                                                                When using the host network, you access the node to access a pod on it. Therefore, you need to allow access from the security group port of the node. Otherwise, the access fails.
                                                                                                                                                                
+
                                                                                                                                                                When using the host network, you access the node to access a pod on it. Therefore, allow access from the security group port of the node. Otherwise, the access fails.
                                                                                                                                                                
 
                                                                                                                                                                In addition, using the host network requires you to reserve host ports for the pods. When using a Deployment to deploy pods of the hostNetwork type, ensure that the number of pods does not exceed the number of nodes. Otherwise, multiple pods will be scheduled onto the node, and they will fail to start due to port conflicts. For example, in the preceding example nginx YAML, if two pods (setting replicas to 2) are deployed in a cluster with only one node, one pod cannot be created. The pod logs will show that the Nginx cannot be started because the port is occupied.
                                                                                                                                                                
 
                                                                                                                                                                 
                                                                                                                                                                Do not schedule multiple pods that use the host network on the same node. Otherwise, when a ClusterIP Service is created to access a pod, the cluster IP address cannot be accessed.
                                                                                                                                                                
 
                                                                                                                                                                
@@ -76,7 +76,7 @@ nginx: [emerg] still could not bind()
 
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Parent topic: Networking
                                                                                                                                                                
+
                                                                                                                                                                Parent topic: Container Network Settings
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_10_0403.html b/docs/cce/umn/cce_10_0403.html
index 48a5d546d..4742bca1a 100644
--- a/docs/cce/umn/cce_10_0403.html
+++ b/docs/cce/umn/cce_10_0403.html
@@ -3,15 +3,15 @@
 
                                                                                                                                                                Changing Cluster Scale
                                                                                                                                                                
 
                                                                                                                                                                Scenario
                                                                                                                                                                CCE allows you to change the number of nodes managed in a cluster.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Notes and Constraints
                                                                                                                                                                • This function is supported for clusters of v1.15 and later versions.
                                                                                                                                                                • Starting from v1.15.11, the number of nodes in a cluster can be changed to 2000. The number of nodes in a single master node cannot be changed to 1000 or more.
                                                                                                                                                                • Currently, a cluster can only be scaled out to a larger specification, but cannot be scaled in.
                                                                                                                                                                • During the specifications change, master nodes will be powered off and on, and the cluster cannot run properly. Perform the change during off-peak hours.
                                                                                                                                                                • Changing the cluster scale does not affect the services running in the cluster. However, the control plane (master nodes) will be interrupted for a short period of time. You are advised not to perform any other operations (such as creating workloads) during the change.
                                                                                                                                                                • Change failures will trigger a cluster rollback to the normal state. If the rollback fails, submit a service ticket.
                                                                                                                                                                
+
                                                                                                                                                                Constraints
                                                                                                                                                                • This function is supported for clusters of v1.15 and later versions.
                                                                                                                                                                • Starting from v1.15.11, the number of nodes in a cluster can be changed to 2000. The number of nodes in a single master node cannot be changed to 1000 or more.
                                                                                                                                                                • Currently, a cluster can only be scaled out to a larger specification, but cannot be scaled in.
                                                                                                                                                                • During the specifications change, master nodes will be powered off and on, and the cluster cannot run properly. Perform the change during off-peak hours.
                                                                                                                                                                • Changing the cluster scale does not affect the services running in the cluster. However, the control plane (master nodes) will be interrupted for a short period of time. You are advised not to perform any other operations (such as creating workloads) during the change.
                                                                                                                                                                • Change failures will trigger a cluster rollback to the normal state. If the rollback fails, submit a service ticket.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Procedure
                                                                                                                                                                1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                                                                                2. Click  next to the cluster whose specifications need to be changed.
                                                                                                                                                                3. On the page displayed, select a new flavor for Target Flavor as required.
                                                                                                                                                                4. Click OK.
                                                                                                                                                                  You can click Operation Records in the upper left corner to view the cluster change history. The status changes from Executing to Successful, indicating that the cluster specifications are successfully changed.
                                                                                                                                                                  
+
                                                                                                                                                                  Procedure
                                                                                                                                                                  1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                                                                                  2. Click  next to the cluster whose specifications need to be modified.
                                                                                                                                                                  3. On the page displayed, select a new cluster scale.
                                                                                                                                                                  4. Click Next to confirm the specifications and click OK.
                                                                                                                                                                    You can click Operation Records in the upper left corner to view the cluster change history. The status changes from Executing to Successful, indicating that the cluster specifications are successfully changed.
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Parent topic: Clusters
                                                                                                                                                                
+
                                                                                                                                                                Parent topic: Managing a Cluster
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_10_0405.html b/docs/cce/umn/cce_10_0405.html
index bb9095753..80ee2f724 100644
--- a/docs/cce/umn/cce_10_0405.html
+++ b/docs/cce/umn/cce_10_0405.html
@@ -1,39 +1,41 @@
 
 
-
                                                                                                                                                                Cluster Patch Version Release Notes
                                                                                                                                                                
-
                                                                                                                                                                Version 1.25
                                                                                                                                                                
-
                                                                                                                                                                Table 1 Release notes of v1.25 patch
                                                                                                                                                                CCE Cluster Patch Version
                                                                                                                                                                
+
                                                                                                                                                                Release Notes for CCE Cluster Versions
                                                                                                                                                                
+
                                                                                                                                                                Version 1.25
                                                                                                                                                                 
                                                                                                                                                                All nodes in the CCE clusters of version 1.25, except the ones running EulerOS 2.5, use containerd by default.
                                                                                                                                                                
+
                                                                                                                                                                
+
+
                                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -41,50 +43,50 @@
 
                                                                                                                                                                Version 1.23
                                                                                                                                                                
-
                                                                                                                                                                Table 1 Release notes for the v1.25 patch
                                                                                                                                                                CCE Cluster Patch Version
                                                                                                                                                                
 
                                                                                                                                                                Kubernetes Version
                                                                                                                                                                
+
                                                                                                                                                                Kubernetes Version
                                                                                                                                                                
 
                                                                                                                                                                Feature Updates
                                                                                                                                                                
+
                                                                                                                                                                Feature Updates
                                                                                                                                                                
 
                                                                                                                                                                Optimization
                                                                                                                                                                
+
                                                                                                                                                                Optimization
                                                                                                                                                                
 
                                                                                                                                                                Vulnerability Fixing
                                                                                                                                                                
+
                                                                                                                                                                Vulnerability Fixing
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
 
                                                                                                                                                                v1.25.3-r0
                                                                                                                                                                
+
                                                                                                                                                                v1.25.3-r0
                                                                                                                                                                
 
                                                                                                                                                                v1.25.5
                                                                                                                                                                
+
                                                                                                                                                                v1.25.5
                                                                                                                                                                
 
                                                                                                                                                                -
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
 
                                                                                                                                                                Enhances the network stability when the specifications of CCE Turbo clusters are changed.
                                                                                                                                                                
+
                                                                                                                                                                Enhanced network stability of CCE Turbo clusters when their specifications are modified.
                                                                                                                                                                
 
                                                                                                                                                                Fixed some security issues.
                                                                                                                                                                
+
                                                                                                                                                                Fixed some security issues.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                v1.25.1-r0
                                                                                                                                                                
+
                                                                                                                                                                v1.25.1-r0
                                                                                                                                                                
 
                                                                                                                                                                v1.25.5
                                                                                                                                                                
+
                                                                                                                                                                v1.25.5
                                                                                                                                                                
 
                                                                                                                                                                The CCE v1.25 cluster is released for the first time. For more information, see CCE Kubernetes 1.25 Release Notes.
                                                                                                                                                                
+
                                                                                                                                                                CCE clusters of v1.25 are released for the first time. For more information, see Kubernetes 1.25 Release Notes.
                                                                                                                                                                
 
                                                                                                                                                                -
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
 
                                                                                                                                                                -
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
                                                                                                                                                                 
 
 
                                                                                                                                                                Table 2 Release notes of v1.23 patch
                                                                                                                                                                CCE Cluster Patch Version
                                                                                                                                                                
+
                                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -92,50 +94,50 @@
 
                                                                                                                                                                Version 1.21
                                                                                                                                                                
-
                                                                                                                                                                Table 2 Release notes for the v1.23 patch
                                                                                                                                                                CCE Cluster Patch Version
                                                                                                                                                                
 
                                                                                                                                                                Kubernetes Version
                                                                                                                                                                
+
                                                                                                                                                                Kubernetes Version
                                                                                                                                                                
 
                                                                                                                                                                Feature Updates
                                                                                                                                                                
+
                                                                                                                                                                Feature Updates
                                                                                                                                                                
 
                                                                                                                                                                Optimization
                                                                                                                                                                
+
                                                                                                                                                                Optimization
                                                                                                                                                                
 
                                                                                                                                                                Vulnerability Fixing
                                                                                                                                                                
+
                                                                                                                                                                Vulnerability Fixing
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
 
                                                                                                                                                                v1.23.8-r0
                                                                                                                                                                
+
                                                                                                                                                                v1.23.8-r0
                                                                                                                                                                
 
                                                                                                                                                                v1.23.11
                                                                                                                                                                
+
                                                                                                                                                                v1.23.11
                                                                                                                                                                
 
                                                                                                                                                                -
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
 
                                                                                                                                                                • Enhances Docker reliability during the upgrade.
                                                                                                                                                                • Optimizes the time synchronization of nodes.
                                                                                                                                                                
+
                                                                                                                                                                • Enhanced Docker reliability during upgrades.
                                                                                                                                                                • Optimized node time synchronization.
                                                                                                                                                                
 
                                                                                                                                                                Fixed some security issues.
                                                                                                                                                                
+
                                                                                                                                                                Fixed some security issues.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                v1.23.5-r0
                                                                                                                                                                
+
                                                                                                                                                                v1.23.5-r0
                                                                                                                                                                
 
                                                                                                                                                                v1.23.11
                                                                                                                                                                
+
                                                                                                                                                                v1.23.11
                                                                                                                                                                
 
                                                                                                                                                                • Supports device fault detection and isolation for GPU nodes.
                                                                                                                                                                • Supports custom security groups by cluster.
                                                                                                                                                                • The node-level, Trunkport ENIs can be pre-bound for CCE Turbo clusters.
                                                                                                                                                                • containerd is supported.
                                                                                                                                                                
+
                                                                                                                                                                • Fault detection and isolation are supported on GPU nodes.
                                                                                                                                                                • Security groups can be customized by cluster.
                                                                                                                                                                • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                                                                                                • containerd is supported.
                                                                                                                                                                
 
                                                                                                                                                                • The ETCD version of the master node is upgraded to the Kubernetes version 3.5.6.
                                                                                                                                                                • Scheduling is optimized. Pods are evenly distributed across AZs when pods are scaled in.
                                                                                                                                                                • The memory usage of kube-apiserver is optimized when CRDs are frequently updated.
                                                                                                                                                                
+
                                                                                                                                                                • The ETCD version of the master node has been upgraded to the Kubernetes version 3.5.6.
                                                                                                                                                                • Scheduling is optimized so that pods are evenly distributed across AZs after pods are scaled in.
                                                                                                                                                                • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.
                                                                                                                                                                
 
                                                                                                                                                                Fixed some security issues and the following CVE vulnerabilities:
                                                                                                                                                                
-
+
                                                                                                                                                                Fixed some security issues and the following CVE vulnerabilities:
                                                                                                                                                                
+
                                                                                                                                                                 		
 
                                                                                                                                                                v1.23.1-r0
                                                                                                                                                                
+
                                                                                                                                                                v1.23.1-r0
                                                                                                                                                                
 
                                                                                                                                                                v1.23.4
                                                                                                                                                                
+
                                                                                                                                                                v1.23.4
                                                                                                                                                                
 
                                                                                                                                                                The CCE v1.23 cluster is released for the first time. For more information, see CCE Kubernetes 1.23 Release Notes.
                                                                                                                                                                
+
                                                                                                                                                                CCE clusters of v1.23 are released for the first time. For more information, see Kubernetes 1.23 Release Notes.
                                                                                                                                                                
 
                                                                                                                                                                -
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
 
                                                                                                                                                                -
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
                                                                                                                                                                 
 
 
                                                                                                                                                                Table 3 Release notes of v1.21 patch
                                                                                                                                                                CCE Cluster Patch Version
                                                                                                                                                                
+
                                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -143,50 +145,62 @@
 
                                                                                                                                                                Version 1.19
                                                                                                                                                                
-
                                                                                                                                                                Table 3 Release notes for the v1.21 patch
                                                                                                                                                                CCE Cluster Patch Version
                                                                                                                                                                
 
                                                                                                                                                                Kubernetes Version
                                                                                                                                                                
+
                                                                                                                                                                Kubernetes Version
                                                                                                                                                                
 
                                                                                                                                                                Feature Updates
                                                                                                                                                                
+
                                                                                                                                                                Feature Updates
                                                                                                                                                                
 
                                                                                                                                                                Optimization
                                                                                                                                                                
+
                                                                                                                                                                Optimization
                                                                                                                                                                
 
                                                                                                                                                                Vulnerability Fixing
                                                                                                                                                                
+
                                                                                                                                                                Vulnerability Fixing
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
 
                                                                                                                                                                v1.21.10-r0
                                                                                                                                                                
+
                                                                                                                                                                v1.21.10-r0
                                                                                                                                                                
 
                                                                                                                                                                v1.21.14
                                                                                                                                                                
+
                                                                                                                                                                v1.21.14
                                                                                                                                                                
 
                                                                                                                                                                -
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
 
                                                                                                                                                                • Enhances Docker reliability during the upgrade.
                                                                                                                                                                • Optimizes the time synchronization of nodes.
                                                                                                                                                                • Optimizes the stability of pulling images when Docker is running after the node is restarted.
                                                                                                                                                                
+
                                                                                                                                                                • Enhanced Docker reliability during upgrades.
                                                                                                                                                                • Optimized node time synchronization.
                                                                                                                                                                • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
                                                                                                                                                                
 
                                                                                                                                                                Fixed some security issues.
                                                                                                                                                                
+
                                                                                                                                                                Fixed some security issues.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                v1.21.7-r0
                                                                                                                                                                
+
                                                                                                                                                                v1.21.7-r0
                                                                                                                                                                
 
                                                                                                                                                                v1.21.14
                                                                                                                                                                
+
                                                                                                                                                                v1.21.14
                                                                                                                                                                
 
                                                                                                                                                                • Supports device fault detection and isolation for GPU nodes.
                                                                                                                                                                • Supports custom security groups by cluster.
                                                                                                                                                                
+
                                                                                                                                                                • Fault detection and isolation are supported on GPU nodes.
                                                                                                                                                                • Security groups can be customized by cluster.
                                                                                                                                                                • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                                                                                                
 
                                                                                                                                                                The stability of the ELB and ingress is optimized during massive connections.
                                                                                                                                                                
+
                                                                                                                                                                Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
                                                                                                                                                                
 
                                                                                                                                                                Fixed some security issues and the following CVE vulnerabilities:
                                                                                                                                                                
-
+
                                                                                                                                                                Fixed some security issues and the following CVE vulnerabilities:
                                                                                                                                                                
+
                                                                                                                                                                 		
 
                                                                                                                                                                v1.21.1-r0
                                                                                                                                                                
+
                                                                                                                                                                v1.21.1-r0
                                                                                                                                                                
 
                                                                                                                                                                v1.21.7
                                                                                                                                                                
+
                                                                                                                                                                v1.21.7
                                                                                                                                                                
 
                                                                                                                                                                The CCE v1.21 cluster is released for the first time. For more information, see CCE Kubernetes 1.21 Release Notes.
                                                                                                                                                                
+
                                                                                                                                                                CCE clusters of v1.21 are released for the first time. For more information, see Kubernetes 1.21 Release Notes.
                                                                                                                                                                
 
                                                                                                                                                                -
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
 
                                                                                                                                                                -
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
                                                                                                                                                                 
 
 
                                                                                                                                                                Table 4 Release notes of v1.19 patch
                                                                                                                                                                CCE Cluster Patch Version
                                                                                                                                                                
+
                                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
diff --git a/docs/cce/umn/cce_10_0420.html b/docs/cce/umn/cce_10_0420.html
new file mode 100644
index 000000000..e435e6984
--- /dev/null
+++ b/docs/cce/umn/cce_10_0420.html
@@ -0,0 +1,78 @@
+
+
+
                                                                                                                                                                Deploying an Application Through the Helm v2 Client
                                                                                                                                                                
+
                                                                                                                                                                Prerequisites
                                                                                                                                                                The Kubernetes cluster created on CCE has been connected to kubectl. For details, see Using kubectl.
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Installing Helm v2
                                                                                                                                                                This section uses Helm v2.17.0 as an example.
                                                                                                                                                                
+
                                                                                                                                                                For other versions, visit https://github.com/helm/helm/releases.
                                                                                                                                                                
+
                                                                                                                                                                1. Download the Helm client from the VM connected to the cluster.
                                                                                                                                                                  wget https://get.helm.sh/helm-v2.17.0-linux-amd64.tar.gz
                                                                                                                                                                  
+
                                                                                                                                                                2. Decompress the Helm package.
                                                                                                                                                                  tar -xzvf helm-v2.17.0-linux-amd64.tar.gz
                                                                                                                                                                  
+
                                                                                                                                                                3. Copy Helm to the system path, for example, /usr/local/bin/helm.
                                                                                                                                                                  mv linux-amd64/helm /usr/local/bin/helm
                                                                                                                                                                  
+
                                                                                                                                                                4. RBAC is enabled on the Kubernetes API server. Create the service account name tiller for the tiller and assign cluster-admin, a system ClusterRole, to the tiller. Create a tiller resource account as follows:
                                                                                                                                                                  vim tiller-rbac.yaml
                                                                                                                                                                  apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tiller
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tiller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: tiller
+    namespace: kube-system
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                5. Deploy the tiller resource account.
                                                                                                                                                                  kubectl apply -f tiller-rbac.yaml
                                                                                                                                                                  
+
                                                                                                                                                                6. Initialize the Helm and deploy the pod of tiller.
                                                                                                                                                                  helm init --service-account tiller --skip-refresh
                                                                                                                                                                  
+
                                                                                                                                                                7. Query the status.
                                                                                                                                                                  kubectl get pod -n kube-system -l app=helm
                                                                                                                                                                  
+
                                                                                                                                                                  Command output:
                                                                                                                                                                  
+
                                                                                                                                                                  NAME                             READY   STATUS    RESTARTS   AGE
+tiller-deploy-7b56c8dfb7-fxk5g   1/1     Running   1          23h
                                                                                                                                                                  
+
                                                                                                                                                                8. Query the Helm version.
                                                                                                                                                                  # helm version
+Client: &version.Version{SemVer:"v2.17.0", GitCommit:"a690bad98af45b015bd3da1a41f6218b1a451dbe", GitTreeState:"clean"}
+Server: &version.Version{SemVer:"v2.17.0", GitCommit:"a690bad98af45b015bd3da1a41f6218b1a451dbe", GitTreeState:"clean"}
                                                                                                                                                                  
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Installing the Helm Chart
                                                                                                                                                                If the charts provided by CCE do not meet requirements, download a chart and install it.
                                                                                                                                                                
+
                                                                                                                                                                You can obtain the required chart in the stable directory on this website, download the chart, and upload it to the node.
                                                                                                                                                                1. Download and decompress the obtained chart. Generally, the chart is in ZIP format.
                                                                                                                                                                  unzip chart.zip
                                                                                                                                                                  
+
                                                                                                                                                                2. Install the Helm chart.
                                                                                                                                                                  helm install aerospike/
                                                                                                                                                                  
+
                                                                                                                                                                3. After the installation is complete, run the helm list command to check the status of the chart releases.
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Common Issues
                                                                                                                                                                • The following error message is displayed after the Helm version command is run:
                                                                                                                                                                  Client:
+&version.Version{SemVer:"v2.17.0",
+GitCommit:"a690bad98af45b015bd3da1a41f6218b1a451dbe", GitTreeState:"clean"}
+E0718 11:46:10.132102    7023 portforward.go:332] an error occurred
+forwarding 41458 -> 44134: error forwarding port 44134 to pod
+d566b78f997eea6c4b1c0322b34ce8052c6c2001e8edff243647748464cd7919, uid : unable
+to do port forwarding: socat not found.
+Error: cannot connect to Tiller
                                                                                                                                                                  
+
                                                                                                                                                                  The preceding information is displayed because the socat is not installed. Run the following command to install the socat:
                                                                                                                                                                  
+
                                                                                                                                                                  yum install socat -y
                                                                                                                                                                  
+
                                                                                                                                                                • When you run the yum install socat –y command on a node running EulerOS 2.9 , if the following error message is displayed:
                                                                                                                                                                  No match for argument: socat
                                                                                                                                                                  
+
                                                                                                                                                                  Error: Unable to find a match: socat
                                                                                                                                                                  
+
                                                                                                                                                                  The image does not contain socat. In this case, manually download the RPM chart and run the following command to install it (replace the RPM chart name with the actual one):
                                                                                                                                                                  
+
                                                                                                                                                                  rpm -i socat-1.7.3.2-8.oe1.x86_64.rpm
                                                                                                                                                                  
+
                                                                                                                                                                • When the socat has been installed and the following error message is displayed after the helm version command is run:
                                                                                                                                                                  test@local:~/k8s/helm/test$ helm version
+Client: &version.Version{SemVer:"v3.3.0", GitCommit:"021cb0ac1a1b2f888144ef5a67b8dab6c2d45be6", GitTreeState:"clean"}
+Error: cannot connect to Tiller
                                                                                                                                                                  
+
                                                                                                                                                                  The Helm chart reads the configuration certificate from the .Kube/config file to communicate with Kubernetes. The preceding error indicates that the kubectl configuration is incorrect. In this case, reconnect the cluster to kubectl. For details, see Using kubectl.
                                                                                                                                                                  
+
                                                                                                                                                                • Storage fails to be created after you have connected to cloud storage services.
                                                                                                                                                                  This issue may be caused by the annotation field in the created PVC. Change the chart name and install the chart again.
                                                                                                                                                                  
+
                                                                                                                                                                • If kubectl is not properly configured, the following error message is displayed after the helm install command is run:
                                                                                                                                                                  [root@prometheus-57046 ~]# helm install prometheus/ --generate-name
+WARNING: This chart is deprecated
+Error: Kubernetes cluster unreachable: Get "http://localhost:8080/version?timeout=32s": dial tcp [::1]:8080: connect: connection refused
                                                                                                                                                                  
+
                                                                                                                                                                  Solution: Configure kubeconfig for the node. For details, see Using kubectl.
                                                                                                                                                                  
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Parent topic: Helm Chart
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0421.html b/docs/cce/umn/cce_10_0421.html
new file mode 100644
index 000000000..1b98b4c74
--- /dev/null
+++ b/docs/cce/umn/cce_10_0421.html
@@ -0,0 +1,30 @@
+
+
+
                                                                                                                                                                Differences Between Helm v2 and Helm v3 and Adaptation Solutions
                                                                                                                                                                
+
                                                                                                                                                                Helm v2 stops at version 2.17.0. Currently, Helm v3 is the standard in the Helm community. You are advised to switch your charts to Helm v3 format as soon as possible.
                                                                                                                                                                
+
                                                                                                                                                                Changes since Helm v2:
                                                                                                                                                                
+
                                                                                                                                                                1. Removal of Tiller
                                                                                                                                                                  Helm v3 is simpler and easier to use. It removes tiller and directly connects to the API server using kubeconfig, simplifying the security model.
                                                                                                                                                                  
+
                                                                                                                                                                2. Improved upgrade strategy: 3-way strategic merge patches
                                                                                                                                                                  Helm v2 used a two-way strategic merge patch. During an upgrade, it compared the most recent chart's manifest against the proposed chart's manifest to determine what changes needed to be applied to the resources in Kubernetes. If changes were applied to the cluster out-of-band (such as during a kubectl edit), those changes were not considered. This resulted in resources being unable to roll back to its previous state.
                                                                                                                                                                  
+
                                                                                                                                                                  Helm v3 uses a three-way strategic merge patch. Helm considers the old manifest, its live state, and the new manifest when generating a patch. Helm compares the current live state with the live state of the old manifest, checks whether the new manifest is modified, and automatically supplements the new manifest to generate the final update patch.
                                                                                                                                                                  
+
                                                                                                                                                                  For details and examples, see https://v3.helm.sh/docs/faq/changes_since_helm2.
                                                                                                                                                                  
+
                                                                                                                                                                3. Secrets as the default storage driver
                                                                                                                                                                  Helm v2 used ConfigMaps by default to store release information. In Helm v3, Secrets are now used as the default storage driver.
                                                                                                                                                                  
+
                                                                                                                                                                4. Release names are now scoped to the namespace
                                                                                                                                                                  In Helm v2, the information about each release was stored in the same namespace as Tiller. In practice, this meant that once a name was used by a release, no other release could use that same name, even if it was deployed in a different namespace. In Helm v3, information about a particular release is now stored in the same namespace as the release itself. This means that the release name can be used in different namespaces. The namespace of the application is the same as that of the release.
                                                                                                                                                                  
+
                                                                                                                                                                5. Verification mode change
                                                                                                                                                                  Helm v3 verifies the chart format more strictly. For example, Helm v3 bumps the apiVersion in Chart.yaml from v1 to v2. For the Chart.yaml of v2, apiVersion must be set to v1. After installing the Helm v3 client, you can run the helm lint command to check whether the chart format complies with the Helm v3 specifications.
                                                                                                                                                                  
+
                                                                                                                                                                  Adaptation solution: Adapt the Helm v3 chart based on the Helm official document https://helm.sh/docs/topics/charts/. The apiVersion field is mandatory.
                                                                                                                                                                  
+
                                                                                                                                                                6. Removal of the crd-install hook
                                                                                                                                                                  The crd-install hook has been removed in favor of the crds/ directory in Helm v3. Note that the resources in the crds/ directory are deployed only during the release installation and are not updated during the upgrade. When the resources are deleted, the resources are retained in the crds/ directory. If the CRD already exists, it will be skipped with a warning during the repeated installation.
                                                                                                                                                                  
+
                                                                                                                                                                  Adaptation solution: According to the Helm document, you can hold your CRD in the crds/ directory or a separate chart. Helm cannot upgrade or delete the CRD. Therefore, you are advised to put the CRD in one chart, and then put any resources that use that CRD in another chart.
                                                                                                                                                                  
+
                                                                                                                                                                7. Resources that are not created using Helm are not forcibly updated. Releases are not forcibly upgraded by default.
                                                                                                                                                                  The forcible upgrade logic of Helm v3 is changed. After the upgrade fails, the system does not delete and rebuild the Helm v3. Instead, the system directly uses the put logic. Therefore, the CCE release upgrade uses the non-forcible update logic by default. Resources that cannot be updated through patches will make the release unable to be upgraded. If a release with the same name exists in the environment and does not have the home tag app.kubernetes.io/managed-by: Helm of Helm v3, a conflict message is displayed.
                                                                                                                                                                  
+
                                                                                                                                                                  Adaptation solution: Delete related resources and create them using Helm.
                                                                                                                                                                  
+
                                                                                                                                                                8. Limit on release historical records
                                                                                                                                                                  Only the latest 10 release versions are retained by default.
                                                                                                                                                                  
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                For more changes and details, see Helm official documents.
                                                                                                                                                                
+
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Parent topic: Helm Chart
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0422.html b/docs/cce/umn/cce_10_0422.html
new file mode 100644
index 000000000..9fe26f461
--- /dev/null
+++ b/docs/cce/umn/cce_10_0422.html
@@ -0,0 +1,103 @@
+
+
+
                                                                                                                                                                Converting a Release from Helm v2 to v3
                                                                                                                                                                
+
                                                                                                                                                                Context
                                                                                                                                                                CCE fully supports Helm v3. This section guides you to convert a Helm v2 release to Helm v3. Helm v3 discards or reconstructs some Helm v2 functions at the bottom layer. Therefore, the conversion is risky to some extent. Simulation is required before conversion.
                                                                                                                                                                
+
                                                                                                                                                                For details, see the community documentation.
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Precautions
                                                                                                                                                                • Helm v2 stores release information in ConfigMaps. Helm v3 does so in secrets.
                                                                                                                                                                • When you query, update, or operate a Helm v2 release on the CCE console, CCE will attempt to convert the release to v3. If you operate in the background, convert the release by following the instructions below.
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Conversion Process (Without Using the Helm v3 Client)
                                                                                                                                                                1. Download the helm 2to3 conversion plug-in on the CCE node.
                                                                                                                                                                  wget https://github.com/helm/helm-2to3/releases/download/v0.10.2/helm-2to3_0.10.2_linux_amd64.tar.gz
                                                                                                                                                                  
+
                                                                                                                                                                1. Decompress the plug-in package.
                                                                                                                                                                  tar -xzvf helm-2to3_0.10.2_linux_amd64.tar.gz
                                                                                                                                                                  
+
                                                                                                                                                                1. Perform the simulated conversion.
                                                                                                                                                                  Take the test-convert release as an example. Run the following command to simulate the conversion: If the following information is displayed, the simulation is successful.
                                                                                                                                                                  
+
                                                                                                                                                                  # ./2to3 convert --dry-run --tiller-out-cluster -s configmaps test-convert
+NOTE: This is in dry-run mode, the following actions will not be executed.
+Run without --dry-run to take the actions described below:
+Release "test-convert" will be converted from Helm v2 to Helm v3.
+[Helm 3] Release "test-convert" will be created.
+[Helm 3] ReleaseVersion "test-convert.v1" will be created.
                                                                                                                                                                  
+
                                                                                                                                                                2. Perform the conversion. If the following information is displayed, the conversion is successful.
                                                                                                                                                                  # ./2to3 convert --tiller-out-cluster -s configmaps test-convert
+Release "test-convert" will be converted from Helm v2 to Helm v3.
+[Helm 3] Release "test-convert" will be created.
+[Helm 3] ReleaseVersion "test-convert.v1" will be created.
+[Helm 3] ReleaseVersion "test-convert.v1" created.
+[Helm 3] Release "test-convert" created.
+Release "test-convert" was converted successfully from Helm v2 to Helm v3.
+Note: The v2 release information still remains and should be removed to avoid conflicts with the migrated v3 release.
+v2 release information should only be removed using `helm 2to3` cleanup and when all releases have been migrated over.
                                                                                                                                                                  
+
                                                                                                                                                                3. After the conversion is complete, simulate the resource clearance. After the simulation, clear the v2 release resources.
                                                                                                                                                                  Simulated clearance:
                                                                                                                                                                  
+
                                                                                                                                                                  # ./2to3 cleanup --dry-run --tiller-out-cluster -s configmaps --name test-convert
+NOTE: This is in dry-run mode, the following actions will not be executed.
+Run without --dry-run to take the actions described below:
+WARNING: "Release 'test-convert' Data" will be removed. 
+ 
+[Cleanup/confirm] Are you sure you want to cleanup Helm v2 data? [y/N]: y
+Helm v2 data will be cleaned up.
+[Helm 2] Release 'test-convert' will be deleted.
+[Helm 2] ReleaseVersion "test-convert.v1" will be deleted.
                                                                                                                                                                  
+
                                                                                                                                                                  Formal clearance:
                                                                                                                                                                  
+
                                                                                                                                                                  # ./2to3 cleanup --tiller-out-cluster -s configmaps --name test-convert
+WARNING: "Release 'test-convert' Data" will be removed. 
+ 
+[Cleanup/confirm] Are you sure you want to cleanup Helm v2 data? [y/N]: y
+Helm v2 data will be cleaned up.
+[Helm 2] Release 'test-convert' will be deleted.
+[Helm 2] ReleaseVersion "test-convert.v1" will be deleted.
+[Helm 2] ReleaseVersion "test-convert.v1" d
                                                                                                                                                                  
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Conversion Process (Using the Helm v3 Client)
                                                                                                                                                                1. Install the Helm v3 client. For details, see Installing Helm v3.
                                                                                                                                                                2. Install the conversion plug-in.
                                                                                                                                                                  # helm plugin install https://github.com/helm/helm-2to3
+Downloading and installing helm-2to3 v0.10.2 ...
+https://github.com/helm/helm-2to3/releases/download/v0.10.2/helm-2to3_0.10.2_linux_amd64.tar.gz
+Installed plugin: 2to3
                                                                                                                                                                  
+
                                                                                                                                                                3. Check whether the plug-in has been installed.
                                                                                                                                                                  # helm plugin list
+NAME VERSION DESCRIPTION                                                               
+2to3  0.10.2      migrate and cleanup Helm v2 configuration and releases in-place to Helm v3
                                                                                                                                                                  
+
                                                                                                                                                                4. Perform the simulated conversion.
                                                                                                                                                                  Take the test-convert release as an example. Run the following command to simulate the conversion: If the following information is displayed, the simulated conversion is successful.
                                                                                                                                                                  
+
                                                                                                                                                                  # helm 2to3 convert --dry-run --tiller-out-cluster -s configmaps test-convert
+NOTE: This is in dry-run mode, the following actions will not be executed.
+Run without --dry-run to take the actions described below:
+Release "test-convert" will be converted from Helm v2 to Helm v3.
+[Helm 3] Release "test-convert" will be created.
+[Helm 3] ReleaseVersion "test-convert.v1" will be created.
                                                                                                                                                                  
+
                                                                                                                                                                5. Perform the conversion. If the following information is displayed, the conversion is successful.
                                                                                                                                                                  # helm 2to3 convert --tiller-out-cluster -s configmaps test-convert
+Release "test-convert" will be converted from Helm v2 to Helm v3.
+[Helm 3] Release "test-convert" will be created.
+[Helm 3] ReleaseVersion "test-convert.v1" will be created.
+[Helm 3] ReleaseVersion "test-convert.v1" created.
+[Helm 3] Release "test-convert" created.
+Release "test-convert" was converted successfully from Helm v2 to Helm v3.
+Note: The v2 release information still remains and should be removed to avoid conflicts with the migrated v3 release.
+v2 release information should only be removed using `helm 2to3` cleanup and when all releases have been migrated over.
                                                                                                                                                                  
+
                                                                                                                                                                6. After the conversion, you can view the converted release by running helm list.
                                                                                                                                                                  # helm list
+NAME                NAMESPACE    REVISION UPDATED                           STATUS      CHART              APP VERSION
+test-convert      default   1                2022-08-29 06:56:28.166918487 +0000 UTC       deployed    test-helmold-1 
                                                                                                                                                                  
+
                                                                                                                                                                7. After the conversion is complete, simulate the resource clearance. After the simulation, clear the v2 release resources.
                                                                                                                                                                  Simulated clearance:
                                                                                                                                                                  
+
                                                                                                                                                                  # helm 2to3 cleanup --dry-run --tiller-out-cluster -s configmaps --name test-convert
+NOTE: This is in dry-run mode, the following actions will not be executed.
+Run without --dry-run to take the actions described below:
+WARNING: "Release 'test-convert' Data" will be removed. 
+ 
+[Cleanup/confirm] Are you sure you want to cleanup Helm v2 data? [y/N]: y
+Helm v2 data will be cleaned up.
+[Helm 2] Release 'test-convert' will be deleted.
+[Helm 2] ReleaseVersion "test-convert.v1" will be deleted.
                                                                                                                                                                  
+
                                                                                                                                                                  Formal clearance:
                                                                                                                                                                  
+
                                                                                                                                                                  # helm 2to3 cleanup --tiller-out-cluster -s configmaps --name test-convert
+WARNING: "Release 'test-convert' Data" will be removed. 
+ 
+[Cleanup/confirm] Are you sure you want to cleanup Helm v2 data? [y/N]: y
+Helm v2 data will be cleaned up.
+[Helm 2] Release 'test-convert' will be deleted.
+[Helm 2] ReleaseVersion "test-convert.v1" will be deleted.
+[Helm 2] ReleaseVersion "test-convert.v1" deleted.
+[Helm 2] Release 'test-convert' deleted.
+Helm v2 data was cleaned up successfully.
                                                                                                                                                                  
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Parent topic: Helm Chart
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0423.html b/docs/cce/umn/cce_10_0423.html
index 1aa96fa11..3528ccc05 100644
--- a/docs/cce/umn/cce_10_0423.html
+++ b/docs/cce/umn/cce_10_0423.html
@@ -1,19 +1,16 @@
 
 
-
-  
                                                                                                                                                                Volcano Scheduling
                                                                                                                                                                
-
-  
                                                                                                                                                                
+
                                                                                                                                                                Volcano Scheduling
                                                                                                                                                                
+
                                                                                                                                                                
 
                                                                                                                                                                
-
 
 
diff --git a/docs/cce/umn/cce_10_0425.html b/docs/cce/umn/cce_10_0425.html
new file mode 100644
index 000000000..189a0dfec
--- /dev/null
+++ b/docs/cce/umn/cce_10_0425.html
@@ -0,0 +1,263 @@
+
+
+
                                                                                                                                                                NUMA Affinity Scheduling
                                                                                                                                                                
+
                                                                                                                                                                Background
                                                                                                                                                                When the node runs many CPU-bound pods, the workload can move to different CPU cores depending on whether the pod is throttled and which CPU cores are available at scheduling time. Many workloads are not sensitive to this migration and thus work fine without any intervention. However, in workloads where CPU cache affinity and scheduling latency significantly affect workload performance, the kubelet allows alternative CPU management policies to determine some placement preferences on the node.
                                                                                                                                                                
+
                                                                                                                                                                Both the CPU Manager and Topology Manager are kubelet components, but they have the following limitations:
                                                                                                                                                                
+
                                                                                                                                                                • The scheduler is not topology-aware. Therefore, the workload may be scheduled on a node and then fail on the node due to the Topology Manager. This is unacceptable for TensorFlow jobs. If any worker or ps failed on node, the job will fail.
                                                                                                                                                                • The managers are node-level that results in an inability to match the best node for NUMA topology in the whole cluster.
                                                                                                                                                                
+
                                                                                                                                                                For more information, see https://github.com/volcano-sh/volcano/blob/master/docs/design/numa-aware.md.
                                                                                                                                                                
+
                                                                                                                                                                Volcano targets to resolve the limitation to make scheduler NUMA topology aware so as to achieve the following:
                                                                                                                                                                
+
                                                                                                                                                                • Do not schedule pods to the nodes which NUMA topology does not match.
                                                                                                                                                                • Schedule pods to the best node for NUMA topology.
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Application Scope
                                                                                                                                                                • Support CPU resource topology scheduling
                                                                                                                                                                • Support pod-level topology policies
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Scheduling Prediction
                                                                                                                                                                For pods with the topology policy, predicate the matched node list.
                                                                                                                                                                
+
+
                                                                                                                                                                Table 4 Release notes of the v1.19 patch
                                                                                                                                                                CCE Cluster Patch Version
                                                                                                                                                                
 
                                                                                                                                                                Kubernetes Version
                                                                                                                                                                
+
                                                                                                                                                                Kubernetes Version
                                                                                                                                                                
 
                                                                                                                                                                Feature Updates
                                                                                                                                                                
+
                                                                                                                                                                Feature Updates
                                                                                                                                                                
 
                                                                                                                                                                Optimization
                                                                                                                                                                
+
                                                                                                                                                                Optimization
                                                                                                                                                                
 
                                                                                                                                                                Vulnerability Fixing
                                                                                                                                                                
+
                                                                                                                                                                Vulnerability Fixing
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
 
                                                                                                                                                                v1.19.16-r20
                                                                                                                                                                
+
                                                                                                                                                                v1.19.16-r20
                                                                                                                                                                
 
                                                                                                                                                                v1.19.16
                                                                                                                                                                
+
                                                                                                                                                                v1.19.16
                                                                                                                                                                
 
                                                                                                                                                                -
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
 
                                                                                                                                                                • Cloud Native 2.0 Network supports the subnet specified by the namespace.
                                                                                                                                                                • Optimizes the stability of pulling images when Docker is running after the node is restarted.
                                                                                                                                                                • Optimizes the ENI allocation performance of CCE Turbo clusters in non-full pre-binding scenarios.
                                                                                                                                                                
+
                                                                                                                                                                • Cloud Native 2.0 Networks allow you to specify subnets for a namespace.
                                                                                                                                                                • Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.
                                                                                                                                                                • Optimized the performance of CCE Turbo clusters in allocating ENIs if not all ENIs are pre-bound.
                                                                                                                                                                
 
                                                                                                                                                                Fixed some security issues.
                                                                                                                                                                
+
                                                                                                                                                                Fixed some security issues.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                v1.19.16-r4
                                                                                                                                                                
+
                                                                                                                                                                v1.19.16-r4
                                                                                                                                                                
 
                                                                                                                                                                v1.19.16
                                                                                                                                                                
+
                                                                                                                                                                v1.19.16
                                                                                                                                                                
 
                                                                                                                                                                • Supports device fault detection and isolation for GPU nodes.
                                                                                                                                                                • Supports custom security groups by cluster.
                                                                                                                                                                
+
                                                                                                                                                                • Fault detection and isolation are supported on GPU nodes.
                                                                                                                                                                • Security groups can be customized by cluster.
                                                                                                                                                                • CCE Turbo clusters support ENIs pre-binding by node.
                                                                                                                                                                
 
                                                                                                                                                                • Scheduling is optimized in the node taint scenario.
                                                                                                                                                                • The stability of the ELB and ingress is optimized during massive connections.
                                                                                                                                                                • The memory usage of kube-apiserver is optimized when CRDs are frequently updated.
                                                                                                                                                                
+
                                                                                                                                                                • Scheduling is optimized on taint nodes.
                                                                                                                                                                • Enhanced the long-term running stability of containerd when cores are bound.
                                                                                                                                                                • Improved the stability of LoadBalancer Services/ingresses with a large number of connections.
                                                                                                                                                                • Optimized the memory usage of kube-apiserver when CRDs are frequently updated.
                                                                                                                                                                
 
                                                                                                                                                                Fixed some security issues and the following CVE vulnerabilities:
                                                                                                                                                                
-
+
                                                                                                                                                                Fixed some security issues and the following CVE vulnerabilities:
                                                                                                                                                                
+
                                                                                                                                                                 		
 
                                                                                                                                                                v1.19.10-r0
                                                                                                                                                                
+
                                                                                                                                                                v1.19.16-r0
                                                                                                                                                                
 
                                                                                                                                                                v1.19.10
                                                                                                                                                                
+
                                                                                                                                                                v1.19.16
                                                                                                                                                                
 
                                                                                                                                                                The CCE v1.19 cluster is released for the first time. For more information, see CCE Kubernetes 1.19 Release Notes.
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
 
                                                                                                                                                                -
                                                                                                                                                                
+
                                                                                                                                                                Enhanced the stability in updating LoadBalancer Services when workloads are upgraded and nodes are scaled in or out.
                                                                                                                                                                
 
                                                                                                                                                                -
                                                                                                                                                                
+
                                                                                                                                                                Fixed some security issues and the following CVE vulnerabilities:
                                                                                                                                                                
+
+
                                                                                                                                                                v1.19.10-r0
                                                                                                                                                                
+
                                                                                                                                                                v1.19.10
                                                                                                                                                                
+
                                                                                                                                                                CCE clusters of v1.19 are released for the first time. For more information, see Kubernetes 1.19 Release Notes.
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
+
                                                                                                                                                                None
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
 
                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                policy
                                                                                                                                                                
+
                                                                                                                                                                action
                                                                                                                                                                
+
                                                                                                                                                                none
                                                                                                                                                                
+
                                                                                                                                                                1. No filter action
                                                                                                                                                                
+
                                                                                                                                                                best-effort
                                                                                                                                                                
+
                                                                                                                                                                1. Filter out the node with the topology policy best-effort.
                                                                                                                                                                
+
                                                                                                                                                                restricted
                                                                                                                                                                
+
                                                                                                                                                                1. Filter out the node with the topology policy restricted.
                                                                                                                                                                
+
                                                                                                                                                                2. Filter out the node that the CPU topology meets the CPU requirements for restricted.
                                                                                                                                                                
+
                                                                                                                                                                single-numa-node
                                                                                                                                                                
+
                                                                                                                                                                1. Filter out the node with the topology policy single-numa-node.
                                                                                                                                                                
+
                                                                                                                                                                2. Filter out the node that the CPU topology meets the CPU requirements for single-numa-node.
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Figure 1 Comparison of NUMA scheduling policies
                                                                                                                                                                
+
+
                                                                                                                                                                Scheduling Priority
                                                                                                                                                                Topology policy aims to schedule pods to the optimal node. In this example, each node is scored to sort out the optimal node.
                                                                                                                                                                
+
                                                                                                                                                                Principle: Schedule pods to the worker nodes that require the fewest NUMA nodes.
                                                                                                                                                                
+
                                                                                                                                                                The scoring formula is as follows:
                                                                                                                                                                
+
                                                                                                                                                                score = weight * (100 - 100 * numaNodeNum / maxNumaNodeNum)
                                                                                                                                                                
+
                                                                                                                                                                Parameter description:
                                                                                                                                                                
+
                                                                                                                                                                • weight: indicates the weight of NUMA Aware Plugin.
                                                                                                                                                                • numaNodeNum: indicates the number of NUMA nodes required for running the pod on the worker node.
                                                                                                                                                                • maxNumaNodeNum: indicates the maximum number of NUMA nodes in a pod of all worker nodes.
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Enabling Volcano to Support NUMA Affinity Scheduling
                                                                                                                                                                1. Enable the CPU management policy. For details, see Enabling the CPU Management Policy.
                                                                                                                                                                2. Configure a CPU topology policy.
                                                                                                                                                                  1. Log in to the CCE console, click the cluster name, access the cluster details page, and choose Nodes in the navigation pane. On the page displayed, click the Node Pools tab. Choose More > Manage in the Operation column of the target node pool.
                                                                                                                                                                  2. Change the value of topology-manager-policy under kubelet to the required CPU topology policy. As shown in the following figure, the CPU topology policy is best-effort.
                                                                                                                                                                    The valid topology policies are none, best-effort, restricted, and single-numa-node. For details about these policies, see Scheduling Prediction.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                  
+
                                                                                                                                                                3. Enable the numa-aware add-on and the resource_exporter function.
                                                                                                                                                                  volcano 1.7.1 or later
                                                                                                                                                                  
+
                                                                                                                                                                  1. Log in to the CCE console and access the cluster console. In the navigation pane, choose Add-ons. On the right of the page, locate the volcano add-on and click Edit. In the Parameters area, configure Volcano scheduler parameters.
                                                                                                                                                                    {
+    "ca_cert": "",
+    "default_scheduler_conf": {
+        "actions": "allocate, backfill",
+        "tiers": [
+            {
+                "plugins": [
+                    {
+                        "name": "priority"
+                    },
+                    {
+                        "name": "gang"
+                    },
+                    {
+                        "name": "conformance"
+                    }
+                ]
+            },
+            {
+                "plugins": [
+                    {
+                        "name": "drf"
+                    },
+                    {
+                        "name": "predicates"
+                    },
+                    {
+                        "name": "nodeorder"
+                    }
+                ]
+            },
+            {
+                "plugins": [
+                    {
+                        "name": "cce-gpu-topology-predicate"
+                    },
+                    {
+                        "name": "cce-gpu-topology-priority"
+                    },
+                    {
+                        "name": "cce-gpu"
+                    },
+                    {
+                        // add this also enable resource_exporter
+                        "name": "numa-aware", 
+                        // the weight of the NUMA Aware Plugin
+                        "arguments": { 
+                           "weight": "10"
+                        }
+                    }
+                ]
+            },
+            {
+                "plugins": [
+                    {
+                        "name": "nodelocalvolume"
+                    },
+                    {
+                        "name": "nodeemptydirvolume"
+                    },
+                    {
+                        "name": "nodeCSIscheduling"
+                    },
+                    {
+                        "name": "networkresource"
+                    }
+                ]
+            }
+        ]
+    },
+    "server_cert": "",
+    "server_key": ""
+}
                                                                                                                                                                    
+
                                                                                                                                                                  
+
                                                                                                                                                                  volcano earlier than 1.7.1
                                                                                                                                                                  1. The resource_exporter_enable parameter is enabled for the volcano add-on to collect node NUMA information.
                                                                                                                                                                    {
+   "plugins": {
+      "eas_service": {
+         "availability_zone_id": "",
+         "driver_id": "",
+         "enable": "false",
+         "endpoint": "",
+         "flavor_id": "",
+         "network_type": "",
+         "network_virtual_subnet_id": "",
+         "pool_id": "",
+         "project_id": "",
+         "secret_name": "eas-service-secret"
+      }
+   },
+   "resource_exporter_enable": "true"
+}
                                                                                                                                                                    
+
                                                                                                                                                                    After this function is enabled, you can view the NUMA topology information of the current node.
                                                                                                                                                                    kubectl get numatopo 
+NAME              AGE
+node-1            4h8m
+node-2            4h8m
+node-3            4h8m
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                  2. Enable the volcano numa-aware algorithm add-on.
                                                                                                                                                                    kubectl edit cm -n kube-system volcano-scheduler-configmap
                                                                                                                                                                    kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: volcano-scheduler-configmap
+  namespace: kube-system
+data:
+  default-scheduler.conf: |-
+    actions: "allocate, backfill"
+    tiers:
+    - plugins:
+      - name: priority
+      - name: gang
+      - name: conformance
+    - plugins:
+      - name: overcommit
+      - name: drf
+      - name: predicates
+      - name: nodeorder
+    - plugins:
+      - name: cce-gpu-topology-predicate
+      - name: cce-gpu-topology-priority
+      - name: cce-gpu
+    - plugins:
+      - name: nodelocalvolume
+      - name: nodeemptydirvolume
+      - name: nodeCSIscheduling
+      - name: networkresource
+        arguments:
+          NetworkType: vpc-router
+      - name: numa-aware # add it to enable numa-aware plugin
+        arguments:
+          weight: 10 # the weight of the NUMA Aware Plugin
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                  
+
                                                                                                                                                                  
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Using Volcano to Support NUMA Affinity Scheduling
                                                                                                                                                                1. Configure NUMA affinity for Deployments. The following is an example:
                                                                                                                                                                  kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: numa-tset
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: numa-tset
+  template:
+    metadata:
+      labels:
+        app: numa-tset
+      annotations:
+        volcano.sh/numa-topology-policy: single-numa-node    # set the topology policy
+    spec:
+      containers:
+        - name: container-1
+          image: nginx:alpine
+          resources:
+            requests:
+              cpu: 2           # The value must be an integer and must be the same as that in limits.
+              memory: 2048Mi
+            limits:
+              cpu: 2           # The value must be an integer and must be the same as that in requests.
+              memory: 2048Mi
+      imagePullSecrets:
+      - name: default-secret
                                                                                                                                                                  
+
                                                                                                                                                                2. Create a volcano job and use NUMA affinity.
                                                                                                                                                                  apiVersion: batch.volcano.sh/v1alpha1
+kind: Job
+metadata:
+  name: vj-test
+spec:
+  schedulerName: volcano
+  minAvailable: 1
+  tasks:
+    - replicas: 1
+      name: "test"
+      topologyPolicy: best-effort   # set the topology policy for task 
+      template:
+        spec:
+          containers:
+            - image: alpine
+              command: ["/bin/sh", "-c", "sleep 1000"]
+              imagePullPolicy: IfNotPresent
+              name: running
+              resources:
+                limits:
+                  cpu: 20
+                  memory: "100Mi"
+          restartPolicy: OnFailure
                                                                                                                                                                  
+
                                                                                                                                                                3. Check the NUMA usage.
                                                                                                                                                                  # Check the CPU usage of the current node.
+lscpu
+...
+CPU(s):              32
+NUMA node(s):        2
+NUMA node0 CPU(s):   0-15
+NUMA node1 CPU(s):   16-31
+
+# Check the CPU allocation of the current node.
+cat /var/lib/kubelet/cpu_manager_state
+{"policyName":"static","defaultCpuSet":"0,10-15,25-31","entries":{"777870b5-c64f-42f5-9296-688b9dc212ba":{"container-1":"16-24"},"fb15e10a-b6a5-4aaa-8fcd-76c1aa64e6fd":{"container-1":"1-9"}},"checksum":318470969}
                                                                                                                                                                  
+
                                                                                                                                                                
+
                                                                                                                                                                
+
+
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                Parent topic: Volcano Scheduling
                                                                                                                                                                
+
                                                                                                                                                                
+
                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0430.html b/docs/cce/umn/cce_10_0430.html
index 94c0ce34a..6e9261fa5 100644
--- a/docs/cce/umn/cce_10_0430.html
+++ b/docs/cce/umn/cce_10_0430.html
@@ -3,79 +3,54 @@
 
                                                                                                                                                                Basic Cluster Information
                                                                                                                                                                
 
                                                                                                                                                                Kubernetes is an open source container orchestration engine for automating deployment, scaling, and management of containerized applications.
                                                                                                                                                                
 
                                                                                                                                                                For developers, Kubernetes is a cluster operating system. Kubernetes provides service discovery, scaling, load balancing, self-healing, and even leader election, freeing developers from infrastructure-related configurations.
                                                                                                                                                                
-
                                                                                                                                                                When using Kubernetes, it is like you run a large number of servers as one and the method for deploying applications in Kubernetes is always the same.
                                                                                                                                                                
-
                                                                                                                                                                Kubernetes Cluster Architecture
                                                                                                                                                                A Kubernetes cluster consists of master nodes (Masters) and worker nodes (Nodes). Applications are deployed on worker nodes, and you can specify the nodes for deployment.
                                                                                                                                                                
-
                                                                                                                                                                 
                                                                                                                                                                For a cluster created on CCE, the master node is hosted by CCE. You only need to create a node.
                                                                                                                                                                
-
                                                                                                                                                                
-
                                                                                                                                                                The following figure shows the architecture of a Kubernetes cluster.
                                                                                                                                                                
-
                                                                                                                                                                Figure 1 Kubernetes cluster architecture
                                                                                                                                                                
-
                                                                                                                                                                Master node
                                                                                                                                                                
-
                                                                                                                                                                A master node is the machine where the control plane components run, including API server, Scheduler, Controller manager, and etcd.
                                                                                                                                                                
-
                                                                                                                                                                • API server: functions as a transit station for components to communicate with each other, receives external requests, and writes information to etcd.
                                                                                                                                                                • Controller manager: performs cluster-level functions, such as component replication, node tracing, and node fault fixing.
                                                                                                                                                                • Scheduler: schedules containers to nodes based on various conditions (such as available resources and node affinity).
                                                                                                                                                                • etcd: serves as a distributed data storage component that stores cluster configuration information.
                                                                                                                                                                
-
                                                                                                                                                                In a production environment, multiple master nodes are deployed to ensure high cluster availability. For example, you can deploy three master nodes for your CCE cluster.
                                                                                                                                                                
-
                                                                                                                                                                Worker node
                                                                                                                                                                
-
                                                                                                                                                                A worker node is a compute node in a cluster, that is, a node running containerized applications. A worker node has the following components:
                                                                                                                                                                
-
                                                                                                                                                                • kubelet: communicates with the container runtime, interacts with the API server, and manages containers on the node.
                                                                                                                                                                • kube-proxy: serves as an access proxy between application components.
                                                                                                                                                                • Container runtime: functions as the software for running containers. You can download images to build your container runtime, such as Docker.
                                                                                                                                                                
-
                                                                                                                                                                
-
                                                                                                                                                                Master Nodes and Cluster Scale
                                                                                                                                                                When you create a cluster on CCE, you can have one or three master nodes. Three master nodes can create a cluster in HA mode.
                                                                                                                                                                
-
                                                                                                                                                                The master node specifications decide the number of nodes that can be managed by a cluster. You can select the cluster management scale, for example, 50 or 200 nodes.
                                                                                                                                                                
-
                                                                                                                                                                
-
                                                                                                                                                                Cluster Network
                                                                                                                                                                From the perspective of the network, all nodes in a cluster are located in a VPC, and containers are running on the nodes. You need to configure node-node, node-container, and container-container communication.
                                                                                                                                                                
-
                                                                                                                                                                A cluster network can be divided into three network types:
                                                                                                                                                                
-
                                                                                                                                                                • Node network: IP addresses are assigned to nodes in a cluster.
                                                                                                                                                                • Container network: IP addresses are assigned to containers in a cluster for communication. Currently, multiple container network models are supported, and each model has its own working mechanism.
                                                                                                                                                                • Service network: A Service is a Kubernetes object used to access containers. Each Service has a fixed IP address.
                                                                                                                                                                
+
                                                                                                                                                                Cluster Network
                                                                                                                                                                A cluster network can be divided into three network types:
                                                                                                                                                                
+
                                                                                                                                                                • Node network: IP addresses are assigned to nodes in a cluster.
                                                                                                                                                                • Container network: IP addresses are assigned to containers in a cluster for communication. Currently, multiple container network models are supported, and each model has its own working mechanism.
                                                                                                                                                                • Service network: A Service is a Kubernetes object used to access containers. Each Service has a static IP address.
                                                                                                                                                                
 
                                                                                                                                                                When you create a cluster, select a proper CIDR block for each network. Ensure that the CIDR blocks do not conflict with each other and have sufficient available IP addresses. You cannot change the container network model after the cluster is created. Plan the container network model properly in advance.
                                                                                                                                                                
 
                                                                                                                                                                You are advised to learn about the cluster network and container network models before creating a cluster. For details, see Container Network Models.
                                                                                                                                                                
 
                                                                                                                                                                
+
                                                                                                                                                                Master Nodes and Cluster Scale
                                                                                                                                                                When you create a cluster on CCE, you can have one or three master nodes. Three master nodes can create a cluster in HA mode.
                                                                                                                                                                
+
                                                                                                                                                                The master node specifications decide the number of nodes that can be managed by a cluster. You can select the cluster management scale, for example, 50 or 200 nodes.
                                                                                                                                                                
+
                                                                                                                                                                
 
                                                                                                                                                                Cluster Lifecycle
                                                                                                                                                                
-
                                                                                                                                                                Table 1 Cluster status
                                                                                                                                                                Status
                                                                                                                                                                
+
                                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0431.html b/docs/cce/umn/cce_10_0431.html
index ca22ece5f..ed69948f6 100644
--- a/docs/cce/umn/cce_10_0431.html
+++ b/docs/cce/umn/cce_10_0431.html
@@ -1,43 +1,36 @@
 
 
-
                                                                                                                                                                Checking the Node
                                                                                                                                                                
+
                                                                                                                                                                Node Restrictions
                                                                                                                                                                Check Item
                                                                                                                                                                Check the following aspects:
                                                                                                                                                                
 
                                                                                                                                                                • Check whether the node is available. 
                                                                                                                                                                • Check whether the node OS supports the upgrade.
                                                                                                                                                                • Check whether there are unexpected node pool tags in the node.
                                                                                                                                                                • Check whether the Kubernetes node name is consistent with the ECS name.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Solution
                                                                                                                                                                • Scenario 1: The node is unavailable.
                                                                                                                                                                  Log in to the CCE console and access the cluster console. Choose Nodes in the navigation pane and check the node status. Ensure that the node is in the Running status. A node in the Installing or Deleting status cannot be upgraded.
                                                                                                                                                                  
-
                                                                                                                                                                  If the node status is abnormal, restore the node by referring to  and retry the check task.
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                • Scenario 2: The node OS does not support the upgrade.
                                                                                                                                                                  The following table lists the node OSs that support the upgrade. You can reset the node OS to an available OS in the list.
                                                                                                                                                                  
+
                                                                                                                                                                  Solution
                                                                                                                                                                  • Scenario 1: The node status is abnormal. Rectify the fault first.
                                                                                                                                                                    Log in to the CCE console and access the cluster console. Choose Nodes in the navigation pane and check the node status. Ensure that the node is in the Running status. A node in the Installing or Deleting status cannot be upgraded.
                                                                                                                                                                    
+
                                                                                                                                                                    If the node status is abnormal, restore the node and retry the check task. 
                                                                                                                                                                    
+
                                                                                                                                                                  • Scenario 2: The node OS does not support the upgrade. Contact technical support.
                                                                                                                                                                    The following table lists the node OSs that support the upgrade. You can reset the node OS to an available OS in the list.
                                                                                                                                                                    
 
-
                                                                                                                                                                Table 1 Cluster status
                                                                                                                                                                Status
                                                                                                                                                                
 
                                                                                                                                                                Description
                                                                                                                                                                
+
                                                                                                                                                                Description
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
 
                                                                                                                                                                Creating
                                                                                                                                                                
+
                                                                                                                                                                Creating
                                                                                                                                                                
 
                                                                                                                                                                A cluster is being created and is requesting for cloud resources.
                                                                                                                                                                
+
                                                                                                                                                                A cluster is being created and is requesting for cloud resources.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                Running
                                                                                                                                                                
+
                                                                                                                                                                Running
                                                                                                                                                                
 
                                                                                                                                                                A cluster is running properly.
                                                                                                                                                                
+
                                                                                                                                                                A cluster is running properly.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                Scaling-out
                                                                                                                                                                
+
                                                                                                                                                                Hibernating
                                                                                                                                                                
 
                                                                                                                                                                A node is being added to a cluster.
                                                                                                                                                                
+
                                                                                                                                                                A cluster is hibernating.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                Scaling-in
                                                                                                                                                                
+
                                                                                                                                                                Awaking
                                                                                                                                                                
 
                                                                                                                                                                A node is being deleted from a cluster.
                                                                                                                                                                
+
                                                                                                                                                                A cluster is being woken up.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                Hibernating
                                                                                                                                                                
+
                                                                                                                                                                Upgrading
                                                                                                                                                                
 
                                                                                                                                                                A cluster is hibernating.
                                                                                                                                                                
+
                                                                                                                                                                A cluster is being upgraded.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                Awaking
                                                                                                                                                                
+
                                                                                                                                                                Unavailable
                                                                                                                                                                
 
                                                                                                                                                                A cluster is being woken up.
                                                                                                                                                                
+
                                                                                                                                                                A cluster is unavailable.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                Upgrading
                                                                                                                                                                
+
                                                                                                                                                                Deleting
                                                                                                                                                                
 
                                                                                                                                                                A cluster is being upgraded.
                                                                                                                                                                
-
                                                                                                                                                                Unavailable
                                                                                                                                                                
-
                                                                                                                                                                A cluster is unavailable.
                                                                                                                                                                
-
                                                                                                                                                                Deleting
                                                                                                                                                                
-
                                                                                                                                                                A cluster is being deleted.
                                                                                                                                                                
+
                                                                                                                                                                A cluster is being deleted.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
                                                                                                                                                                 
 
                                                                                                                                                                Table 1 OSs that support the upgrade
                                                                                                                                                                OS
                                                                                                                                                                
+
                                                                                                                                                                
-
-
-
-
-
-
-
-
                                                                                                                                                                Table 1 OSs that support the upgrade
                                                                                                                                                                OS
                                                                                                                                                                
 
                                                                                                                                                                Restriction
                                                                                                                                                                
+
                                                                                                                                                                Constraint
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
 
                                                                                                                                                                EulerOS 2.5/2.9
                                                                                                                                                                
+
                                                                                                                                                                EulerOS 2.x
                                                                                                                                                                
 
                                                                                                                                                                None
                                                                                                                                                                
+
                                                                                                                                                                None.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                CentOS 7.7
                                                                                                                                                                
+
                                                                                                                                                                Ubuntu
                                                                                                                                                                
 
                                                                                                                                                                None
                                                                                                                                                                
-
                                                                                                                                                                Ubuntu 22.04
                                                                                                                                                                
-
                                                                                                                                                                Some sites cannot perform upgrade. If the check result shows the upgrade is not supported, contact technical support.
                                                                                                                                                                
+
                                                                                                                                                                Some sites cannot perform upgrade. If the check result shows the upgrade is not supported, contact technical support.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
                                                                                                                                                                 
 
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                              6. Scenario 3: There are unexpected node pool tags in the node.
                                                                                                                                                                If a node is migrated from a node pool to the default node pool, the node pool label cce.cloud.com/cce-nodepool is retained, affecting cluster upgrade. Check whether the load scheduling on the node depends on the label.
                                                                                                                                                                
+
                                                                                                                                                              7. Scenario 3: The node belongs to the default node pool but contains a common node pool label, which affects the upgrade process.
                                                                                                                                                                If a node is migrated from a node pool to the default node pool, the node pool label cce.cloud.com/cce-nodepool is retained, affecting cluster upgrade. Check whether the load scheduling on the node depends on the label.
                                                                                                                                                                
 
                                                                                                                                                                • If there is no dependency, delete the tag.
                                                                                                                                                                • If yes, modify the load balancing policy, remove the dependency, and then delete the tag.
                                                                                                                                                                
-
                                                                                                                                                              8. Scenario 4: The Kubernetes node name is consistent with the ECS name.
                                                                                                                                                                Kubernetes node name, which defaults to the node's private IP. If you select a cloud server name as the node name, the cluster cannot be upgraded.
                                                                                                                                                                
-
                                                                                                                                                                Log in to the CCE console and access the cluster console. Choose Nodes in the navigation pane, view the node label, and check whether the value of kubernetes.io/hostname is consistent with the ECS name. If they are the same, remove the node before the cluster upgrade.
                                                                                                                                                                
-
                                                                                                                                                                
+
                                                                                                                                                              9. Scenario 4: CNIProblem taints are detected on the node. Remove the taints first.
                                                                                                                                                                The node contains a taint whose key is node.cloudprovider.kubernetes.io/cni-problem, and the effect is NoSchedule. The taint is added by the npd add-on. You are advised to upgrade the npd add-on to the latest version and check again. If the problem persists, contact technical support.
                                                                                                                                                                
+
                                                                                                                                                              10. Scenario 5: The Kubernetes node corresponding to the node does not exist. The node may be being deleted. Check again later.
                                                                                                                                                                Check again later.
                                                                                                                                                                
 
                                                                                                                                                                11. 
 
 
diff --git a/docs/cce/umn/cce_10_0432.html b/docs/cce/umn/cce_10_0432.html
index d5ad977e3..580fdde50 100644
--- a/docs/cce/umn/cce_10_0432.html
+++ b/docs/cce/umn/cce_10_0432.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                Checking the Blocklist
                                                                                                                                                                
+
                                                                                                                                                                Blocklist
                                                                                                                                                                
 
                                                                                                                                                                Check Item
                                                                                                                                                                Check whether the current user is in the upgrade blocklist.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Solution
                                                                                                                                                                CCE temporarily disables the cluster upgrade function due to the following reasons:
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0433.html b/docs/cce/umn/cce_10_0433.html
index 32c05e93c..37c731d1d 100644
--- a/docs/cce/umn/cce_10_0433.html
+++ b/docs/cce/umn/cce_10_0433.html
@@ -1,15 +1,14 @@
 
 
-
                                                                                                                                                                Checking the Add-on
                                                                                                                                                                
+
                                                                                                                                                                Add-ons
                                                                                                                                                                
 
                                                                                                                                                                Check Item
                                                                                                                                                                Check the following aspects:
                                                                                                                                                                
-
                                                                                                                                                                • Check whether the add-on status is normal.
                                                                                                                                                                • Check whether the add-on supports the target version.
                                                                                                                                                                
+
                                                                                                                                                                • Check whether the add-on status is normal.
                                                                                                                                                                • Check whether the add-on support the target version.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Solution
                                                                                                                                                                • Scenario 1: The add-on status is abnormal.
                                                                                                                                                                  Log in to the CCE console and go to the target cluster. Choose O&M > Add-ons to view and handle the abnormal add-on.
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                • Scenario 2: The target version does not support the current add-on.
                                                                                                                                                                  The add-on cannot be automatically upgraded with the cluster. Log in to the CCE console and go to the target cluster. Choose O&M > Add-ons to manually upgrade the add-on.
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                • Scenario 3: The add-on does not support the target cluster even if the add-on is upgraded to the latest version. In this case, go to the cluster console and choose Cluster Information > O&M > Add-ons in the navigation pane to manually uninstall the add-on.
                                                                                                                                                                  For details about the supported add-on versions and replacement solutions, see the help document.
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                • Scenario 2: The target version does not support the current add-on.
                                                                                                                                                                  The add-on cannot be automatically upgraded with the cluster. Log in to the CCE console and go to the target cluster. Choose O&M > Add-ons to manually upgrade the add-on.
                                                                                                                                                                  
+
                                                                                                                                                                • Scenario 3: After the add-on is upgraded to the latest version, the target cluster version is still not supported.
                                                                                                                                                                  Log in to the CCE console and go to the target cluster. Choose O&M > Add-ons to manually uninstall the add-on. For details about the supported add-on versions and replacement solutions, see the Help document.
                                                                                                                                                                  
+
                                                                                                                                                                • Scenario 4: The add-on configuration does not meet the upgrade requirements. Upgrade the add-on and try again.
                                                                                                                                                                  As shown in the following figure, the error message "please upgrade addon [ ] in the page of addon managecheck and try again" is displayed during the pre-upgrade check.
                                                                                                                                                                  
+
                                                                                                                                                                  Log in to the CCE console and go to the target cluster. Choose O&M > Add-ons to manually upgrade the add-on.
                                                                                                                                                                  
 
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0434.html b/docs/cce/umn/cce_10_0434.html
index 4f6f5053e..1efa6b03a 100644
--- a/docs/cce/umn/cce_10_0434.html
+++ b/docs/cce/umn/cce_10_0434.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                Checking the Helm Chart
                                                                                                                                                                
+
                                                                                                                                                                Helm Charts
                                                                                                                                                                
 
                                                                                                                                                                Check Item
                                                                                                                                                                Check whether the current HelmRelease record contains discarded Kubernetes APIs that are not supported by the target cluster version. If yes, the Helm chart may be unavailable after the upgrade.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Solution
                                                                                                                                                                Convert the discarded Kubernetes APIs to APIs that are compatible with both the source and target versions.
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0435.html b/docs/cce/umn/cce_10_0435.html
index 751964969..1b95dacc1 100644
--- a/docs/cce/umn/cce_10_0435.html
+++ b/docs/cce/umn/cce_10_0435.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                Checking the Master Node SSH Connectivity
                                                                                                                                                                
+
                                                                                                                                                                SSH Connectivity of Master Nodes
                                                                                                                                                                
 
                                                                                                                                                                Check Item
                                                                                                                                                                Check whether CCE can connect to your master nodes.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Solution
                                                                                                                                                                Contact technical support.
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0436.html b/docs/cce/umn/cce_10_0436.html
index c5c31218d..108044e6b 100644
--- a/docs/cce/umn/cce_10_0436.html
+++ b/docs/cce/umn/cce_10_0436.html
@@ -1,25 +1,10 @@
 
 
-
                                                                                                                                                                Checking the Node Pool
                                                                                                                                                                
-
                                                                                                                                                                Check Item
                                                                                                                                                                Check the following aspects:
                                                                                                                                                                
-
                                                                                                                                                                • Check the node status.
                                                                                                                                                                • Check whether the auto scaling function of the node pool is disabled.
                                                                                                                                                                
+
                                                                                                                                                                Node Pools
                                                                                                                                                                
+
                                                                                                                                                                Check Item
                                                                                                                                                                Check the node pool status.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Solution
                                                                                                                                                                • Scenario 1: The node pool status is abnormal.
                                                                                                                                                                  Log in to the CCE console, go to the target cluster and choose Nodes. On the displayed page, click Node Pools tab and check the node pool status. If the node pool is being scaled, wait until the scaling is complete, and disable the auto scaling function by referring to Scenario 2.
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                • Scenario 2: The auto scaling function of the node pool is enabled.
                                                                                                                                                                  Solution 1 (Recommended)
                                                                                                                                                                  
-
                                                                                                                                                                  Log in to the CCE console and go to the target cluster. Choose O&M > Add-ons and uninstall the autoscaler add-on.
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                   
                                                                                                                                                                  Before uninstalling the autoscaler add-on, click Upgrade to back up the configuration so that the add-on configuration can be restored during reinstallation.
                                                                                                                                                                  
-
                                                                                                                                                                  Before uninstalling the autoscaler add-on, choose O&M > Node Scaling and back up the current scaling policies so that they can be restored during reinstallation. These policies will be deleted when the autoscaler add-on is uninstalled.
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  Obtain and back up the node scaling policy by clicking Edit.
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                  Solution 2
                                                                                                                                                                  
-
                                                                                                                                                                  If you do not want to uninstall the autoscaler add-on, log in to the CCE console and access the cluster detail page. Choose Nodes in the navigation pane. On the displayed page, click the Node Pools tab and click Edit of the corresponding node pool to disable the auto scaling function.
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                   
                                                                                                                                                                  Before disabling the auto scaling function, back up the autoscaling configuration so that the configuration can be restored when the function is enabled.
                                                                                                                                                                  
-
                                                                                                                                                                  
-
                                                                                                                                                                
+
                                                                                                                                                                Solution
                                                                                                                                                                Scenario: The node pool malfunctions.
                                                                                                                                                                
+
                                                                                                                                                                Log in to the CCE console, go to the target cluster and choose Nodes. On the displayed page, click Node Pools tab and check the node pool status. If the node pool is being scaled, wait until the node pool scaling is complete.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0437.html b/docs/cce/umn/cce_10_0437.html
index f1615be9d..897841589 100644
--- a/docs/cce/umn/cce_10_0437.html
+++ b/docs/cce/umn/cce_10_0437.html
@@ -1,18 +1,17 @@
 
 
-
                                                                                                                                                                Checking the Security Group
                                                                                                                                                                
+
                                                                                                                                                                Security Groups
                                                                                                                                                                
 
                                                                                                                                                                Check Item
                                                                                                                                                                Check whether the security group allows the master node to access nodes using ICMP.
                                                                                                                                                                
+
                                                                                                                                                                 
                                                                                                                                                                This check item is performed only for clusters using VPC networking. For clusters using other networking, skip this check item.
                                                                                                                                                                
+
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Solution
                                                                                                                                                                Log in to the VPC console, choose Access Control > Security Groups, and enter the target cluster name in the search box. Two security groups are displayed:
                                                                                                                                                                
 
                                                                                                                                                                • The security group name is cluster name-node-xxx. This security group is associated with the user nodes.
                                                                                                                                                                • The security group name is cluster name-control-xxx. This security group is associated with the master nodes.
                                                                                                                                                                
-
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Click the security group of the node user and ensure that the following rules are configured to allow the master node to access the node using ICMP.
                                                                                                                                                                
-
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Otherwise, add a rule to the node security group. Set Source to Security group.
                                                                                                                                                                
-
                                                                                                                                                                
+
                                                                                                                                                                If the preceding security group rule is unavailable, add the rule with the following configurations to the node security group: Set Protocol & Port to Protocols/ICMP and All, and Source to Security group and the master security group. 
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0439.html b/docs/cce/umn/cce_10_0439.html
index 744f8516e..609936238 100644
--- a/docs/cce/umn/cce_10_0439.html
+++ b/docs/cce/umn/cce_10_0439.html
@@ -1,12 +1,11 @@
 
 
-
                                                                                                                                                                To-Be-Migrated Node
                                                                                                                                                                
+
                                                                                                                                                                To-Be-Migrated Nodes
                                                                                                                                                                
 
                                                                                                                                                                Check Item
                                                                                                                                                                Check whether the node needs to be migrated.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Solution
                                                                                                                                                                For the 1.15 cluster that is upgraded from 1.13 in rolling mode, you need to migrate (reset or create and replace) all nodes before performing the upgrade again.
                                                                                                                                                                
+
                                                                                                                                                                Solution
                                                                                                                                                                For the 1.15 cluster that is upgraded from 1.13 in rolling mode, migrate (reset or create and replace) all nodes before performing the upgrade again.
                                                                                                                                                                
 
                                                                                                                                                                Solution 1
                                                                                                                                                                
-
                                                                                                                                                                Go the CCE console and access the cluster console. Choose Nodes in the navigation pane and click More > Reset Node in the Operation column of the corresponding node. For details, see Resetting a Node. After the node is reset, retry the check task.
                                                                                                                                                                
-
                                                                                                                                                                
+
                                                                                                                                                                Go to the CCE console and access the cluster console. Choose Nodes in the navigation pane and click More > Reset Node in the Operation column of the corresponding node. For details, see Resetting a Node. After the node is reset, retry the check task.
                                                                                                                                                                
 
                                                                                                                                                                 
                                                                                                                                                                Resetting a node will reset all node labels, which may affect workload scheduling. Before resetting a node, check and retain the labels that you have manually added to the node.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Solution 2
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0440.html b/docs/cce/umn/cce_10_0440.html
index f9c0d4d0b..a304df1de 100644
--- a/docs/cce/umn/cce_10_0440.html
+++ b/docs/cce/umn/cce_10_0440.html
@@ -1,16 +1,14 @@
 
 
-
                                                                                                                                                                Discarded Kubernetes Resource
                                                                                                                                                                
+
                                                                                                                                                                Discarded Kubernetes Resources
                                                                                                                                                                
 
                                                                                                                                                                Check Item
                                                                                                                                                                Check whether there are discarded resources in the clusters.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Solution
                                                                                                                                                                Scenario 1: The PodSecurityPolicy resource object has been discarded since clusters of v1.25.
                                                                                                                                                                
+
                                                                                                                                                                Solution
                                                                                                                                                                Scenario 1: The PodSecurityPolicy resource object has been discarded since clusters of 1.25.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                
 
                                                                                                                                                                Run the kubectl get psp -A command in the cluster to obtain the existing PSP object.
                                                                                                                                                                
 
                                                                                                                                                                If these two objects are not used, skip the check. Otherwise, upgrade the corresponding functions to PodSecurity by referring to Pod Security.
                                                                                                                                                                
-
                                                                                                                                                                Scenario 2: The discarded annotation (tolerate-unready-endpoints) exists in Services in clusters of 1.25 or later.
                                                                                                                                                                
-
                                                                                                                                                                
-
                                                                                                                                                                Check whether the Service in the log information contains the annotation tolerate-unready-endpoints. If yes, delete the annotation and add the following field to the spec of the corresponding Service to replace the annotation:
                                                                                                                                                                
+
                                                                                                                                                                Scenario 2: The Service in the clusters of 1.25 or later has discarded annotation: tolerate-unready-endpoints.
                                                                                                                                                                
+
                                                                                                                                                                Check whether the Service provided in the log information contains the annotation of tolerate-unready-endpoints. If yes, replace the annotation with the following fields:
                                                                                                                                                                
 
                                                                                                                                                                publishNotReadyAddresses: true
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0441.html b/docs/cce/umn/cce_10_0441.html
index fecf4a910..9878ef142 100644
--- a/docs/cce/umn/cce_10_0441.html
+++ b/docs/cce/umn/cce_10_0441.html
@@ -1,50 +1,52 @@
 
 
-
                                                                                                                                                                Compatibility Risk
                                                                                                                                                                
-
                                                                                                                                                                Check Item
                                                                                                                                                                Read the version compatibility differences and ensure that they are not affected.
                                                                                                                                                                
-
                                                                                                                                                                The patch upgrade does not involve version compatibility differences.
                                                                                                                                                                
+
                                                                                                                                                                Compatibility Risks
                                                                                                                                                                
+
                                                                                                                                                                Check Item
                                                                                                                                                                Read the version compatibility differences and ensure that they are not affected. The patch upgrade does not involve version compatibility differences.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Version compatibility
                                                                                                                                                                
-
                                                                                                                                                                Major Version Upgrade Path
                                                                                                                                                                
+
                                                                                                                                                                
-
-
-
+
+
+
+
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0442.html b/docs/cce/umn/cce_10_0442.html
index f76b8dfe1..dd24d84de 100644
--- a/docs/cce/umn/cce_10_0442.html
+++ b/docs/cce/umn/cce_10_0442.html
@@ -1,21 +1,31 @@
 
 
-
                                                                                                                                                                Node CCEAgent Version
                                                                                                                                                                
+
                                                                                                                                                                Node CCE Agent Versions
                                                                                                                                                                Check Item
                                                                                                                                                                Check whether cce-agent on the current node is of the latest version.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Solution
                                                                                                                                                                If cce-agent is not of the latest version, the automatic update fails. This problem is usually caused by invalid OBS address or the version of the component is outdated.
                                                                                                                                                                
-
                                                                                                                                                                1. Log in to a normal node that passes the check, obtain the path of the cce-agent configuration file, and check the OBS address.
                                                                                                                                                                  cat `ps aux | grep cce-agent | grep -v grep | awk -F '-f ''{print $2}'`
                                                                                                                                                                  
+
                                                                                                                                                                  Solution
                                                                                                                                                                  • Scenario 1: The error message "you cce-agent no update, please restart it" is displayed.
                                                                                                                                                                    cce-agent does not need to be updated but is not restarted. In this case, log in to the node and manually restart cce-agent.
                                                                                                                                                                    
+
                                                                                                                                                                    Solution: Log in to the node and run the following command:
                                                                                                                                                                    
+
                                                                                                                                                                    systemctl restart cce-agent
                                                                                                                                                                    
+
                                                                                                                                                                    Perform the pre-upgrade check again.
                                                                                                                                                                    
+
                                                                                                                                                                  • Scenario 2: The error message "your cce-agent is not the latest version" is displayed.
                                                                                                                                                                    cce-agent is not of the latest version, and the automatic update failed. This issue is typically caused by an invalid OBS path or the component version is outdated.
                                                                                                                                                                    
+
                                                                                                                                                                    Solution
                                                                                                                                                                    
+
                                                                                                                                                                    1. Log in to a node where the check succeeded, obtain the path of the cce-agent configuration file, and obtain the OBS address.
                                                                                                                                                                      cat `ps aux | grep cce-agent | grep -v grep | awk -F '-f ' '{print $2}'`
                                                                                                                                                                      
 
                                                                                                                                                                      The OBS configuration address field in the configuration file is packageFrom.addr.
                                                                                                                                                                      
-
                                                                                                                                                                      
-
                                                                                                                                                                    2. Log in to an abnormal node where the check fails, obtain the OBS address again by referring to the previous step, and check whether the OBS address is consistent. If they are different, change the OBS address of the abnormal node to the correct address.
                                                                                                                                                                    3. Run the following commands to download the latest binary file:
                                                                                                                                                                      • ARM
                                                                                                                                                                        curl -k "https://{OBS address you have obtained}/cluster-versions/base/cce-agent-arm" > /tmp/cce-agent-arm
                                                                                                                                                                        
+
                                                                                                                                                                        Figure 1 OBS address
                                                                                                                                                                        
+
                                                                                                                                                                      • Log in to a where the check failed, obtain the OBS address again by referring to the previous step, and check whether the OBS addresses are the same. If they are different, change the OBS address of the abnormal node to the correct address.
                                                                                                                                                                      • Run the following commands to download the latest binary file:
                                                                                                                                                                        • x86
                                                                                                                                                                          curl -k "https://{OBS address you have obtained}/cluster-versions/base/cce-agent" > /tmp/cce-agent
                                                                                                                                                                          
+
                                                                                                                                                                        • Arm
                                                                                                                                                                          curl -k "https://{OBS address you have obtained}/cluster-versions/base/cce-agent-arm" > /tmp/cce-agent-arm
                                                                                                                                                                          
 
                                                                                                                                                                        
-
                                                                                                                                                                      • Replace the original cce-agent binary file.
                                                                                                                                                                        • ARM
                                                                                                                                                                          mv -f /tmp/cce-agent-arm /usr/local/bin/cce-agent-arm
+
                                                                                                                                                                        • Replace the original cce-agent binary file.
                                                                                                                                                                          • x86
                                                                                                                                                                            mv -f /tmp/cce-agent /usr/local/bin/cce-agent
+chmod 750 /usr/local/bin/cce-agent
+chown root:root /usr/local/bin/cce-agent
                                                                                                                                                                            
+
                                                                                                                                                                          • Arm
                                                                                                                                                                            mv -f /tmp/cce-agent-arm /usr/local/bin/cce-agent-arm
 chmod 750 /usr/local/bin/cce-agent-arm
 chown root:root /usr/local/bin/cce-agent-arm
                                                                                                                                                                            
 
                                                                                                                                                                          
-
                                                                                                                                                                        • Restart cce-agent.
                                                                                                                                                                          systemctl restart cce-agent
                                                                                                                                                                          
+
                                                                                                                                                                        • Restart cce-agent.
                                                                                                                                                                          systemctl restart cce-agent
                                                                                                                                                                          
 
                                                                                                                                                                          If you have any questions about the preceding operations, contact technical support.
                                                                                                                                                                          
-
                                                                                                                                                                    
+
                                                                                                                                                                
+
 
                                                                                                                                                                
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0444.html b/docs/cce/umn/cce_10_0444.html
index 8bba4c723..80ce3a6b4 100644
--- a/docs/cce/umn/cce_10_0444.html
+++ b/docs/cce/umn/cce_10_0444.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                CRD Check
                                                                                                                                                                
+
                                                                                                                                                                CRDs
                                                                                                                                                                
 
                                                                                                                                                                Check Item
                                                                                                                                                                Check the following aspects:
                                                                                                                                                                
 
                                                                                                                                                                • Check whether the key CRD packageversions.version.cce.io of the cluster is deleted.
                                                                                                                                                                • Check whether the cluster key CRD network-attachment-definitions.k8s.cni.cncf.io is deleted.
                                                                                                                                                                
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0445.html b/docs/cce/umn/cce_10_0445.html
index c4d17ce34..c8a1ca5ee 100644
--- a/docs/cce/umn/cce_10_0445.html
+++ b/docs/cce/umn/cce_10_0445.html
@@ -1,18 +1,18 @@
 
 
-
                                                                                                                                                                Node Disk
                                                                                                                                                                
+
                                                                                                                                                                Node Disks
                                                                                                                                                                
 
                                                                                                                                                                Check Item
                                                                                                                                                                Check the following aspects:
                                                                                                                                                                
 
                                                                                                                                                                • Check whether the key data disks on the node meet the upgrade requirements.
                                                                                                                                                                • Check whether the /tmp directory has 500 MB available space.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                Solution
                                                                                                                                                                During the node upgrade, the key disks store the upgrade component package, and the /tmp directory stores temporary files.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                • Scenario 1: Check whether the disk meets the upgrade requirements.
                                                                                                                                                                  Run the following command to check the usage of each key disk. After ensuring that the available space meets the requirements and check again. If the space of the master node is insufficient, contact technical support.
                                                                                                                                                                  
+
                                                                                                                                                                  • Scenario 1: Check whether the disk meets the upgrade requirements.
                                                                                                                                                                    Run the following command to check the usage of each key disk. After ensuring that the available space meets the requirements and check again. If the space of the master node is insufficient, contact technical support.
                                                                                                                                                                    
 
                                                                                                                                                                    • Disk partition of Docker: 2 GB for master nodes and 1 GB for worker nodes
                                                                                                                                                                      df -h /var/lib/docker
                                                                                                                                                                      
 
                                                                                                                                                                    • Disk partition of containerd: 2 GB for master nodes and 1 GB for worker nodes
                                                                                                                                                                      df -h /var/lib/containerd
                                                                                                                                                                      
-
                                                                                                                                                                    • Disk partition of kubelet: 2 GB for master nodes and 1 GB for worker nodes
                                                                                                                                                                      df -h /var/lib/docker
                                                                                                                                                                      
+
                                                                                                                                                                    • Disk partition of kubelet: 2 GB for master nodes and 1 GB for worker nodes
                                                                                                                                                                      df -h /mnt/paas/kubernetes/kubelet
                                                                                                                                                                      
 
                                                                                                                                                                    • System disk: 10 GB for master nodes and 2 GB for worker nodes
                                                                                                                                                                      df -h /
                                                                                                                                                                      
 
                                                                                                                                                                    
-
                                                                                                                                                                  • Scenario 2: The /tmp directory space is insufficient.
                                                                                                                                                                    Run the following command to check the space usage of the file system where the /tmp directory is located. Ensure that the space is greater than 500 MB and check again.
                                                                                                                                                                    
+
                                                                                                                                                                  • Scenario 2: The /tmp directory space is insufficient.
                                                                                                                                                                    Run the following command to check the usage of the file system where the /tmp directory is located. Ensure that the space is greater than 500 MB and check again.
                                                                                                                                                                    
 
                                                                                                                                                                    df -h /tmp
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0446.html b/docs/cce/umn/cce_10_0446.html
index 048fb378a..8f8bbf34a 100644
--- a/docs/cce/umn/cce_10_0446.html
+++ b/docs/cce/umn/cce_10_0446.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                Check Item
                                                                                                                                                                Check the following aspects:
                                                                                                                                                                
 
                                                                                                                                                                • Check whether the DNS configuration of the current node can resolve the OBS address.
                                                                                                                                                                • Check whether the current node can access the OBS address of the storage upgrade component package.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Solution
                                                                                                                                                                During the node upgrade, you need to obtain the upgrade component package from OBS. If this check fails, contact technical support.
                                                                                                                                                                
+
                                                                                                                                                                Solution
                                                                                                                                                                During the node upgrade, obtain the upgrade component package from OBS. If this check fails, contact technical support.
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0447.html b/docs/cce/umn/cce_10_0447.html
index a9a81d059..d9f7e2147 100644
--- a/docs/cce/umn/cce_10_0447.html
+++ b/docs/cce/umn/cce_10_0447.html
@@ -3,9 +3,11 @@
 
                                                                                                                                                                Node Key Directory File Permissions
                                                                                                                                                                
 
                                                                                                                                                                Check Item
                                                                                                                                                                Check whether the key directory /var/paas on the nodes contain files with abnormal owners or owner groups.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Solution
                                                                                                                                                                CCE uses the /var/paas directory to manage nodes and store file data whose owner and owner group are both paas.
                                                                                                                                                                
+
                                                                                                                                                                Solution
                                                                                                                                                                • Scenario 1: The error message "xx file permission has been changed!" is displayed.
                                                                                                                                                                  Solution: Enable CCE to use the /var/paas directory to manage nodes and store file data whose owner and owner group are both paas.
                                                                                                                                                                  
 
                                                                                                                                                                  During the current cluster upgrade, the owner and owner group of the files in the /var/paas directory are reset to paas.
                                                                                                                                                                  
 
                                                                                                                                                                  Check whether file data is stored in the /var/paas directory. If yes, do not use this directory, remove abnormal files from this directory, and check again. Otherwise, the upgrade is prohibited.
                                                                                                                                                                  
+
                                                                                                                                                                • Scenario 2: The error message "user paas must have at least read and execute permissions on the root directory" is displayed.
                                                                                                                                                                  Solution: Change the permission on the root directory to the default permission 555. If the permission on the root directory of the node is modified, user paas does not have the read permission on the root directory. As a result, restarting the component failed during the upgrade.
                                                                                                                                                                  
+
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0448.html b/docs/cce/umn/cce_10_0448.html
index 33ab136d6..f533e0fb9 100644
--- a/docs/cce/umn/cce_10_0448.html
+++ b/docs/cce/umn/cce_10_0448.html
@@ -3,8 +3,8 @@
 
                                                                                                                                                                Kubelet
                                                                                                                                                                
 
                                                                                                                                                                Check Item
                                                                                                                                                                Check whether the kubelet on the node is running properly.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Solution
                                                                                                                                                                • Scenario 1: The kubelet status is abnormal.
                                                                                                                                                                  If the kubelet is abnormal, the node is unavailable. Restore the node by following the instructions provided in  and check again.
                                                                                                                                                                  
-
                                                                                                                                                                • Scenario 2: The cce-pause version is abnormal.
                                                                                                                                                                  The version of the pause container image on which kubelet depends is not cce-pause:3.1. If you continue the upgrade, pods will restart in batches. Currently, the upgrade is not supported. Contact technical support.
                                                                                                                                                                  
+
                                                                                                                                                                  Solution
                                                                                                                                                                  • Scenario 1: The kubelet status is abnormal.
                                                                                                                                                                    If the kubelet malfunctions, the node is unavailable. Restore the node and check again. For details, see 
                                                                                                                                                                    
+
                                                                                                                                                                  • Scenario 2: The cce-pause version is incorrect.
                                                                                                                                                                    The version of the pause container image on which kubelet depends is not cce-pause:3.1. If you continue the upgrade, pods will restart in batches. Currently, the upgrade is not supported. Contact technical support.
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0450.html b/docs/cce/umn/cce_10_0450.html
index 8bf360735..d9e57bfad 100644
--- a/docs/cce/umn/cce_10_0450.html
+++ b/docs/cce/umn/cce_10_0450.html
@@ -3,13 +3,13 @@
 
                                                                                                                                                                Node Clock Synchronization Server
                                                                                                                                                                
 
                                                                                                                                                                Check Item
                                                                                                                                                                Check whether the clock synchronization server ntpd or chronyd of the node is running properly.
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                Solution
                                                                                                                                                                • Scenario 1: ntpd is running abnormally.
                                                                                                                                                                  Log in to the node and run the systemctl status ntpd command to query the running status of ntpd. If the command output is abnormal, run the systemctl restart ntpd command and query the status again.
                                                                                                                                                                  
+
                                                                                                                                                                  Solution
                                                                                                                                                                  • Scenario 1: ntpd is running abnormally.
                                                                                                                                                                    Log in to the node and run the systemctl status ntpd command to obtain the running status of ntpd. If the command output is abnormal, run the systemctl restart ntpd command and obtain the status again.
                                                                                                                                                                    
 
                                                                                                                                                                    The normal command output is as follows:
                                                                                                                                                                    
-
                                                                                                                                                                    
+
                                                                                                                                                                    Figure 1 Running status of ntpd
                                                                                                                                                                    
 
                                                                                                                                                                    If the problem persists after ntpd is restarted, contact technical support.
                                                                                                                                                                    
-
                                                                                                                                                                  • Scenario 2: chronyd is running abnormally.
                                                                                                                                                                    Log in to the node and run the systemctl status chronyd command to query the running status of chronyd. If the command output is abnormal, run the systemctl restart chronyd command and query the status again.
                                                                                                                                                                    
+
                                                                                                                                                                  • Scenario 2: chronyd is running abnormally.
                                                                                                                                                                    Log in to the node and run the systemctl status chronyd command to obtain the running status of chronyd. If the command output is abnormal, run the systemctl restart chronyd command and obtain the status again.
                                                                                                                                                                    
 
                                                                                                                                                                    The normal command output is as follows:
                                                                                                                                                                    
-
                                                                                                                                                                    
+
                                                                                                                                                                    Figure 2 Running status of chronyd
                                                                                                                                                                    
 
                                                                                                                                                                    If the problem persists after chronyd is restarted, contact technical support.
                                                                                                                                                                    
 
                                                                                                                                                                  
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0452.html b/docs/cce/umn/cce_10_0452.html
index 13004fc2d..1d069ce73 100644
--- a/docs/cce/umn/cce_10_0452.html
+++ b/docs/cce/umn/cce_10_0452.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                  Node CPU Count
                                                                                                                                                                  
+
                                                                                                                                                                  Node CPUs
                                                                                                                                                                  
 
                                                                                                                                                                  Check Item
                                                                                                                                                                  Check whether the number of CPUs on the master node is greater than 2.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Solution
                                                                                                                                                                  If the number of CPUs on the master node is 2, contact technical support to expand the number to 4 or more.
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0453.html b/docs/cce/umn/cce_10_0453.html
index d7a9670ee..d13f28bdb 100644
--- a/docs/cce/umn/cce_10_0453.html
+++ b/docs/cce/umn/cce_10_0453.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                  Node Python Command
                                                                                                                                                                  
+
                                                                                                                                                                  Node Python Commands
                                                                                                                                                                  
 
                                                                                                                                                                  Check Item
                                                                                                                                                                  Check whether the Python commands are available on a node.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Check Method
                                                                                                                                                                  /usr/bin/python --version
diff --git a/docs/cce/umn/cce_10_0456.html b/docs/cce/umn/cce_10_0456.html
index 1e36983f9..586a5bf31 100644
--- a/docs/cce/umn/cce_10_0456.html
+++ b/docs/cce/umn/cce_10_0456.html
@@ -3,9 +3,9 @@
 
                                                                                                                                                                  Node journald
                                                                                                                                                                  
 
                                                                                                                                                                  Check Item
                                                                                                                                                                  Check whether journald of a node is normal.
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Solution
                                                                                                                                                                  Log in to the node and run the systemctl is-active systemd-journald command to query the running status of journald. If the command output is abnormal, run the systemctl restart systemd-journald command and query the status again.
                                                                                                                                                                  
+
                                                                                                                                                                  Solution
                                                                                                                                                                  Log in to the node and run the systemctl is-active systemd-journald command to obtain the running status of journald. If the command output is abnormal, run the systemctl restart systemd-journald command and obtain the status again.
                                                                                                                                                                  
 
                                                                                                                                                                  The normal command output is as follows:
                                                                                                                                                                  
-
                                                                                                                                                                  
+
                                                                                                                                                                  Figure 1 Running status of journald
                                                                                                                                                                  
 
                                                                                                                                                                  If the problem persists after journald is restarted, contact technical support.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0457.html b/docs/cce/umn/cce_10_0457.html
index 7c86849c6..35b6fd501 100644
--- a/docs/cce/umn/cce_10_0457.html
+++ b/docs/cce/umn/cce_10_0457.html
@@ -1,10 +1,10 @@
 
 
-
                                                                                                                                                                  containerd.sock Check
                                                                                                                                                                  
+
                                                                                                                                                                  containerd.sock
                                                                                                                                                                  
 
                                                                                                                                                                  Check Item
                                                                                                                                                                  Check whether the containerd.sock file exists on the node. This file affects the startup of container runtime in the Euler OS.
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                  Solution
                                                                                                                                                                  Scenario: The Docker used by the node is the customized Euler-docker.
                                                                                                                                                                  
-
                                                                                                                                                                  1. Log in to the node.
                                                                                                                                                                  2. Run the rpm -qa | grep docker | grep euleros command. If the command output is not empty, the Docker used on the node is Euler-docker.
                                                                                                                                                                  3. Run the ls /run/containerd/containerd.sock command. If the file exists, Docker fails to be started.
                                                                                                                                                                  4. Run the rm -rf /run/containerd/containerd.sock command and perform the cluster upgrade check again.
                                                                                                                                                                  
+
                                                                                                                                                                  Solution
                                                                                                                                                                  Scenario: The Docker used by the node is the customized Euler-docker.
                                                                                                                                                                  
+
                                                                                                                                                                  1. Log in to the node.
                                                                                                                                                                  2. Run the rpm -qa | grep docker | grep euleros command. If the command output is not empty, the Docker used on the node is Euler-docker.
                                                                                                                                                                  3. Run the ls /run/containerd/containerd.sock command. If the file exists, Docker startup will fail.
                                                                                                                                                                  4. Run the rm -rf /run/containerd/containerd.sock command and perform the cluster upgrade check again.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0458.html b/docs/cce/umn/cce_10_0458.html
index 6ab0018a8..3a3fafd77 100644
--- a/docs/cce/umn/cce_10_0458.html
+++ b/docs/cce/umn/cce_10_0458.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                  Internal Error
                                                                                                                                                                  
+
                                                                                                                                                                  Internal Errors
                                                                                                                                                                  
 
                                                                                                                                                                  Check Item
                                                                                                                                                                  Before the upgrade, check whether an internal error occurs.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Solution
                                                                                                                                                                  If this check fails, contact technical support.
                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_10_0459.html b/docs/cce/umn/cce_10_0459.html
index 8d59f2559..77833413e 100644
--- a/docs/cce/umn/cce_10_0459.html
+++ b/docs/cce/umn/cce_10_0459.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                  Node Mount Point
                                                                                                                                                                  
+
                                                                                                                                                                  Node Mount Points
                                                                                                                                                                  
 
                                                                                                                                                                  Check Item
                                                                                                                                                                  Check whether inaccessible mount points exist on the node.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  Solution
                                                                                                                                                                  Scenario: There are inaccessible mount points on the node.
                                                                                                                                                                  
@@ -9,7 +9,7 @@
 - for dir in `df -h | grep -v "Mounted on" | awk "{print \\$NF}"`;do cd $dir; done && echo "ok"
                                                                                                                                                                  
 
                                                                                                                                                                • If ok is returned, no problem occurs.
                                                                                                                                                                  Otherwise, start another terminal and run the following command to check whether the previous command is in the D state:
                                                                                                                                                                  - ps aux | grep "D "
                                                                                                                                                                  
 
                                                                                                                                                                  
-
                                                                                                                                                                • If a process is in the D state, the problem occurs.You can only reset the node to solve the problem. Reset the node and upgrade the cluster again. For details about how to reset a node, see Resetting a Node.
                                                                                                                                                                   
                                                                                                                                                                  Resetting a node will reset all node labels, which may affect workload scheduling. Before resetting a node, check and retain the labels that you have manually added to the node.
                                                                                                                                                                  
+
                                                                                                                                                                • If a process is in the D state, the problem occurs. You can only reset the node to solve the problem. Reset the node and upgrade the cluster again. For details about how to reset a node, see Resetting a Node.
                                                                                                                                                                   
                                                                                                                                                                  Resetting a node will reset all node labels, which may affect workload scheduling. Before resetting a node, check and retain the labels that you have manually added to the node.
                                                                                                                                                                  
 
                                                                                                                                                                  
 
                                                                                                                                                                  • 
 
                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0460.html b/docs/cce/umn/cce_10_0460.html
index c38516342..6265fcbb7 100644
--- a/docs/cce/umn/cce_10_0460.html
+++ b/docs/cce/umn/cce_10_0460.html
@@ -1,25 +1,25 @@
 
 
-
                                                                                                                                                                Kubernetes Node Taint
                                                                                                                                                                
-
                                                                                                                                                                Check Item
                                                                                                                                                                Check whether the taint, as shown in Table 1, exists on the node.
-
                                                                                                                                                                Upgrade Path
                                                                                                                                                                
 
                                                                                                                                                                Precaution
                                                                                                                                                                
+
                                                                                                                                                                Version Difference
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                Self-Check
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
 
                                                                                                                                                                Upgrade from v1.19 to v1.21 or v1.23
                                                                                                                                                                
+
                                                                                                                                                                v1.23 to v1.25
                                                                                                                                                                
 
                                                                                                                                                                The bug of exec probe timeouts is fixed in Kubernetes 1.21. Before this bug fix, the exec probe does not consider the timeoutSeconds field. Instead, the probe will run indefinitely, even beyond its configured deadline. It will stop until the result is returned. If this field is not specified, the default value 1 is used. This field takes effect after the upgrade. If the probe runs over 1 second, the application health check may fail and the application may restart frequently.
                                                                                                                                                                
+
                                                                                                                                                                Since Kubernetes v1.25, PodSecurityPolicy has been replaced by pod Security Admission (Configuring Pod Security Admission).
                                                                                                                                                                
+
                                                                                                                                                                • To migrate PodSecurityPolicy capabilities to Pod Security Admission, perform the following steps:
                                                                                                                                                                  1. Ensure that the cluster is of the latest CCE v1.23 version.
                                                                                                                                                                  2. To migrate PodSecurityPolicy capabilities to Pod Security Admission, see Migrating from Pod Security Policy to Pod Security Admission.
                                                                                                                                                                  3. After confirming that the functions are normal after the migration, upgrade the cluster to v1.25.
                                                                                                                                                                  
+
                                                                                                                                                                • If you no longer need PodSecurityPolicy, you can delete PodSecurityPolicy from the cluster and upgrade the cluster to v1.25.
                                                                                                                                                                
+
                                                                                                                                                                v1.19 to v1.21 or v1.23
                                                                                                                                                                
+
                                                                                                                                                                The bug of exec probe timeouts is fixed in Kubernetes 1.21. Before this bug is fixed, the exec probe does not consider the timeoutSeconds field. Instead, the probe will run indefinitely, even beyond its configured deadline. It will stop until the result is returned. If this field is not specified, the default value 1 is used. This field takes effect after the upgrade. If the probe runs over 1 second, the application health check may fail and the application may restart frequently.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                Before the upgrade, check whether the timeout is properly set for the exec probe.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
 
                                                                                                                                                                kube-apiserver of CCE 1.19 or later requires that the Subject Alternative Names (SANs) field be configured for the certificate of your webhook server. Otherwise, kube-apiserver fails to call the webhook server after the upgrade, and containers cannot be started properly.
                                                                                                                                                                
-
                                                                                                                                                                Root cause: X.509 CommonName is discarded in Go 1.15. kube-apiserver of CCE 1.19 is compiled using Go 1.15. If your webhook certificate does not have SANs, kube-apiserver does not process the CommonName field of the X.509 certificate as the host name by default. As a result, the authentication fails.
                                                                                                                                                                
+
                                                                                                                                                                Root cause: X.509 CommonName is discarded in Go 1.15. kube-apiserver of CCE 1.19 is compiled using Go 1.15. If your webhook certificate does not have SANs, kube-apiserver does not process the CommonName field of the X.509 certificate as the host name by default. As a result, the authentication fails.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                Before the upgrade, check whether the SAN field is configured in the certificate of your webhook server.
                                                                                                                                                                
 
                                                                                                                                                                • If you do not have your own webhook server, you can skip this check.
                                                                                                                                                                • If the field is not set, you are advised to use the SAN field to specify the IP address and domain name supported by the certificate.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                Arm nodes are not supported in clusters of v1.21 and later.
                                                                                                                                                                
+
                                                                                                                                                                v1.15 to v1.19
                                                                                                                                                                
 
                                                                                                                                                                Check whether your services will be affected if Arm nodes cannot be used.
                                                                                                                                                                
-
                                                                                                                                                                Upgrade from v1.15 to v1.19
                                                                                                                                                                
-
                                                                                                                                                                The control plane of in the clusters v1.19 is incompatible with kubelet v1.15. If a node fails to be upgraded or the node to be upgraded restarts after the master node is successfully upgraded, there is a high probability that the node is in the NotReady status.
                                                                                                                                                                
-
                                                                                                                                                                This is because the node failed to be upgraded restarts the kubelet and trigger the node registration. In clusters of v1.15, the default registration tags (failure-domain.beta.kubernetes.io/is-baremetal and kubernetes.io/availablezone) are regarded as invalid tags by the clusters of v1.19.
                                                                                                                                                                
-
                                                                                                                                                                The valid tags in the clusters of v1.19 are node.kubernetes.io/baremetal and failure-domain.beta.kubernetes.io/zone.
                                                                                                                                                                
+
                                                                                                                                                                The control plane of in the clusters v1.19 is incompatible with kubelet v1.15. If a node fails to be upgraded or the node to be upgraded restarts after the master node is successfully upgraded, there is a high probability that the node is in the NotReady status.
                                                                                                                                                                
+
                                                                                                                                                                This is because the node failed to be upgraded restarts the kubelet and trigger the node registration. In clusters of v1.15, the default registration tags (failure-domain.beta.kubernetes.io/is-baremetal and kubernetes.io/availablezone) are regarded as invalid tags by the clusters of v1.19.
                                                                                                                                                                
+
                                                                                                                                                                The valid tags in the clusters of v1.19 are node.kubernetes.io/baremetal and failure-domain.beta.kubernetes.io/zone.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                1. In normal cases, this scenario is not triggered.
                                                                                                                                                                2. After the master node is upgraded, do not suspend the upgrade so the node can be quickly upgraded.
                                                                                                                                                                3. If a node fails to be upgraded and cannot be restored, evict applications on the node as soon as possible. Contact technical support and skip the node upgrade. After the upgrade is complete, reset the node.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
 
                                                                                                                                                                In CCE 1.15 and 1.19 clusters, the Docker storage driver file system is switched from XFS to Ext4. As a result, the import package sequence in the pods of the upgraded Java application may be abnormal, causing pod exceptions.
                                                                                                                                                                
 
                                                                                                                                                                Before the upgrade, check the Docker configuration file /etc/docker/daemon.json on the node. Check whether the value of dm.fs is xfs.
                                                                                                                                                                
-
                                                                                                                                                                • If the value is ext4 or the storage driver is Overlay, you can skip the next steps.
                                                                                                                                                                • If the value is xfs, you are advised to deploy applications in the cluster of the new version in advance to test whether the applications are compatible with the new cluster version.
                                                                                                                                                                
+
                                                                                                                                                                Before the upgrade, check the Docker configuration file /etc/docker/daemon.json on the node. Check whether the value of dm.fs is xfs.
                                                                                                                                                                
+
                                                                                                                                                                • If the value is ext4 or the storage driver is Overlay, you can skip the next steps.
                                                                                                                                                                • If the value is xfs, you are advised to deploy applications in the cluster of the new version in advance to test whether the applications are compatible with the new cluster version.
                                                                                                                                                                
 
                                                                                                                                                                {
       "storage-driver": "devicemapper",
       "storage-opts": [
@@ -57,7 +59,7 @@
 
                                                                                                                                                                		
 
                                                                                                                                                                
 
                                                                                                                                                                kube-apiserver of CCE 1.19 or later requires that the Subject Alternative Names (SANs) field be configured for the certificate of your webhook server. Otherwise, kube-apiserver fails to call the webhook server after the upgrade, and containers cannot be started properly.
                                                                                                                                                                
-
                                                                                                                                                                Root cause: X.509 CommonName is discarded in Go 1.15. kube-apiserver of CCE 1.19 is compiled using Go 1.15. The CommonName field is processed as the host name. As a result, the authentication fails.
                                                                                                                                                                
+
                                                                                                                                                                Root cause: X.509 CommonName is discarded in Go 1.15. kube-apiserver of CCE 1.19 is compiled using Go 1.15. The CommonName field is processed as the host name. As a result, the authentication fails.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                Before the upgrade, check whether the SAN field is configured in the certificate of your webhook server.
                                                                                                                                                                
 
                                                                                                                                                                • If you do not have your own webhook server, you can skip this check.
                                                                                                                                                                • If the field is not set, you are advised to use the SAN field to specify the IP address and domain name supported by the certificate.
                                                                                                                                                                
@@ -65,16 +67,16 @@
 
                                                                                                                                                                 		
 
                                                                                                                                                                In clusters of v1.17.17 and later, CCE automatically creates pod security policies (PSPs) for you, which restrict the creation of pods with unsafe configurations, for example, pods for which net.core.somaxconn under a sysctl is configured in the security context.
                                                                                                                                                                
+
                                                                                                                                                                In clusters of v1.17.17 and later, CCE automatically creates pod security policies (PSPs) for you, which restrict the creation of pods with unsafe configurations, for example, pods for which net.core.somaxconn under a sysctl is configured in the security context.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                After an upgrade, you can allow insecure system configurations as required. For details, see Configuring a Pod Security Policy.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                Upgrade from v1.13 to v1.15
                                                                                                                                                                
+
                                                                                                                                                                v1.13 to v1.15
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                After a VPC network cluster is upgraded, the master node occupies an extra CIDR block due to the upgrade of network components. If no container CIDR block is available for the new node, the pod scheduled to the node cannot run.
                                                                                                                                                                
 
                                                                                                                                                                This problem occurs when almost all CIDR blocks are occupied. For example, the container CIDR block is 10.0.0.0/16, the number of available IP addresses is 65,536, and the VPC network is allocated a CIDR block with the fixed size (using the mask to determine the maximum number of container IP addresses allocated to each node). If the upper limit is 128, the cluster supports a maximum of 512 (65536/128) nodes, including the three master nodes. After the cluster is upgraded, each of the three master nodes occupies one CIDR block. As a result, 506 nodes are supported.
                                                                                                                                                                
+
                                                                                                                                                                Generally, this problem occurs when the nodes in the cluster are about to fully occupy the container CIDR block. For example, the container CIDR block is 10.0.0.0/16, the number of available IP addresses is 65,536, and the VPC network is allocated a CIDR block with the fixed size (using the mask to determine the maximum number of container IP addresses allocated to each node). If the upper limit is 128, the cluster supports a maximum of 512 (65536/128) nodes, including the three master nodes. After the cluster is upgraded, each of the three master nodes occupies one CIDR block. As a result, 506 nodes are supported.
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
                                                                                                                                                                 
 
 
                                                                                                                                                                Table 1 Taint checklist
                                                                                                                                                                Name
                                                                                                                                                                
+
                                                                                                                                                                Kubernetes Node Taints
                                                                                                                                                                
+
                                                                                                                                                                Check Item
                                                                                                                                                                Check whether the taint needed for cluster upgrade exists on the node.
                                                                                                                                                                
+
+
                                                                                                                                                                
-
-
-
                                                                                                                                                                Table 1 Taint checklist
                                                                                                                                                                Taint Name
                                                                                                                                                                
 
                                                                                                                                                                Impact
                                                                                                                                                                
+
                                                                                                                                                                Impact
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
 
                                                                                                                                                                node.kubernetes.io/upgrade
                                                                                                                                                                
+
                                                                                                                                                                node.kubernetes.io/upgrade
                                                                                                                                                                
 
                                                                                                                                                                NoSchedule
                                                                                                                                                                
+
                                                                                                                                                                NoSchedule
                                                                                                                                                                
                                                                                                                                                                 		
 
                                                                                                                                                                
                                                                                                                                                                 
 
                                                                                                                                                                
 
                                                                                                                                                                
 
                                                                                                                                                                
-
                                                                                                                                                                
 
                                                                                                                                                                Solution
                                                                                                                                                                Scenario 1: The node is skipped during the cluster upgrade.
                                                                                                                                                                
-
                                                                                                                                                                1. For details about how to configure kubectl, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                2. Check the kubelet version of the corresponding node. If the following information is expected:
                                                                                                                                                                  
+
                                                                                                                                                                  1. For details about how to configure kubectl, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                  2. Check the kubelet version of the corresponding node. The following information is expected:
                                                                                                                                                                    Figure 1 kubelet version
                                                                                                                                                                    
 
                                                                                                                                                                    If the version of the node is different from that of other nodes, the node is skipped during the upgrade. Reset the node and upgrade the cluster again. For details about how to reset a node, see Resetting a Node.
                                                                                                                                                                    
 
                                                                                                                                                                     
                                                                                                                                                                    Resetting a node will reset all node labels, which may affect workload scheduling. Before resetting a node, check and retain the labels that you have manually added to the node.
                                                                                                                                                                    
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0461.html b/docs/cce/umn/cce_10_0461.html
deleted file mode 100644
index 6ae92d5a6..000000000
--- a/docs/cce/umn/cce_10_0461.html
+++ /dev/null
@@ -1,94 +0,0 @@
-
-
-
                                                                                                                                                                    Precautions for Using a Node
                                                                                                                                                                    
-
                                                                                                                                                                    Introduction
                                                                                                                                                                    A container cluster consists of a set of worker machines, called nodes, that run containerized applications. A node can be a virtual machine (VM) or a physical machine (PM), depending on your service requirements. The components on a node include kubelet, container runtime, and kube-proxy.
                                                                                                                                                                    
-
                                                                                                                                                                     
                                                                                                                                                                    A Kubernetes cluster consists of master nodes and worker nodes. The nodes described in this section refer to worker nodes, the computing nodes of a cluster that run containerized applications.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    CCE uses high-performance Elastic Cloud Servers (ECSs) as nodes to build highly available Kubernetes clusters.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Supported Node Specifications
                                                                                                                                                                    Different regions support different node flavors, and node flavors may be changed or sold out. You are advised to log in to the CCE console and check whether the required node flavors are supported on the page for creating nodes.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Underlying File Storage System of Docker
                                                                                                                                                                    • In clusters of v1.15.6 or earlier, the underlying file storage system uses the XFS format.
                                                                                                                                                                    • In clusters of v1.15.11 or later, after a node is created or reset, the underlying file storage system uses the ext4 format.
                                                                                                                                                                    
-
                                                                                                                                                                    For containerized applications that use the XFS format, pay attention to the impact of the underlying file storage format change. (The sequence of files in different file systems is different. For example, some Java applications reference a JAR package, but the directory contains multiple versions of the JAR package. If the version is not specified, the actual referenced package is determined by the system file.)
                                                                                                                                                                    
-
                                                                                                                                                                    Run the docker info | grep "Backing Filesystem" command to check the format of the Docker underlying storage file used by the current node.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Paas User and User Group
                                                                                                                                                                    When you create a node in a CCE cluster, a paas user or user group is created on the node by default. CCE components and CCE add-ons on a node run as a non-root user (paas user/user group) to minimize the running permission. If the paas user or user group is modified, CCE components and pods may fail to run properly.
                                                                                                                                                                    
-
                                                                                                                                                                     
                                                                                                                                                                    The normal running of CCE components depends on the paas user or user group. Pay attention to the following requirements:
                                                                                                                                                                    
-
                                                                                                                                                                    • Do not modify the directory permission and container directory permission on a node.
                                                                                                                                                                    • Do not change the GID and UID of the paas user or user group.
                                                                                                                                                                    • Do not directly use the paas user or user group to set the user and group to which the service file belongs.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Node Lifecycle
                                                                                                                                                                    A lifecycle indicates the node statuses recorded from the time when the node is created through the time when the node is deleted or released.
                                                                                                                                                                    
-
-
                                                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                    Table 1 Node statuses
                                                                                                                                                                    Status
                                                                                                                                                                    
-
                                                                                                                                                                    Status Attribute
                                                                                                                                                                    
-
                                                                                                                                                                    Description
                                                                                                                                                                    
-
                                                                                                                                                                    Running
                                                                                                                                                                    
-
                                                                                                                                                                    Stable state
                                                                                                                                                                    
-
                                                                                                                                                                    The node is running properly and is connected to the cluster.
                                                                                                                                                                    
-
                                                                                                                                                                    Nodes in this state can provide services.
                                                                                                                                                                    
-
                                                                                                                                                                    Unavailable
                                                                                                                                                                    
-
                                                                                                                                                                    Stable state
                                                                                                                                                                    
-
                                                                                                                                                                    The node is not running properly.
                                                                                                                                                                    
-
                                                                                                                                                                    Instances in this state no longer provide services. In this case, perform the operations in Resetting a Node.
                                                                                                                                                                    
-
                                                                                                                                                                    Creating
                                                                                                                                                                    
-
                                                                                                                                                                    Intermediate state
                                                                                                                                                                    
-
                                                                                                                                                                    The node has been created but is not running.
                                                                                                                                                                    
-
                                                                                                                                                                    Installing
                                                                                                                                                                    
-
                                                                                                                                                                    Intermediate state
                                                                                                                                                                    
-
                                                                                                                                                                    The Kubernetes software is being installed on the node.
                                                                                                                                                                    
-
                                                                                                                                                                    Deleting
                                                                                                                                                                    
-
                                                                                                                                                                    Intermediate state
                                                                                                                                                                    
-
                                                                                                                                                                    The node is being deleted.
                                                                                                                                                                    
-
                                                                                                                                                                    If this state stays for a long time, an exception occurs.
                                                                                                                                                                    
-
                                                                                                                                                                    Stopped
                                                                                                                                                                    
-
                                                                                                                                                                    Stable state
                                                                                                                                                                    
-
                                                                                                                                                                    The node is stopped properly.
                                                                                                                                                                    
-
                                                                                                                                                                    A node in this state cannot provide services. You can start the node on the ECS console.
                                                                                                                                                                    
-
                                                                                                                                                                    Error
                                                                                                                                                                    
-
                                                                                                                                                                    Stable state
                                                                                                                                                                    
-
                                                                                                                                                                    The node is abnormal.
                                                                                                                                                                    
-
                                                                                                                                                                    Instances in this state no longer provide services. In this case, perform the operations in Resetting a Node.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Parent topic: Node Overview
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
diff --git a/docs/cce/umn/cce_10_0462.html b/docs/cce/umn/cce_10_0462.html
index dab6fa720..5d140323c 100644
--- a/docs/cce/umn/cce_10_0462.html
+++ b/docs/cce/umn/cce_10_0462.html
@@ -2,9 +2,66 @@
 
 
                                                                                                                                                                    Container Engine
                                                                                                                                                                    
 
                                                                                                                                                                    Introduction to Container Engines
                                                                                                                                                                    Container engines, one of the most important components of Kubernetes, manage the lifecycle of images and containers. The kubelet interacts with a container runtime through the Container Runtime Interface (CRI).
                                                                                                                                                                    
+
                                                                                                                                                                    CCE supports containerd and Docker. containerd is recommended for its shorter traces, fewer components, higher stability, and less consumption of node resources.
                                                                                                                                                                    
+
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 1 Comparison between container engines
                                                                                                                                                                    Item
                                                                                                                                                                    
+
                                                                                                                                                                    containerd
                                                                                                                                                                    
+
                                                                                                                                                                    Docker
                                                                                                                                                                    
+
                                                                                                                                                                    Tracing
                                                                                                                                                                    
+
                                                                                                                                                                    kubelet --> CRI plugin (in the containerd process) --> containerd
                                                                                                                                                                    
+
                                                                                                                                                                    • Docker (Kubernetes 1.23 and earlier versions):
                                                                                                                                                                      kubelet --> dockershim (in the kubelet process) --> docker --> containerd
                                                                                                                                                                      
+
                                                                                                                                                                    • Docker (community solution for Kubernetes 1.24 and later versions):
                                                                                                                                                                      kubelet --> cri-dockerd (kubelet uses CRI to connect to cri-dockerd) --> docker--> containerd
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    Command
                                                                                                                                                                    
+
                                                                                                                                                                    crictl
                                                                                                                                                                    
+
                                                                                                                                                                    docker
                                                                                                                                                                    
+
                                                                                                                                                                    Kubernetes CRI
                                                                                                                                                                    
+
                                                                                                                                                                    Native support
                                                                                                                                                                    
+
                                                                                                                                                                    Support through dockershim or cri-dockerd
                                                                                                                                                                    
+
                                                                                                                                                                    Pod startup delay
                                                                                                                                                                    
+
                                                                                                                                                                    Low
                                                                                                                                                                    
+
                                                                                                                                                                    High
                                                                                                                                                                    
+
                                                                                                                                                                    kubelet CPU/memory usage
                                                                                                                                                                    
+
                                                                                                                                                                    Low
                                                                                                                                                                    
+
                                                                                                                                                                    High
                                                                                                                                                                    
+
                                                                                                                                                                    Runtime's CPU/memory usage
                                                                                                                                                                    
+
                                                                                                                                                                    Low
                                                                                                                                                                    
+
                                                                                                                                                                    High
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Mapping between Node OSs and Container Engines
                                                                                                                                                                    
-
                                                                                                                                                                    Table 1 Node OSs and container engines in CCE clusters
                                                                                                                                                                    OS
                                                                                                                                                                    
+
                                                                                                                                                                    
@@ -16,20 +73,7 @@
 
-
-
-
-
-
-
-
@@ -52,23 +96,23 @@
 
-
-
-
-
-
                                                                                                                                                                    Table 2 Node OSs and container engines in CCE clusters
                                                                                                                                                                    OS
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Kernel Version
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
 
                                                                                                                                                                    CentOS 7.x
                                                                                                                                                                    
-
                                                                                                                                                                    3.x
                                                                                                                                                                    
-
                                                                                                                                                                    Docker
                                                                                                                                                                    
-
                                                                                                                                                                    Clusters of v1.23 and later support containerd.
                                                                                                                                                                    
-
                                                                                                                                                                    Clusters of v1.19.16 and earlier use Device Mapper.
                                                                                                                                                                    
-
                                                                                                                                                                    Clusters of v1.19.16 and later use OverlayFS.
                                                                                                                                                                    
-
                                                                                                                                                                    runC
                                                                                                                                                                    
-
                                                                                                                                                                    EulerOS 2.5
                                                                                                                                                                    
+
                                                                                                                                                                    EulerOS 2.5
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    3.x
                                                                                                                                                                    
 
                                                                                                                                                                    runC
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Ubuntu 22.04
                                                                                                                                                                    
+
                                                                                                                                                                    Ubuntu 22.04
                                                                                                                                                                    
 
                                                                                                                                                                    4.x
                                                                                                                                                                    
+
                                                                                                                                                                    4.x
                                                                                                                                                                    
 
                                                                                                                                                                    Docker
                                                                                                                                                                    
-
                                                                                                                                                                    containerd
                                                                                                                                                                    
+
                                                                                                                                                                    Docker
                                                                                                                                                                    
+
                                                                                                                                                                    Clusters of v1.23 and later support containerd.
                                                                                                                                                                    
 
                                                                                                                                                                    OverlayFS
                                                                                                                                                                    
+
                                                                                                                                                                    OverlayFS
                                                                                                                                                                    
 
                                                                                                                                                                    runC
                                                                                                                                                                    
+
                                                                                                                                                                    runC
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
                                                                                                                                                                     
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
-
                                                                                                                                                                    Table 2 Node OSs and container engines in CCE Turbo clusters
                                                                                                                                                                    Node Type
                                                                                                                                                                    
+
                                                                                                                                                                    
@@ -82,12 +126,9 @@
 
-
-
@@ -98,60 +139,280 @@
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                    Table 3 Node OSs and container engines in CCE Turbo clusters
                                                                                                                                                                    Node Type
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    OS
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
 
                                                                                                                                                                    Elastic Cloud Server (VM)
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
+
                                                                                                                                                                    Elastic Cloud Server (VM)
                                                                                                                                                                    
 
                                                                                                                                                                    CentOS 7.x
                                                                                                                                                                    
+
                                                                                                                                                                    EulerOS 2.9
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    3.x
                                                                                                                                                                    
 
                                                                                                                                                                    runC
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    EulerOS 2.5
                                                                                                                                                                    
+
                                                                                                                                                                    Elastic Cloud Server (physical machine)
                                                                                                                                                                    
 
                                                                                                                                                                    3.x
                                                                                                                                                                    
+
                                                                                                                                                                    EulerOS 2.9
                                                                                                                                                                    
 
                                                                                                                                                                    Docker
                                                                                                                                                                    
+
                                                                                                                                                                    4.x
                                                                                                                                                                    
 
                                                                                                                                                                    OverlayFS
                                                                                                                                                                    
+
                                                                                                                                                                    containerd
                                                                                                                                                                    
 
                                                                                                                                                                    runC
                                                                                                                                                                    
+
                                                                                                                                                                    Device Mapper
                                                                                                                                                                    
 
                                                                                                                                                                    EulerOS 2.9
                                                                                                                                                                    
-
                                                                                                                                                                    4.x
                                                                                                                                                                    
-
                                                                                                                                                                    Docker
                                                                                                                                                                    
-
                                                                                                                                                                    Clusters of v1.23 and later support containerd.
                                                                                                                                                                    
-
                                                                                                                                                                    OverlayFS
                                                                                                                                                                    
-
                                                                                                                                                                    runC
                                                                                                                                                                    
-
                                                                                                                                                                    Ubuntu 22.04
                                                                                                                                                                    
-
                                                                                                                                                                    4.x
                                                                                                                                                                    
-
                                                                                                                                                                    Docker
                                                                                                                                                                    
-
                                                                                                                                                                    containerd
                                                                                                                                                                    
-
                                                                                                                                                                    OverlayFS
                                                                                                                                                                    
-
                                                                                                                                                                    runC
                                                                                                                                                                    
+
                                                                                                                                                                    Kata
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
                                                                                                                                                                     
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
+
                                                                                                                                                                    Common Commands of containerd and Docker
                                                                                                                                                                    containerd does not support Docker APIs and Docker CLI, but you can run crictl commands to implement similar functions.
                                                                                                                                                                    
+
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 4 Image-related commands
                                                                                                                                                                    No.
                                                                                                                                                                    
+
                                                                                                                                                                    Docker Command
                                                                                                                                                                    
+
                                                                                                                                                                    containerd Command
                                                                                                                                                                    
+
                                                                                                                                                                    Remarks
                                                                                                                                                                    
+
                                                                                                                                                                    1
                                                                                                                                                                    
+
                                                                                                                                                                    docker images [Option] [Image name[:Tag]]
                                                                                                                                                                    
+
                                                                                                                                                                    crictl images [Option] [Image name[:Tag]]
                                                                                                                                                                    
+
                                                                                                                                                                    List local images.
                                                                                                                                                                    
+
                                                                                                                                                                    2
                                                                                                                                                                    
+
                                                                                                                                                                    docker pull [Option] Image name[:Tag|@DIGEST]
                                                                                                                                                                    
+
                                                                                                                                                                    crictl pull [Option] Image name[:Tag|@DIGEST]
                                                                                                                                                                    
+
                                                                                                                                                                    Pull images.
                                                                                                                                                                    
+
                                                                                                                                                                    3
                                                                                                                                                                    
+
                                                                                                                                                                    docker push
                                                                                                                                                                    
+
                                                                                                                                                                    None
                                                                                                                                                                    
+
                                                                                                                                                                    Pushing images.
                                                                                                                                                                    
+
                                                                                                                                                                    4
                                                                                                                                                                    
+
                                                                                                                                                                    docker rmi [Option] Image...
                                                                                                                                                                    
+
                                                                                                                                                                    crictl rmi [Option] Image ID...
                                                                                                                                                                    
+
                                                                                                                                                                    Delete a local image.
                                                                                                                                                                    
+
                                                                                                                                                                    5
                                                                                                                                                                    
+
                                                                                                                                                                    docker inspect Image ID
                                                                                                                                                                    
+
                                                                                                                                                                    crictl inspecti Image ID
                                                                                                                                                                    
+
                                                                                                                                                                    Check images.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 5 Container-related commands
                                                                                                                                                                    No.
                                                                                                                                                                    
+
                                                                                                                                                                    Docker Command
                                                                                                                                                                    
+
                                                                                                                                                                    containerd Command
                                                                                                                                                                    
+
                                                                                                                                                                    Remarks
                                                                                                                                                                    
+
                                                                                                                                                                    1
                                                                                                                                                                    
+
                                                                                                                                                                    docker ps [Option]
                                                                                                                                                                    
+
                                                                                                                                                                    crictl ps [Option]
                                                                                                                                                                    
+
                                                                                                                                                                    List containers.
                                                                                                                                                                    
+
                                                                                                                                                                    2
                                                                                                                                                                    
+
                                                                                                                                                                    docker create [Option]
                                                                                                                                                                    
+
                                                                                                                                                                    crictl create [Option]
                                                                                                                                                                    
+
                                                                                                                                                                    Create a container.
                                                                                                                                                                    
+
                                                                                                                                                                    3
                                                                                                                                                                    
+
                                                                                                                                                                    docker start [Option] Container ID...
                                                                                                                                                                    
+
                                                                                                                                                                    crictl start [Option] Container ID...
                                                                                                                                                                    
+
                                                                                                                                                                    Start a container.
                                                                                                                                                                    
+
                                                                                                                                                                    4
                                                                                                                                                                    
+
                                                                                                                                                                    docker stop [Option] Container ID...
                                                                                                                                                                    
+
                                                                                                                                                                    crictl stop [Option] Container ID...
                                                                                                                                                                    
+
                                                                                                                                                                    Stop a container.
                                                                                                                                                                    
+
                                                                                                                                                                    5
                                                                                                                                                                    
+
                                                                                                                                                                    docker rm [Option] Container ID...
                                                                                                                                                                    
+
                                                                                                                                                                    crictl rm [Option] Container ID...
                                                                                                                                                                    
+
                                                                                                                                                                    Delete a container.
                                                                                                                                                                    
+
                                                                                                                                                                    6
                                                                                                                                                                    
+
                                                                                                                                                                    docker attach [Option] Container ID
                                                                                                                                                                    
+
                                                                                                                                                                    crictl attach [Option] Container ID
                                                                                                                                                                    
+
                                                                                                                                                                    Connect to a container.
                                                                                                                                                                    
+
                                                                                                                                                                    7
                                                                                                                                                                    
+
                                                                                                                                                                    docker exec [Option] Container ID Startup command [Parameter...]
                                                                                                                                                                    
+
                                                                                                                                                                    crictl exec [Option] Container ID Startup command [Parameter...]
                                                                                                                                                                    
+
                                                                                                                                                                    Access the container.
                                                                                                                                                                    
+
                                                                                                                                                                    8
                                                                                                                                                                    
+
                                                                                                                                                                    docker inspect [Option] Container name|ID...
                                                                                                                                                                    
+
                                                                                                                                                                    crictl inspect [Option] Container ID...
                                                                                                                                                                    
+
                                                                                                                                                                    Query container details.
                                                                                                                                                                    
+
                                                                                                                                                                    9
                                                                                                                                                                    
+
                                                                                                                                                                    docker logs [Option] Container ID
                                                                                                                                                                    
+
                                                                                                                                                                    crictl logs [Option] Container ID
                                                                                                                                                                    
+
                                                                                                                                                                    View container logs.
                                                                                                                                                                    
+
                                                                                                                                                                    10
                                                                                                                                                                    
+
                                                                                                                                                                    docker stats [Option] Container ID...
                                                                                                                                                                    
+
                                                                                                                                                                    crictl stats [Option] Container ID
                                                                                                                                                                    
+
                                                                                                                                                                    Check the resource usage of the container.
                                                                                                                                                                    
+
                                                                                                                                                                    11
                                                                                                                                                                    
+
                                                                                                                                                                    docker update [Option] Container ID...
                                                                                                                                                                    
+
                                                                                                                                                                    crictl update [Option] Container ID...
                                                                                                                                                                    
+
                                                                                                                                                                    Update container resource limits.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 6 Pod-related commands
                                                                                                                                                                    No.
                                                                                                                                                                    
+
                                                                                                                                                                    Docker Command
                                                                                                                                                                    
+
                                                                                                                                                                    containerd Command
                                                                                                                                                                    
+
                                                                                                                                                                    Remarks
                                                                                                                                                                    
+
                                                                                                                                                                    1
                                                                                                                                                                    
+
                                                                                                                                                                    None
                                                                                                                                                                    
+
                                                                                                                                                                    crictl pods [Option]
                                                                                                                                                                    
+
                                                                                                                                                                    List pods.
                                                                                                                                                                    
+
                                                                                                                                                                    2
                                                                                                                                                                    
+
                                                                                                                                                                    None
                                                                                                                                                                    
+
                                                                                                                                                                    crictl inspectp [Option] Pod ID...
                                                                                                                                                                    
+
                                                                                                                                                                    View pod details.
                                                                                                                                                                    
+
                                                                                                                                                                    3
                                                                                                                                                                    
+
                                                                                                                                                                    None
                                                                                                                                                                    
+
                                                                                                                                                                    crictl start [Option] Pod ID...
                                                                                                                                                                    
+
                                                                                                                                                                    Start a pod.
                                                                                                                                                                    
+
                                                                                                                                                                    4
                                                                                                                                                                    
+
                                                                                                                                                                    None
                                                                                                                                                                    
+
                                                                                                                                                                    crictl runp [Option] Pod ID...
                                                                                                                                                                    
+
                                                                                                                                                                    Run a pod.
                                                                                                                                                                    
+
                                                                                                                                                                    5
                                                                                                                                                                    
+
                                                                                                                                                                    None
                                                                                                                                                                    
+
                                                                                                                                                                    crictl stopp [Option] Pod ID...
                                                                                                                                                                    
+
                                                                                                                                                                    Stop a pod.
                                                                                                                                                                    
+
                                                                                                                                                                    6
                                                                                                                                                                    
+
                                                                                                                                                                    None
                                                                                                                                                                    
+
                                                                                                                                                                    crictl rmp [Option] Pod ID...
                                                                                                                                                                    
+
                                                                                                                                                                    Delete a pod.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                     
                                                                                                                                                                    Containers created and started by containerd are immediately deleted by kubelet. containerd does not support suspending, resuming, restarting, renaming, and waiting for containers, nor Docker image build, import, export, comparison, push, search, and labeling. containerd does not support file copy. You can log in to the image repository by modifying the configuration file of containerd.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
 
                                                                                                                                                                    Differences in Tracing
                                                                                                                                                                    • Docker (Kubernetes 1.23 and earlier versions):
                                                                                                                                                                      kubelet --> docker shim (in the kubelet process) --> docker --> containerd
                                                                                                                                                                      
 
                                                                                                                                                                    • Docker (community solution for Kubernetes v1.24 or later):
                                                                                                                                                                      kubelet --> cri-dockerd (kubelet uses CRI to connect to cri-dockerd) --> docker--> containerd 
                                                                                                                                                                      
 
                                                                                                                                                                    • containerd:
                                                                                                                                                                      kubelet --> cri plugin (in the containerd process) --> containerd
                                                                                                                                                                      
 
                                                                                                                                                                    
 
                                                                                                                                                                    Although Docker has added functions such as swarm cluster, docker build, and Docker APIs, it also introduces bugs. Compared with containerd, Docker has one more layer of calling. Therefore, containerd is more resource-saving and secure.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Container Engine Version Description
                                                                                                                                                                    • Docker
                                                                                                                                                                      • EulerOS/CentOS: docker 18.9.0, a Docker version customized for CCE. Security vulnerabilities will be fixed in a timely manner.
                                                                                                                                                                      • Ubuntu 22.04: docker-ce 20.10.21 (community version).
                                                                                                                                                                      
-
                                                                                                                                                                       
                                                                                                                                                                      • You are advised to use the containerd engine for Ubuntu nodes.
                                                                                                                                                                      • The open source docker-ce of the Ubuntu 18.04 node may trigger bugs when concurrent exec operations are performed (for example, multiple exec probes are configured). You are advised to use HTTP/TCP probes.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      Container Engine Version Description
                                                                                                                                                                      • Docker
                                                                                                                                                                        • EulerOS/CentOS: docker-engine 18.9.0, a Docker version customized for CCE. Security vulnerabilities will be fixed in a timely manner.
                                                                                                                                                                        
 
                                                                                                                                                                      • containerd: 1.6.14
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Parent topic: Node Overview
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Nodes
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0463.html b/docs/cce/umn/cce_10_0463.html
index f8a0771b3..ddd06679e 100644
--- a/docs/cce/umn/cce_10_0463.html
+++ b/docs/cce/umn/cce_10_0463.html
@@ -1,120 +1,96 @@
 
 
-
                                                                                                                                                                    Kata Containers and Common Containers
                                                                                                                                                                    
-
                                                                                                                                                                    The most significant difference is that each Kata container (pod) runs on an independent micro-VM, has an independent OS kernel, and is securely isolated at the virtualization layer. CCE provides container isolation that is more secure than independent private Kubernetes clusters. With isolated OS kernels, computing resources, and networks, pod resources and data will not be preempted and stolen by other pods.
                                                                                                                                                                    
-
                                                                                                                                                                    You can run common or Kata containers on a single node in a CCE Turbo cluster. The differences between them are as follows:
                                                                                                                                                                    
+
                                                                                                                                                                    Kata Runtime and Common Runtime
                                                                                                                                                                    
+
                                                                                                                                                                    The most significant difference is that each Kata container (pod) runs on an independent micro-VM, has an independent OS kernel, and is securely isolated at the virtualization layer. With Kata runtime, kernels, compute resources, and networks are isolated between containers to protect pod resources and data from being preempted and stolen by other pods.
                                                                                                                                                                    
+
                                                                                                                                                                    CCE Turbo clusters allow you to create workloads using common runtime or Kata runtime as required. The differences between them are as follows.
                                                                                                                                                                    
 
-
                                                                                                                                                                    Category
                                                                                                                                                                    
+
                                                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -123,7 +99,7 @@
 
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Parent topic: Node Overview
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Workloads
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0465.html b/docs/cce/umn/cce_10_0465.html
index 964445369..8ed0f0bff 100644
--- a/docs/cce/umn/cce_10_0465.html
+++ b/docs/cce/umn/cce_10_0465.html
@@ -12,7 +12,7 @@
 
                                                                                                                                                                    
-
                                                                                                                                                                    Parent topic: Permissions Management
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Permissions
                                                                                                                                                                    
 
                                                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0466.html b/docs/cce/umn/cce_10_0466.html
index d8316ec7b..b6f0864d0 100644
--- a/docs/cce/umn/cce_10_0466.html
+++ b/docs/cce/umn/cce_10_0466.html
@@ -1,7 +1,7 @@
 
                                                                                                                                                                    Configuring Pod Security Admission
                                                                                                                                                                    
-
                                                                                                                                                                    Before using Pod Security Admission, you need to understand Kubernetes Pod Security Standards. These standards define different isolation levels for pods. They let you define how you want to restrict the behavior of pods in a clear, consistent fashion. Kubernetes offers a built-in pod security admission controller to enforce the pod security standards. Pod security restrictions are applied at the namespace level when pods are created.
                                                                                                                                                                    
+
                                                                                                                                                                    Before using pod security admission, understand Kubernetes Pod Security Standards. These standards define different isolation levels for pods. They let you define how you want to restrict the behavior of pods in a clear, consistent fashion. Kubernetes offers a built-in pod security admission controller to enforce the pod security standards. Pod security restrictions are applied at the namespace level when pods are created.
                                                                                                                                                                    
 
                                                                                                                                                                    The pod security standard defines three security policy levels:
                                                                                                                                                                    
 
 
                                                                                                                                                                    Category
                                                                                                                                                                    
 
                                                                                                                                                                    Kata Container
                                                                                                                                                                    
+
                                                                                                                                                                    Kata Runtime
                                                                                                                                                                    
 
                                                                                                                                                                    Common Container (Docker)
                                                                                                                                                                    
-
                                                                                                                                                                    Common Container (containerd)
                                                                                                                                                                    
+
                                                                                                                                                                    Common Runtime
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
 
                                                                                                                                                                    Node type used to run containers
                                                                                                                                                                    
+
                                                                                                                                                                    Node type used to run containers
                                                                                                                                                                    
 
                                                                                                                                                                    Bare-metal server (BMS)
                                                                                                                                                                    
+
                                                                                                                                                                    Bare-metal server (BMS)
                                                                                                                                                                    
 
                                                                                                                                                                    VM
                                                                                                                                                                    
-
                                                                                                                                                                    VM
                                                                                                                                                                    
+
                                                                                                                                                                    VM
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Container Engine
                                                                                                                                                                    
+
                                                                                                                                                                    Container engine
                                                                                                                                                                    
 
                                                                                                                                                                    containerd
                                                                                                                                                                    
+
                                                                                                                                                                    containerd
                                                                                                                                                                    
 
                                                                                                                                                                    Docker
                                                                                                                                                                    
-
                                                                                                                                                                    containerd
                                                                                                                                                                    
+
                                                                                                                                                                    Docker and containerd
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Container Runtime
                                                                                                                                                                    
+
                                                                                                                                                                    Container runtime
                                                                                                                                                                    
 
                                                                                                                                                                    Kata
                                                                                                                                                                    
+
                                                                                                                                                                    Kata
                                                                                                                                                                    
 
                                                                                                                                                                    runC
                                                                                                                                                                    
-
                                                                                                                                                                    runC
                                                                                                                                                                    
+
                                                                                                                                                                    runC
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Container kernel
                                                                                                                                                                    
+
                                                                                                                                                                    Container kernel
                                                                                                                                                                    
 
                                                                                                                                                                    Exclusive kernel
                                                                                                                                                                    
+
                                                                                                                                                                    Exclusive kernel
                                                                                                                                                                    
 
                                                                                                                                                                    Sharing the kernel with the host
                                                                                                                                                                    
-
                                                                                                                                                                    Sharing the kernel with the host
                                                                                                                                                                    
+
                                                                                                                                                                    Sharing the kernel with the host
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Container isolation
                                                                                                                                                                    
+
                                                                                                                                                                    Container isolation
                                                                                                                                                                    
 
                                                                                                                                                                    Lightweight VMs
                                                                                                                                                                    
+
                                                                                                                                                                    Lightweight VMs
                                                                                                                                                                    
 
                                                                                                                                                                    cgroups and namespaces
                                                                                                                                                                    
-
                                                                                                                                                                    cgroups and namespaces
                                                                                                                                                                    
+
                                                                                                                                                                    cgroups and namespaces
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Container engine storage driver
                                                                                                                                                                    
+
                                                                                                                                                                    Container engine storage driver
                                                                                                                                                                    
 
                                                                                                                                                                    Device Mapper
                                                                                                                                                                    
+
                                                                                                                                                                    Device Mapper
                                                                                                                                                                    
 
                                                                                                                                                                    OverlayFS2
                                                                                                                                                                    
-
                                                                                                                                                                    OverlayFS
                                                                                                                                                                    
+
                                                                                                                                                                    • Docker container: OverlayFS2
                                                                                                                                                                    • containerd container: OverlayFS
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Pod overhead
                                                                                                                                                                    
+
                                                                                                                                                                    Pod overhead
                                                                                                                                                                    
 
                                                                                                                                                                    Memory: 100 MiB
                                                                                                                                                                    
+
                                                                                                                                                                    Memory: 100 MiB
                                                                                                                                                                    
 
                                                                                                                                                                    CPU: 0.1 cores
                                                                                                                                                                    
-
                                                                                                                                                                    Pod overhead is a feature for accounting for the resources consumed by the pod infrastructure on top of the container requests and limits. For example, if limits.cpu is set to 0.5 cores and limits.memory to 256 MiB for a pod, the pod will request 0.6-core CPUs and 356 MiB of memory.
                                                                                                                                                                    
+
                                                                                                                                                                    Pod overhead is a feature for accounting for the resources consumed by the pod infrastructure on top of the container requests and limits. For example, if limits.cpu is set to 0.5 cores and limits.memory to 256 MiB for a pod, the pod will request 0.6-core CPUs and 356 MiB of memory.
                                                                                                                                                                    
 
                                                                                                                                                                    None
                                                                                                                                                                    
-
                                                                                                                                                                    None
                                                                                                                                                                    
+
                                                                                                                                                                    None
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Minimal specifications
                                                                                                                                                                    
+
                                                                                                                                                                    Minimal specifications
                                                                                                                                                                    
 
                                                                                                                                                                    Memory: 256 MiB
                                                                                                                                                                    
+
                                                                                                                                                                    Memory: 256 MiB
                                                                                                                                                                    
 
                                                                                                                                                                    CPU: 0.25 cores
                                                                                                                                                                    
 
                                                                                                                                                                    It is recommended that the ratio of CPU (unit: core) to memory (unit: GiB) be in the range of 1:1 to 1:8. For example, if CPU is 0.5 cores, the memory should range form 512 MiB to 4 GiB.
                                                                                                                                                                    
 
                                                                                                                                                                    None
                                                                                                                                                                    
-
                                                                                                                                                                    None
                                                                                                                                                                    
+
                                                                                                                                                                    None
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Container engine CLI
                                                                                                                                                                    
+
                                                                                                                                                                    Container engine CLI
                                                                                                                                                                    
 
                                                                                                                                                                    crictl
                                                                                                                                                                    
+
                                                                                                                                                                    crictl
                                                                                                                                                                    
 
                                                                                                                                                                    Docker
                                                                                                                                                                    
-
                                                                                                                                                                    crictl
                                                                                                                                                                    
+
                                                                                                                                                                    • Docker container: docker
                                                                                                                                                                    • containerd container: crictl
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Pod computing resources
                                                                                                                                                                    
+
                                                                                                                                                                    Pod computing resources
                                                                                                                                                                    
 
                                                                                                                                                                    The request and limit values must be the same for both CPU and memory.
                                                                                                                                                                    
+
                                                                                                                                                                    The request and limit values must be the same for both CPU and memory.
                                                                                                                                                                    
 
                                                                                                                                                                    The request and limit values can be different for both CPU and memory.
                                                                                                                                                                    
-
                                                                                                                                                                    The request and limit values can be different for both CPU and memory.
                                                                                                                                                                    
+
                                                                                                                                                                    The request and limit values can be different for both CPU and memory.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Host network
                                                                                                                                                                    
+
                                                                                                                                                                    Host Network
                                                                                                                                                                    
 
                                                                                                                                                                    Not supported
                                                                                                                                                                    
+
                                                                                                                                                                    Not supported
                                                                                                                                                                    
 
                                                                                                                                                                    Supported
                                                                                                                                                                    
-
                                                                                                                                                                    Supported
                                                                                                                                                                    
+
                                                                                                                                                                    Supported
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
                                                                                                                                                                     
 
 
 
 
 
 
                                                                                                                                                                    
-
-
@@ -30,7 +30,7 @@
 
                                                                                                                                                                    Pod security admission is applied at the namespace level. The controller restricts the security context and other parameters in the pod or container in the namespace. The privileged policy does not verify the securityContext field of the pod and container. The baseline and restricted policies have different requirements on securityContext. For details, see Pod Security Standards.
                                                                                                                                                                    Setting security context: Configure a Security Context for a Pod or Container
                                                                                                                                                                    
-
                                                                                                                                                                    Pod Security Admission Labels
                                                                                                                                                                    Kubernetes defines three types of labels for Pod Security Admission (see Table 2). You can set these labels in a namespace to define the pod security standard level to be used. However, do not change the pod security standard level in system namespaces such as kube-system. Otherwise, pods in the system namespace may be faulty.
                                                                                                                                                                    
+
                                                                                                                                                                    Pod Security Admission Labels
                                                                                                                                                                    Kubernetes defines three types of labels for pod security admission (see Table 2). You can set these labels in a namespace to define the pod security standard level to be used. However, do not change the pod security standard level in system namespaces such as kube-system. Otherwise, pods in the system namespace may be faulty.
                                                                                                                                                                    
 
 
                                                                                                                                                                    Table 1 Pod security policy levels
                                                                                                                                                                    Level
                                                                                                                                                                    
@@ -17,12 +17,12 @@
 
                                                                                                                                                                    
 
                                                                                                                                                                    baseline
                                                                                                                                                                    
 
                                                                                                                                                                    Minimally restrictive policy which prevents known privilege escalations, typically targeted at non-critical workloads. This policy disables capabilities such as hostNetwork and hostPID.
                                                                                                                                                                    
+
                                                                                                                                                                    Minimally restrictive policy that prevents known privilege escalations, typically targeted at non-critical workloads. This policy disables capabilities such as hostNetwork and hostPID.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
 
                                                                                                                                                                    restricted
                                                                                                                                                                    
 
                                                                                                                                                                    Heavily restricted policy, following current Pod hardening best practices. 
                                                                                                                                                                    
+
                                                                                                                                                                    Heavily restricted policy, following current Pod hardening best practices.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
 
 
 
                                                                                                                                                                    
@@ -51,14 +51,14 @@
 
-
-
@@ -92,11 +92,11 @@ metadata:
 
                                                                                                                                                                    If pods are deployed in the preceding namespace, the following security restrictions apply:
                                                                                                                                                                    1. The verification in the enforce mode is skipped (enforce mode + privileged level).
                                                                                                                                                                    2. Restrictions related to the baseline policy are verified (audit mode + baseline level). That is, if the pod or container violates the policy, the corresponding event is recorded into the audit log.
                                                                                                                                                                    3. Restrictions related to the restricted policy are verified (warn mode + restricted level). That is, if the pod or container violates the policy, the user will receive an alarm when creating the pod.
                                                                                                                                                                    
-
                                                                                                                                                                    Migrating from Pod Security Policy to Pod Security Admission
                                                                                                                                                                    If you use pod security policies in a cluster earlier than v1.25 and need to replace them with pod security admission in a cluster of v1.25 or later, follow the guide in Migrate from PodSecurityPolicy to the Built-In PodSecurity Admission Controller.
                                                                                                                                                                    
+
                                                                                                                                                                    Migrating from Pod Security Policy to Pod Security Admission
                                                                                                                                                                    If you use pod security policies in a cluster earlier than v1.25 and need to replace them with pod security admission in a cluster of v1.25 or later, follow the guide in Migrate from PodSecurityPolicy to the Built-In PodSecurity Admission Controller.
                                                                                                                                                                    
 
                                                                                                                                                                     
                                                                                                                                                                    1. Pod security admission supports only three isolation modes, less flexible than pod security policies. If you require more control over specific constraints, you will need to use a Validating Admission Webhook to enforce those policies.
                                                                                                                                                                    2. Pod security admission is a non-mutating admission controller, meaning it will not modify pods before validating them. If you were relying on this aspect of PSP, you will need to either modify the security context in your workloads, or use a Mutating Admission Webhook to make those changes.
                                                                                                                                                                    3. PSP lets you bind different policies to different service accounts. This approach has many pitfalls and is not recommended, but if you require this feature anyway you will need to use a third-party webhook instead.
                                                                                                                                                                    4. Do not apply pod security admission to namespaces where CCE components, such as kube-system, kube-public, and kube-node-lease, are deployed. Otherwise, CCE components and add-on functions will be abnormal.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Reference
                                                                                                                                                                    
+
                                                                                                                                                                    Documentation
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0467.html b/docs/cce/umn/cce_10_0467.html
deleted file mode 100644
index ca7e4c2c1..000000000
--- a/docs/cce/umn/cce_10_0467.html
+++ /dev/null
@@ -1,21 +0,0 @@
-
-
-
                                                                                                                                                                    CCE Kubernetes 1.25 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.25.
                                                                                                                                                                    
-
                                                                                                                                                                    Resource Changes and Deprecations
                                                                                                                                                                    Kubernetes 1.25 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    • PodSecurityPolicy is replaced by Pod Security Admission. For details about the migration, see Migrate from PodSecurityPolicy to the Built-In PodSecurity Admission Controller.
                                                                                                                                                                    • SeccompDefault is in Beta. To enable this feature, you need to add the startup parameter --seccomp-default=true to kubelet. In this way, seccomp is set to RuntimeDefault by default, improving the system security. Clusters of v1.25 no longer use seccomp.security.alpha.kubernetes.io/pod and container.seccomp.security.alpha.kubernetes.io/annotation to use seccomp. Replace them with the securityContext.seccompProfile field in the pod or container. For details, see Configure a Security Context for a Pod or Container.
                                                                                                                                                                       
                                                                                                                                                                      After the feature is enabled, the system calls required by the application may be restricted by the runtime. Ensure that the debugging is performed in the test environment and the application is not affected.
                                                                                                                                                                      
-
                                                                                                                                                                      
-
                                                                                                                                                                    • EndPort in Network Policy is stable. This feature is incorporated in version 1.21. EndPort is added to NetworkPolicy for you to specify a port range.
                                                                                                                                                                    • Since clusters of v1.25, Kubernetes does not support certificate authentication generated using the SHA1WithRSA or ECDSAWithSHA1 algorithm. You are advised to use the SHA256 algorithm.
                                                                                                                                                                    
-
                                                                                                                                                                    Kubernetes 1.24 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    • Beta APIs are disabled by default. When some long-term beta APIs are removed from Kubernetes, 90% cluster administrators do not care about the beta APIs. Beta features are not recommended in the production environment. However, due to the default enabling policy, these APIs are enabled in the production environment, incurring risks. Therefore, in v1.24 and later versions, beta APIs are disabled by default except for the enabled beta APIs.
                                                                                                                                                                    • The LegacyServiceAccountTokenNoAutoGeneration feature is in beta state. By default, this feature is enabled and no more secret token will be automatically generated for the service account. If you want to use a token that never expires, you need to create a secret and mount it. For details, see Service account token secrets.
                                                                                                                                                                    • service.alpha.kubernetes.io/tolerate-unready-endpoints is replaced by Service.spec.publishNotReadyAddresses.
                                                                                                                                                                    • The Service.Spec.LoadBalancerIP tag is deprecated and may be removed in later versions. Use a customized annotation.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    References
                                                                                                                                                                    For more details about the performance comparison and function evolution between Kubernetes 1.25 and other versions, see the following documents:
                                                                                                                                                                    
-
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Parent topic: Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
diff --git a/docs/cce/umn/cce_10_0468.html b/docs/cce/umn/cce_10_0468.html
deleted file mode 100644
index 2c2092a6a..000000000
--- a/docs/cce/umn/cce_10_0468.html
+++ /dev/null
@@ -1,22 +0,0 @@
-
-
-
                                                                                                                                                                    CCE Kubernetes 1.23 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.23.
                                                                                                                                                                    
-
                                                                                                                                                                    Resource Changes and Deprecations
                                                                                                                                                                    Changes in CCE 1.23
                                                                                                                                                                    
-
                                                                                                                                                                    • The web-terminal add-on is no longer supported. Use kubectl instead.
                                                                                                                                                                    
-
                                                                                                                                                                    Kubernetes 1.23 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    • FlexVolume is deprecated. Use CSI.
                                                                                                                                                                    • HorizontalPodAutoscaler v2 is promoted to GA, and HorizontalPodAutoscaler API v2 is gradually stable in version 1.23. The HorizontalPodAutoscaler v2beta2 API is not recommended. Use the v2 API.
                                                                                                                                                                    • PodSecurity moves to beta, replacing the deprecated PodSecurityPolicy. PodSecurity is an admission controller that enforces pod security standards on pods in the namespace based on specific namespace labels that set the enforcement level. PodSecurity is enabled by default in version 1.23.
                                                                                                                                                                    
-
                                                                                                                                                                    Kubernetes 1.22 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    • Ingresses no longer support networking.k8s.io/v1beta1 and extensions/v1beta1 APIs. If you use the API of an earlier version to manage ingresses, an application cannot be exposed to external services. Use networking.k8s.io/v1.
                                                                                                                                                                    • CustomResourceDefinitions no longer support the apiextensions.k8s.io/v1beta1 API. If you use the API of an earlier version to create a CRD, the creation will fail, which affects the controller that reconciles this CRD. Use apiextensions.k8s.io/v1.
                                                                                                                                                                    • ClusterRoles, ClusterRoleBindings, Roles, and RoleBindings no longer support the rbac.authorization.k8s.io/v1beta1 API. If you use the API of an earlier version to manage RBAC resources, application permissions control is affected and even cannot work in the cluster. Use rbac.authorization.k8s.io/v1.
                                                                                                                                                                    • The Kubernetes release cycle is changed from four releases a year to three releases a year.
                                                                                                                                                                    • StatefulSets support minReadySeconds.
                                                                                                                                                                    • During scale-in, pods are randomly selected and deleted based on the pod UID by default (LogarithmicScaleDown). This feature enhances the randomness of the pods to be deleted and alleviates the problems caused by pod topology spread constraints. For more information, see KEP-2185 and issue 96748.
                                                                                                                                                                    • The BoundServiceAccountTokenVolume feature is stable. This feature improves the token security of the service account and changes the method of mounting tokens to pods. Kubernetes clusters of v1.21 and later enable this approach by default.
                                                                                                                                                                      
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    References
                                                                                                                                                                    For more details about the performance comparison and function evolution between Kubernetes 1.23 and other versions, see the following documents:
                                                                                                                                                                    
-
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Parent topic: Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
diff --git a/docs/cce/umn/cce_10_0469.html b/docs/cce/umn/cce_10_0469.html
deleted file mode 100644
index 6ec5816a1..000000000
--- a/docs/cce/umn/cce_10_0469.html
+++ /dev/null
@@ -1,19 +0,0 @@
-
-
-
                                                                                                                                                                    CCE Kubernetes 1.21 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.21.
                                                                                                                                                                    
-
                                                                                                                                                                    Resource Changes and Deprecations
                                                                                                                                                                    Kubernetes 1.21 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    • CronJob is now in the stable state, and the version number changes to batch/v1.
                                                                                                                                                                    • The immutable Secret and ConfigMap have now been upgraded to the stable state. A new immutable field is added to these objects to reject changes. The rejection protects clusters from accidental updates that may cause application outages. As these resources are immutable, kubelet does not monitor or poll for changes. This reduces the load of kube-apiserver and improves scalability and performance of your clusters. For more information, see Immutable ConfigMaps.
                                                                                                                                                                    • Graceful node shutdown has been upgraded to the test state. With this update, kubelet can detect that a node is shut down and gracefully terminate the pods on the node. Prior to this update, when the node was shut down, its pod did not follow the expected termination lifecycle, which caused workload problems. Now kubelet can use systemd to detect the systems that are about to be shut down and notify the running pods to terminate them gracefully.
                                                                                                                                                                    • For a pod with multiple containers, you can use kubectl.kubernetes.io/ to pre-select containers.
                                                                                                                                                                    • PodSecurityPolicy is deprecated. For details, see https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/.
                                                                                                                                                                    • The BoundServiceAccountTokenVolume feature has entered the beta test. This feature improves the token security of the service account and changes the method of mounting tokens to pods. Kubernetes clusters of v1.21 and later enable this approach by default.
                                                                                                                                                                    
-
                                                                                                                                                                    Kubernetes 1.20 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    • The API priority and fairness have reached the test state and are enabled by default. This allows kube-apiserver to classify incoming requests by priority. For more information, see API Priority and Fairness.
                                                                                                                                                                    • The bug of exec probe timeouts is fixed. Before this bug is fixed, the exec probe does not consider the timeoutSeconds field. Instead, the probe will run indefinitely, even beyond its configured deadline. It will stop until the result is returned. Now, if no value is specified, the default value is used, that is, one second. If the detection time exceeds one second, the application health check may fail. Update the timeoutSeconds field for the applications that use this feature during the upgrade. The repair provided by the newly introduced ExecProbeTimeout feature gating enables the cluster operator to restore the previous behavior, but this behavior will be locked and removed in later versions.
                                                                                                                                                                    • RuntimeClass enters the stable state. RuntimeClass provides a mechanism to support multiple runtimes in a cluster and expose information about the container runtime to the control plane.
                                                                                                                                                                    • kubectl debugging has reached the test state. kubectl debugging provides support for common debugging workflows.
                                                                                                                                                                    • Dockershim was marked as deprecated in Kubernetes 1.20. Currently, you can continue to use Docker in the cluster. This change is irrelevant to the container image used by clusters. You can still use Docker to build your images. For more information, see Dockershim Deprecation FAQ.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    References
                                                                                                                                                                    For more details about the performance comparison and function evolution between Kubernetes 1.21 and other versions, see the following documents:
                                                                                                                                                                    
-
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Parent topic: Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
diff --git a/docs/cce/umn/cce_10_0470.html b/docs/cce/umn/cce_10_0470.html
deleted file mode 100644
index a26d6e444..000000000
--- a/docs/cce/umn/cce_10_0470.html
+++ /dev/null
@@ -1,35 +0,0 @@
-
-
-
                                                                                                                                                                    CCE Kubernetes 1.19 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.19.
                                                                                                                                                                    
-
                                                                                                                                                                    Resource Changes and Deprecations
                                                                                                                                                                    Kubernetes 1.19 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    • vSphere in-tree volumes can be migrated to vSphere CSI drivers. The in-tree vSphere Volume plugin is no longer used and will be deleted in later versions.
                                                                                                                                                                    • apiextensions.k8s.io/v1beta1 has been deprecated. You are advised to use apiextensions.k8s.io/v1.
                                                                                                                                                                    • apiregistration.k8s.io/v1beta1 has been deprecated. You are advised to use apiregistration.k8s.io/v1.
                                                                                                                                                                    • authentication.k8s.io/v1beta1 and authorization.k8s.io/v1beta1 have been deprecated and will be removed from Kubernetes 1.22. You are advised to use authentication.k8s.io/v1 and authorization.k8s.io/v1.
                                                                                                                                                                    • autoscaling/v2beta1 has been deprecated. You are advised to use autoscaling/v2beta2.
                                                                                                                                                                    • coordination.k8s.io/v1beta1 has been deprecated in Kubernetes 1.19 and will be removed from version 1.22. You are advised to use coordination.k8s.io/v1.
                                                                                                                                                                    • kube-apiserver: The componentstatus API has been deprecated.
                                                                                                                                                                    • kubeadm: The kubeadm config view command has been deprecated and will be deleted in later versions. Use kubectl get cm -o yaml -n kube-system kubeadm-config to directly obtain the kubeadm configuration.
                                                                                                                                                                    • kubeadm: The kubeadm alpha kubelet config enable-dynamic command has been deprecated.
                                                                                                                                                                    • kubeadm: The --use-api flag in the kubeadm alpha certs renew command has been deprecated.
                                                                                                                                                                    • Kubernetes no longer supports hyperkube image creation.
                                                                                                                                                                    • The --export flag is removed from the kubectl get command.
                                                                                                                                                                    • The alpha feature ResourceLimitsPriorityFunction has been deleted.
                                                                                                                                                                    • storage.k8s.io/v1beta1 has been deprecated. You are advised to use storage.k8s.io/v1.
                                                                                                                                                                    
-
                                                                                                                                                                    Kubernetes 1.18 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    • kube-apiserver
                                                                                                                                                                      • All resources in the apps/v1beta1 and apps/v1beta2 API versions are no longer served. You can use the apps/v1 API version.
                                                                                                                                                                      • DaemonSets, Deployments, and ReplicaSets in the extensions/v1beta1 API version are no longer served. You can use the apps/v1 API version.
                                                                                                                                                                      • NetworkPolicies in the extensions/v1beta1 API version are no longer served. You can use the networking.k8s.io/v1 API version.
                                                                                                                                                                      • PodSecurityPolicies in the extensions/v1beta1 API version are no longer served. Migrate to use the policy/v1beta1 API version.
                                                                                                                                                                      
-
                                                                                                                                                                    
-
                                                                                                                                                                    • kubelet
                                                                                                                                                                      • --redirect-container-streaming is not recommended and will be deprecated in v1.20.
                                                                                                                                                                      • The resource measurement endpoint /metrics/resource/v1alpha1 and all measurement standards under this endpoint have been deprecated. Use the measurement standards under the endpoint /metrics/resource instead:
                                                                                                                                                                        • scrape_error --> scrape_error
                                                                                                                                                                        • node_cpu_usage_seconds_total --> node_cpu_usage_seconds
                                                                                                                                                                        • node_memory_working_set_bytes --> node_memory_working_set_bytes
                                                                                                                                                                        • container_cpu_usage_seconds_total --> container_cpu_usage_seconds
                                                                                                                                                                        • container_memory_working_set_bytes --> container_memory_working_set_bytes
                                                                                                                                                                        • scrape_error --> scrape_error
                                                                                                                                                                        
-
                                                                                                                                                                      • In future releases, kubelet will no longer create the target directory CSI NodePublishVolume according to the CSI specifications. You may need to update the CSI driver accordingly to correctly create and process the target path.
                                                                                                                                                                      
-
                                                                                                                                                                    
-
                                                                                                                                                                    • kube-proxy
                                                                                                                                                                      • You are not advised to use the --healthz-port and --metrics-port flags. Use --healthz-bind-address and --metrics-bind-address instead.
                                                                                                                                                                      • The EndpointSliceProxying function option is added to control the use of EndpointSlices in kube-proxy. This function is disabled by default.
                                                                                                                                                                      
-
                                                                                                                                                                    
-
                                                                                                                                                                    • kubeadm
                                                                                                                                                                      • The --kubelet-version flag of kubeadm upgrade node has been deprecated and will be deleted in later versions.
                                                                                                                                                                      • The --use-api flag in the kubeadm alpha certs renew command has been deprecated.
                                                                                                                                                                      • kube-dns has been deprecated and will no longer be supported in future versions.
                                                                                                                                                                      • The ClusterStatus structure in the kubeadm-config ConfigMap has been deprecated and will be deleted in later versions.
                                                                                                                                                                      
-
                                                                                                                                                                    
-
                                                                                                                                                                    • kubectl
                                                                                                                                                                      • You are not advised to use boolean and unset values for --dry-run. server|client|none is used in the new version.
                                                                                                                                                                      • --server-dry-run has been deprecated for kubectl apply and replaced by --dry-run=server.
                                                                                                                                                                      
-
                                                                                                                                                                    
-
                                                                                                                                                                    • add-ons
                                                                                                                                                                    
-
                                                                                                                                                                    The cluster-monitoring add-on is deleted.
                                                                                                                                                                    
-
                                                                                                                                                                    • kube-scheduler
                                                                                                                                                                      • The scheduling_duration_seconds metric has been deprecated.
                                                                                                                                                                      • The scheduling_algorithm_predicate_evaluation_seconds and scheduling_algorithm_priority_evaluation_seconds counters metrics are no longer used and are replaced by framework_extension_point_duration_seconds[extension_point="Filter"] and framework_extension_point_duration_seconds[extension_point="Score"].
                                                                                                                                                                      • The scheduler policy AlwaysCheckAllPredictes has been deprecated.
                                                                                                                                                                      
-
                                                                                                                                                                    
-
                                                                                                                                                                    • Other changes
                                                                                                                                                                      • The k8s.io/node-api component is no longer updated. Instead, you can use the RuntimeClass type in k8s.io/api and the generated clients in k8s.io/client-go.
                                                                                                                                                                      • The client label has been deleted from apiserver_request_total.
                                                                                                                                                                      
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    References
                                                                                                                                                                    For more details about the performance comparison and function evolution between Kubernetes 1.19 and other versions, see the following documents:
                                                                                                                                                                    
-
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Parent topic: Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
diff --git a/docs/cce/umn/cce_10_0471.html b/docs/cce/umn/cce_10_0471.html
deleted file mode 100644
index 12af16962..000000000
--- a/docs/cce/umn/cce_10_0471.html
+++ /dev/null
@@ -1,18 +0,0 @@
-
-
-
                                                                                                                                                                    CCE Kubernetes 1.17 Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.17.
                                                                                                                                                                    
-
                                                                                                                                                                    Resource Changes and Deprecations
                                                                                                                                                                    • All resources in the apps/v1beta1 and apps/v1beta2 API versions are no longer served. Migrate to use the apps/v1 API version.
                                                                                                                                                                    • DaemonSets, Deployments, and ReplicaSets in the extensions/v1beta1 API version are no longer served. You can use the apps/v1 API version.
                                                                                                                                                                    • NetworkPolicies in the extensions/v1beta1 API version are no longer served. Migrate to use the networking.k8s.io/v1 API version.
                                                                                                                                                                    • PodSecurityPolicies in the extensions/v1beta1 API version are no longer served. Migrate to use the policy/v1beta1 API version.
                                                                                                                                                                    • Ingresses in the extensions/v1beta1 API version will no longer be served in v1.20. Migrate to use the networking.k8s.io/v1beta1 API version.
                                                                                                                                                                    • PriorityClass in the scheduling.k8s.io/v1beta1 and scheduling.k8s.io/v1alpha1 API versions is no longer served in v1.17. Migrate to use the scheduling.k8s.io/v1 API version.
                                                                                                                                                                    • The event series.state field in the events.k8s.io/v1beta1 API version has been deprecated and will be removed from v1.18.
                                                                                                                                                                    • CustomResourceDefinition in the apiextensions.k8s.io/v1beta1 API version has been deprecated and will no longer be served in v1.19. Use the apiextensions.k8s.io/v1 API version.
                                                                                                                                                                    • MutatingWebhookConfiguration and ValidatingWebhookConfiguration in the admissionregistration.k8s.io/v1beta1 API version have been deprecated and will no longer be served in v1.19. You can use the admissionregistration.k8s.io/v1 API version.
                                                                                                                                                                    • The rbac.authorization.k8s.io/v1alpha1 and rbac.authorization.k8s.io/v1beta1 API versions have been deprecated and will no longer be served in v1.20. Use the rbac.authorization.k8s.io/v1 API version.
                                                                                                                                                                    • The CSINode object of storage.k8s.io/v1beta1 has been deprecated and will be removed in later versions.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Other Deprecations and Removals
                                                                                                                                                                    • OutOfDisk node condition is removed in favor of DiskPressure.
                                                                                                                                                                    • The scheduler.alpha.kubernetes.io/critical-pod annotation is removed in favor of priorityClassName.
                                                                                                                                                                    • beta.kubernetes.io/os and beta.kubernetes.io/arch have been deprecated in v1.14 and will be removed in v1.18.
                                                                                                                                                                    • Do not use --node-labels to set labels prefixed with kubernetes.io and k8s.io. The kubernetes.io/availablezone label in earlier versions is removed in v1.17 and changed to failure-domain.beta.kubernetes.io/zone.
                                                                                                                                                                    • The beta.kubernetes.io/instance-type is deprecated in favor of node.kubernetes.io/instance-type.
                                                                                                                                                                    • Remove the {kubelet_root_dir}/plugins path.
                                                                                                                                                                    • Remove the built-in cluster roles system:csi-external-provisioner and system:csi-external-attacher.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    References
                                                                                                                                                                    For more details about the performance comparison and function evolution between Kubernetes 1.17 and other versions, see the following documents:
                                                                                                                                                                    
-
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Parent topic: Release Notes
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
-
diff --git a/docs/cce/umn/cce_10_0477.html b/docs/cce/umn/cce_10_0477.html
index 1c833e3c3..7c559969a 100644
--- a/docs/cce/umn/cce_10_0477.html
+++ b/docs/cce/umn/cce_10_0477.html
@@ -2,22 +2,22 @@
 
 
                                                                                                                                                                    Service Account Token Security Improvement
                                                                                                                                                                    
 
                                                                                                                                                                    In clusters earlier than v1.21, a token is obtained by mounting the secret of the service account to a pod. Tokens obtained this way are permanent. This approach is no longer recommended starting from version 1.21. Service accounts will stop auto creating secrets in clusters from version 1.25.
                                                                                                                                                                    
-
                                                                                                                                                                    In clusters of version 1.21 or later, you can use the TokenRequest API to obtain the token and use the projected volume to mount the token to the pod. Such tokens are valid for a fixed period (one hour by default). Before expiration, Kubelet refreshes the token to ensure that the pod always uses a valid token. When the mounting pod is deleted, the token automatically becomes invalid. This approach is implemented by the BoundServiceAccountTokenVolume feature to improve the token security of the service account. Kubernetes clusters of v1.21 and later enables this approach by default.
                                                                                                                                                                    
+
                                                                                                                                                                    In clusters of version 1.21 or later, you can use the TokenRequest API to obtain the token and use the projected volume to mount the token to the pod. Such tokens are valid for a fixed period (one hour by default). Before expiration, Kubelet refreshes the token to ensure that the pod always uses a valid token. When the mounting pod is deleted, the token automatically becomes invalid. This approach is implemented by the BoundServiceAccountTokenVolume feature to improve the token security of the service account. Clusters of v1.21 or later enable this approach by default.
                                                                                                                                                                    
 
                                                                                                                                                                    For smooth transition, the community extends the token validity period to one year by default. After one year, the token becomes invalid, and clients that do not support certificate reloading cannot access the API server. It is recommended that clients of earlier versions be upgraded as soon as possible. Otherwise, service faults may occur.
                                                                                                                                                                    
 
                                                                                                                                                                    If you use a Kubernetes client of a to-be-outdated version, the certificate reloading may fail. Versions of officially supported Kubernetes client libraries able to reload tokens are as follows:
                                                                                                                                                                    
 
                                                                                                                                                                    • Go: >= v0.15.7
                                                                                                                                                                    • Python: >= v12.0.0
                                                                                                                                                                    • Java: >= v9.0.0
                                                                                                                                                                    • Javascript: >= v0.10.3
                                                                                                                                                                    • Ruby: master branch
                                                                                                                                                                    • Haskell: v0.3.0.0
                                                                                                                                                                    • C#: >= 7.0.5
                                                                                                                                                                    
 
                                                                                                                                                                    For details, visit https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/1205-bound-service-account-tokens.
                                                                                                                                                                    
 
                                                                                                                                                                     
                                                                                                                                                                    If you need a token that never expires, you can also manually manage secrets for service accounts. Although a permanent service account token can be manually created, you are advised to use a short-lived token by calling the TokenRequest API for higher security.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Diagnosis
                                                                                                                                                                    Run the following steps to check your CCE clusters of v1.21 and later:
                                                                                                                                                                    
-
                                                                                                                                                                    1. Use kubectl to connect to the cluster and run the kubectl get --raw "/metrics" | grep stale command to query the metrics. Check the metric named serviceaccount_stale_tokens_total.
                                                                                                                                                                      If the value is greater than 0, some workloads in the cluster may be using an earlier client-go version. In this case, check whether this problem occurs in your deployed applications. If yes, upgrade client-go to the version specified by the community as soon as possible. The version must be at least two major versions of the CCE cluster. For example, if your cluster version is 1.23, the Kubernetes dependency library version must be at least 1.19.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      Diagnosis
                                                                                                                                                                      Perform the following steps to check your CCE clusters of v1.21 or later:
                                                                                                                                                                      
+
                                                                                                                                                                      1. Use kubectl to connect to the cluster and run the kubectl get --raw "/metrics" | grep stale command to obtain the metrics. Check the metric named serviceaccount_stale_tokens_total.
                                                                                                                                                                        If the value is greater than 0, some workloads in the cluster may be using an earlier client-go version. In this case, check whether this problem occurs in your deployed applications. If yes, upgrade client-go to the version specified by the community as soon as possible. The version must be at least two major versions of the CCE cluster. For example, if your cluster version is 1.23, the Kubernetes dependency library version must be at least 1.19.
                                                                                                                                                                        
+
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Parent topic: Permissions Management
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Permissions
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0478.html b/docs/cce/umn/cce_10_0478.html
index 9cc6e37c7..8fd860c94 100644
--- a/docs/cce/umn/cce_10_0478.html
+++ b/docs/cce/umn/cce_10_0478.html
@@ -1,9 +1,9 @@
 
 
-
                                                                                                                                                                    everest Restriction Check
                                                                                                                                                                    
-
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether the current everest add-on has compatibility restrictions. See Table 1.
                                                                                                                                                                    
+
                                                                                                                                                                    everest Restrictions
                                                                                                                                                                    
+
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether there are any compatibility restrictions on the current everest add-on.
                                                                                                                                                                    
 
-
                                                                                                                                                                    Table 2 Pod security admission labels
                                                                                                                                                                    Mode
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Workloads (such as Deployment and job)
                                                                                                                                                                    
 
                                                                                                                                                                    Policy violations will trigger the addition of an audit annotation to the event recorded in the audit log, but are otherwise allowed. 
                                                                                                                                                                    
+
                                                                                                                                                                    Policy violations will trigger the addition of an audit annotation to the event recorded in the audit log, but are otherwise allowed.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
 
                                                                                                                                                                    warn
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Workloads (such as Deployment and job)
                                                                                                                                                                    
 
                                                                                                                                                                    Policy violations will trigger a user-facing warning, but are otherwise allowed. 
                                                                                                                                                                    
+
                                                                                                                                                                    Policy violations will trigger a user-facing warning, but are otherwise allowed.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
 
 
 
                                                                                                                                                                    Table 1 List of everest add-on versions that have compatibility restrictions
                                                                                                                                                                    Add-on Name
                                                                                                                                                                    
+
                                                                                                                                                                    
@@ -19,7 +19,7 @@
 
                                                                                                                                                                    Table 1 List of everest add-on versions with compatibility restrictions
                                                                                                                                                                    Add-on Name
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Versions Involved
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
-
                                                                                                                                                                    Solution
                                                                                                                                                                    The current everest add-on has compatibility restrictions and cannot be upgraded with the cluster upgrade. Contact technical support.
                                                                                                                                                                    
+
                                                                                                                                                                    Solution
                                                                                                                                                                    There are compatibility restrictions on the current everest add-on and it cannot be upgraded with the cluster upgrade. Contact technical support.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0479.html b/docs/cce/umn/cce_10_0479.html
index d44a8267a..fc79cf78a 100644
--- a/docs/cce/umn/cce_10_0479.html
+++ b/docs/cce/umn/cce_10_0479.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                    cce-hpa-controller Restriction Check
                                                                                                                                                                    
+
                                                                                                                                                                    cce-hpa-controller Restrictions
                                                                                                                                                                    
 
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether the current cce-controller-hpa add-on has compatibility restrictions.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Solution
                                                                                                                                                                    The current cce-controller-hpa add-on has compatibility restrictions. An add-on that can provide metric APIs, for example, metric-server, must be installed in the cluster.
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0480.html b/docs/cce/umn/cce_10_0480.html
index cbdd9ea3e..bc7d5a4aa 100644
--- a/docs/cce/umn/cce_10_0480.html
+++ b/docs/cce/umn/cce_10_0480.html
@@ -1,35 +1,35 @@
 
 
-
                                                                                                                                                                    Enhanced CPU Management Policy
                                                                                                                                                                    
-
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether the current cluster version and the target version support enhanced CPU policy.
                                                                                                                                                                    
+
                                                                                                                                                                    Enhanced CPU Policies
                                                                                                                                                                    
+
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether the current cluster version and the target version support the enhanced CPU policy.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Solution
                                                                                                                                                                    Scenario: The current cluster version uses the enhanced CPU management policy, but the target cluster version does not support the enhanced CPU management policy.
                                                                                                                                                                    
-
                                                                                                                                                                    Upgrade the cluster to a version that supports the enhanced CPU management policy. The following table lists the cluster versions that support the enhanced CPU management policy.
                                                                                                                                                                    
+
                                                                                                                                                                    Solution
                                                                                                                                                                    Scenario: Only the current cluster version supports the enhanced CPU policy function. The target version does not support the enhanced CPU policy function.
                                                                                                                                                                    
+
                                                                                                                                                                    Upgrade to a cluster version that supports the enhanced CPU policy function. The following table lists the cluster versions that support the enhanced CPU policy function.
                                                                                                                                                                    
 
-
                                                                                                                                                                    Table 1 Cluster versions that support the enhanced CPU policy
                                                                                                                                                                    Cluster Version
                                                                                                                                                                    
+
                                                                                                                                                                    
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_10_0484.html b/docs/cce/umn/cce_10_0484.html
index 569832c6b..b41bbf0e0 100644
--- a/docs/cce/umn/cce_10_0484.html
+++ b/docs/cce/umn/cce_10_0484.html
@@ -1,9 +1,9 @@
 
 
-
                                                                                                                                                                    User Node Components Health
                                                                                                                                                                    
-
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether the container runtime and network components on the user node are healthy.
                                                                                                                                                                    
+
                                                                                                                                                                    Health of Worker Node Components
                                                                                                                                                                    
+
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether the container runtime and network components on the worker nodes are healthy.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Solution
                                                                                                                                                                    If a component is abnormal, log in to the node to check the status of the abnormal component and rectify the fault.
                                                                                                                                                                    
+
                                                                                                                                                                    Solution
                                                                                                                                                                    If a worker node component malfunctions, log in to the node to check the status of the component and rectify the fault.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0485.html b/docs/cce/umn/cce_10_0485.html
index 1eaa0fbac..65e13ec44 100644
--- a/docs/cce/umn/cce_10_0485.html
+++ b/docs/cce/umn/cce_10_0485.html
@@ -1,9 +1,9 @@
 
 
-
                                                                                                                                                                    Controller Node Components Health
                                                                                                                                                                    
-
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether the Kubernetes, container runtime, and network components of the controller node are healthy.
                                                                                                                                                                    
+
                                                                                                                                                                    Health of Master Node Components
                                                                                                                                                                    
+
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether the Kubernetes, container runtime, and network components of the master nodes are healthy.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Solution
                                                                                                                                                                    If a component on the controller node is abnormal, contact technical support.
                                                                                                                                                                    
+
                                                                                                                                                                    Solution
                                                                                                                                                                    If a master node component malfunctions, contact technical support.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0486.html b/docs/cce/umn/cce_10_0486.html
index ddf59ecee..8a25d0361 100644
--- a/docs/cce/umn/cce_10_0486.html
+++ b/docs/cce/umn/cce_10_0486.html
@@ -1,11 +1,9 @@
 
 
 
                                                                                                                                                                    Memory Resource Limit of Kubernetes Components
                                                                                                                                                                    
-
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether the resources of Kubernetes components, such as etcd and kube-controller-manager, exceed the upper limit.
                                                                                                                                                                    
+
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether the resources of Kubernetes components, such as etcd and kube-controller-manager, exceed the upper limit.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Solution
                                                                                                                                                                    Solution 1: Reducing Kubernetes resources
                                                                                                                                                                    
-
                                                                                                                                                                    Solution 2: Expanding cluster scale
                                                                                                                                                                    
-
                                                                                                                                                                    
+
                                                                                                                                                                    Solution
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0487.html b/docs/cce/umn/cce_10_0487.html
index a5ec31af0..24d49c878 100644
--- a/docs/cce/umn/cce_10_0487.html
+++ b/docs/cce/umn/cce_10_0487.html
@@ -1,15 +1,15 @@
 
 
-
                                                                                                                                                                    Checking Deprecated Kubernetes APIs
                                                                                                                                                                    
-
                                                                                                                                                                    Check Item
                                                                                                                                                                    The system scans the audit logs of the past day to check whether the user calls the deprecated APIs of the target Kubernetes version.
                                                                                                                                                                     
                                                                                                                                                                    Due to the limited time range of audit logs, this check item is only an auxiliary method. APIs to be deprecated may have been used in the cluster, but their usage is not included in the audit logs of the past day. Check the API usage carefully.
                                                                                                                                                                    
+
                                                                                                                                                                    Discarded Kubernetes APIs
                                                                                                                                                                    
+
                                                                                                                                                                    Check Item
                                                                                                                                                                    The system scans the audit logs of the past day to check whether the user calls the deprecated APIs of the target Kubernetes version.
                                                                                                                                                                     
                                                                                                                                                                    Due to the limited time range of audit logs, this check item is only an auxiliary method. APIs to be deprecated may have been used in the cluster, but their usage is not included in the audit logs of the past day. Check the API usage carefully.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Solution
                                                                                                                                                                    Description
                                                                                                                                                                    
-
                                                                                                                                                                    The check result shows that your cluster calls a deprecated API of the target cluster version through kubectl or other applications. You can rectify the fault before the upgrade. Otherwise, the API will be intercepted by kube-apiserver after the upgrade. For details about each deprecated API, see Deprecated API Migration Guide.
                                                                                                                                                                    
-
                                                                                                                                                                    Cases
                                                                                                                                                                    
-
                                                                                                                                                                    Ingresses of extensions/v1beta1 and networking.k8s.io/v1beta1 API are deprecated in clusters of v1.22. If you upgrade a CCE cluster from v1.19 or v1.21 to v1.23, existing resources are not affected, but the v1beta1 API version may be intercepted in the creation and editing scenarios.
                                                                                                                                                                    
-
                                                                                                                                                                    For details about the YAML configuration structure changes, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                                    
+
                                                                                                                                                                    Solution
                                                                                                                                                                    Check Description
                                                                                                                                                                    
+
                                                                                                                                                                    Based on the check result, it is detected that your cluster calls a deprecated API of the target cluster version using kubectl or other applications. You can rectify the fault before the upgrade. Otherwise, the API will be intercepted by kube-apiserver after the upgrade. For details about each deprecated API, see Deprecated APIs.
                                                                                                                                                                    
+
                                                                                                                                                                    Case Study
                                                                                                                                                                    
+
                                                                                                                                                                    Ingresses of extensions/v1beta1 and networking.k8s.io/v1beta1 API are deprecated in clusters of v1.22. If you upgrade a CCE cluster from v1.19 or v1.21 to v1.23, existing resources are not affected, but the v1beta1 API version may be intercepted in the creation and editing scenarios.
                                                                                                                                                                    
+
                                                                                                                                                                    For details about the YAML configuration structure changes, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0488.html b/docs/cce/umn/cce_10_0488.html
index 28a4c8db7..b57437241 100644
--- a/docs/cce/umn/cce_10_0488.html
+++ b/docs/cce/umn/cce_10_0488.html
@@ -1,11 +1,11 @@
 
 
-
                                                                                                                                                                    IPv6 Capability of a CCE Turbo Cluster
                                                                                                                                                                    
-
                                                                                                                                                                    Check Item
                                                                                                                                                                    If IPv6 is enabled for a CCE Turbo cluster, check whether the target cluster version supports IPv6.
                                                                                                                                                                    
+
                                                                                                                                                                    IPv6 Capabilities of a CCE Turbo Cluster
                                                                                                                                                                    
+
                                                                                                                                                                    Check Item
                                                                                                                                                                    If IPv6 is enabled for a CCE Turbo cluster, check whether the target cluster version supports IPv6.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Solution
                                                                                                                                                                    CCE Turbo clusters support IPv6 since v1.23. This feature is available in the following versions:
                                                                                                                                                                    • v1.23: 1.23.8-r0 or later
                                                                                                                                                                    • v1.25: 1.25.3-r0 or later
                                                                                                                                                                    • v1.25 or later
                                                                                                                                                                    
+
                                                                                                                                                                    Solution
                                                                                                                                                                    CCE Turbo clusters support IPv6 since v1.23. This feature is available in the following versions:
                                                                                                                                                                    • v1.23: 1.23.8-r0 or later
                                                                                                                                                                    • v1.25: 1.25.3-r0 or later
                                                                                                                                                                    • v1.25 or later
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    If IPv6 has been enabled in the cluster before the upgrade, the target cluster version must also support IPv6. Select a proper cluster version.
                                                                                                                                                                    
+
                                                                                                                                                                    If IPv6 has been enabled in the cluster before the upgrade, the target cluster version must also support IPv6. Select a proper cluster version.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0489.html b/docs/cce/umn/cce_10_0489.html
index f079e3f07..26c52b276 100644
--- a/docs/cce/umn/cce_10_0489.html
+++ b/docs/cce/umn/cce_10_0489.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                                    Node NetworkManager
                                                                                                                                                                    
-
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether NetworkManager of a node is normal.
                                                                                                                                                                    
+
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether NetworkManager of a node is normal.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Solution
                                                                                                                                                                    Log in to the node and run the systemctl is-active NetworkManager command to query the running status of NetworkManager. If the command output is abnormal, run the systemctl restart NetworkManager command and query the status again.
                                                                                                                                                                    
-
                                                                                                                                                                    If the problem persists after NetworkManager is restarted, contact technical support.
                                                                                                                                                                    
+
                                                                                                                                                                    Solution
                                                                                                                                                                    Log in to the node and run the systemctl is-active NetworkManager command to obtain the running status of NetworkManager. If the command output is abnormal, run the systemctl restart NetworkManager command and obtain the status again.
                                                                                                                                                                    
+
                                                                                                                                                                    If the problem persists after NetworkManager is restarted, contact technical support.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0490.html b/docs/cce/umn/cce_10_0490.html
index d7d0f8f93..345d64e18 100644
--- a/docs/cce/umn/cce_10_0490.html
+++ b/docs/cce/umn/cce_10_0490.html
@@ -1,14 +1,12 @@
 
 
 
                                                                                                                                                                    Node ID File
                                                                                                                                                                    
-
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check the ID file format.
                                                                                                                                                                    
+
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check the ID file format.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Solution
                                                                                                                                                                    1. On the Nodes page of the CCE console, click the name of the abnormal node to go to the ECS page.
                                                                                                                                                                      
-
                                                                                                                                                                    2. Copy the node ID and save it to the local host.
                                                                                                                                                                      
-
                                                                                                                                                                    3. Log in to the abnormal node and back up files.
                                                                                                                                                                      cp /var/lib/cloud/data/instance-id /tmp/instance-id
+
                                                                                                                                                                      Solution
                                                                                                                                                                      1. On the Nodes page of the CCE console, click the name of the abnormal node to go to the ECS page.
                                                                                                                                                                      2. Copy the node ID and save it to the local host.
                                                                                                                                                                      3. Log in to the abnormal node and back up files.
                                                                                                                                                                        cp /var/lib/cloud/data/instance-id /tmp/instance-id
 cp /var/paas/conf/server.conf /tmp/server.conf
                                                                                                                                                                        
-
                                                                                                                                                                      4. Log in to the abnormal node and write the obtained node ID to the file.
                                                                                                                                                                        echo "Node ID" >> /var/lib/cloud/data/instance-id
-echo "Node ID" >> /var/paas/conf/server.conf
                                                                                                                                                                        
+
                                                                                                                                                                      5. Log in to the abnormal node and write the obtained node ID to the file.
                                                                                                                                                                        echo "Node ID" > /var/lib/cloud/data/instance-id
+echo "Node ID" > /var/paas/conf/server.conf
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0491.html b/docs/cce/umn/cce_10_0491.html
index e615c8f95..3c364bab2 100644
--- a/docs/cce/umn/cce_10_0491.html
+++ b/docs/cce/umn/cce_10_0491.html
@@ -1,127 +1,127 @@
 
 
 
                                                                                                                                                                    Node Configuration Consistency
                                                                                                                                                                    
-
                                                                                                                                                                    Check Item
                                                                                                                                                                    When you upgrade a CCE cluster to v1.19 or later, the system checks whether the following configuration files have been modified in the background:
                                                                                                                                                                    
-
                                                                                                                                                                    • /opt/cloud/cce/kubernetes/kubelet/kubelet
                                                                                                                                                                    • /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    • /opt/cloud/cce/kubernetes/kube-proxy/kube-proxy
                                                                                                                                                                    • /etc/containerd/default_runtime_spec.json
                                                                                                                                                                    • /etc/sysconfig/docker
                                                                                                                                                                    • /etc/default/docker
                                                                                                                                                                    • /etc/docker/daemon.json
                                                                                                                                                                    
-
                                                                                                                                                                    If you modify some parameters in these files, the cluster upgrade may fail or services may be abnormal after the upgrade. If you confirm that the modification does not affect services, continue the upgrade.
                                                                                                                                                                    
-
                                                                                                                                                                     
                                                                                                                                                                    CCE uses the standard image script to check node configuration consistency. If you use other custom images, the check may fail.
                                                                                                                                                                    
+
                                                                                                                                                                    Check Item
                                                                                                                                                                    When you upgrade a CCE cluster to v1.19 or later, the system checks whether the following configuration files have been modified in the background:
                                                                                                                                                                    
+
                                                                                                                                                                    • /opt/cloud/cce/kubernetes/kubelet/kubelet
                                                                                                                                                                    • /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    • /opt/cloud/cce/kubernetes/kube-proxy/kube-proxy
                                                                                                                                                                    • /etc/containerd/default_runtime_spec.json
                                                                                                                                                                    • /etc/sysconfig/docker
                                                                                                                                                                    • /etc/default/docker
                                                                                                                                                                    • /etc/docker/daemon.json
                                                                                                                                                                    
+
                                                                                                                                                                    If you modify some parameters in these files, the cluster upgrade may fail or services may be abnormal after the upgrade. If you confirm that the modification does not affect services, continue the upgrade.
                                                                                                                                                                    
+
                                                                                                                                                                     
                                                                                                                                                                    CCE uses the standard image script to check node configuration consistency. If you use other custom images, the check may fail.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    The expected modification will not be intercepted. The following table lists the parameters that can be modified.
                                                                                                                                                                    
+
                                                                                                                                                                    The expected modification will not be intercepted. The following table lists the parameters that can be modified.
                                                                                                                                                                    
 
-
                                                                                                                                                                    Table 1 List of cluster versions that support the enhanced CPU policy function
                                                                                                                                                                    Cluster Version
                                                                                                                                                                    
 
                                                                                                                                                                    Enhanced CPU Policy Supported
                                                                                                                                                                    
+
                                                                                                                                                                    Enhanced CPU Policy
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
 
                                                                                                                                                                    v1.17 or earlier
                                                                                                                                                                    
+
                                                                                                                                                                    Clusters of v1.17 or earlier
                                                                                                                                                                    
 
                                                                                                                                                                    No
                                                                                                                                                                    
+
                                                                                                                                                                    Not supported
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    v1.19
                                                                                                                                                                    
+
                                                                                                                                                                    Clusters of v1.19
                                                                                                                                                                    
 
                                                                                                                                                                    No
                                                                                                                                                                    
+
                                                                                                                                                                    Not supported
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    v1.21
                                                                                                                                                                    
+
                                                                                                                                                                    Clusters of v1.21
                                                                                                                                                                    
 
                                                                                                                                                                    No
                                                                                                                                                                    
+
                                                                                                                                                                    Not supported
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    v1.23 or later
                                                                                                                                                                    
+
                                                                                                                                                                    Clusters of v1.23 and later
                                                                                                                                                                    
 
                                                                                                                                                                    Yes
                                                                                                                                                                    
+
                                                                                                                                                                    Supported
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
 
                                                                                                                                                                    Table 1 Parameters that can be modified
                                                                                                                                                                    Component
                                                                                                                                                                    
+
                                                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                    Table 1 Parameters that can be modified
                                                                                                                                                                    Component
                                                                                                                                                                    
 
                                                                                                                                                                    Configuration File
                                                                                                                                                                    
+
                                                                                                                                                                    Configuration File
                                                                                                                                                                    
 
                                                                                                                                                                    Parameter
                                                                                                                                                                    
+
                                                                                                                                                                    Parameter
                                                                                                                                                                    
 
                                                                                                                                                                    Upgrade Version
                                                                                                                                                                    
+
                                                                                                                                                                    Upgrade Version
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
 
                                                                                                                                                                    kubelet
                                                                                                                                                                    
+
                                                                                                                                                                    kubelet
                                                                                                                                                                    
 
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
+
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
 
                                                                                                                                                                    cpuManagerPolicy
                                                                                                                                                                    
+
                                                                                                                                                                    cpuManagerPolicy
                                                                                                                                                                    
 
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
+
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    kubelet
                                                                                                                                                                    
+
                                                                                                                                                                    kubelet
                                                                                                                                                                    
 
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
+
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
 
                                                                                                                                                                    maxPods
                                                                                                                                                                    
+
                                                                                                                                                                    maxPods
                                                                                                                                                                    
 
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
+
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    kubelet
                                                                                                                                                                    
+
                                                                                                                                                                    kubelet
                                                                                                                                                                    
 
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
+
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
 
                                                                                                                                                                    kubeAPIQPS
                                                                                                                                                                    
+
                                                                                                                                                                    kubeAPIQPS
                                                                                                                                                                    
 
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
+
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    kubelet
                                                                                                                                                                    
+
                                                                                                                                                                    kubelet
                                                                                                                                                                    
 
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
+
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
 
                                                                                                                                                                    kubeAPIBurst
                                                                                                                                                                    
+
                                                                                                                                                                    kubeAPIBurst
                                                                                                                                                                    
 
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
+
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    kubelet
                                                                                                                                                                    
+
                                                                                                                                                                    kubelet
                                                                                                                                                                    
 
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
+
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
 
                                                                                                                                                                    podPidsLimit
                                                                                                                                                                    
+
                                                                                                                                                                    podPidsLimit
                                                                                                                                                                    
 
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
+
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    kubelet
                                                                                                                                                                    
+
                                                                                                                                                                    kubelet
                                                                                                                                                                    
 
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
+
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
 
                                                                                                                                                                    topologyManagerPolicy
                                                                                                                                                                    
+
                                                                                                                                                                    topologyManagerPolicy
                                                                                                                                                                    
 
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
+
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    kubelet
                                                                                                                                                                    
+
                                                                                                                                                                    kubelet
                                                                                                                                                                    
 
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
+
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
 
                                                                                                                                                                    resolvConf
                                                                                                                                                                    
+
                                                                                                                                                                    resolvConf
                                                                                                                                                                    
 
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
+
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    kubelet
                                                                                                                                                                    
+
                                                                                                                                                                    kubelet
                                                                                                                                                                    
 
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
+
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
 
                                                                                                                                                                    eventRecordQPS
                                                                                                                                                                    
+
                                                                                                                                                                    eventRecordQPS
                                                                                                                                                                    
 
                                                                                                                                                                    Later than v1.21
                                                                                                                                                                    
+
                                                                                                                                                                    Later than v1.21
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    kubelet
                                                                                                                                                                    
+
                                                                                                                                                                    kubelet
                                                                                                                                                                    
 
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
+
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
 
                                                                                                                                                                    topologyManagerScope
                                                                                                                                                                    
+
                                                                                                                                                                    topologyManagerScope
                                                                                                                                                                    
 
                                                                                                                                                                    Later than v1.21
                                                                                                                                                                    
+
                                                                                                                                                                    Later than v1.21
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    kubelet
                                                                                                                                                                    
+
                                                                                                                                                                    kubelet
                                                                                                                                                                    
 
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
+
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
 
                                                                                                                                                                    allowedUnsafeSysctls
                                                                                                                                                                    
+
                                                                                                                                                                    allowedUnsafeSysctls
                                                                                                                                                                    
 
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
+
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Docker
                                                                                                                                                                    
+
                                                                                                                                                                    Docker
                                                                                                                                                                    
 
                                                                                                                                                                    /etc/docker/daemon.json
                                                                                                                                                                    
+
                                                                                                                                                                    /etc/docker/daemon.json
                                                                                                                                                                    
 
                                                                                                                                                                    dm.basesize
                                                                                                                                                                    
+
                                                                                                                                                                    dm.basesize
                                                                                                                                                                    
 
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
+
                                                                                                                                                                    Later than v1.19
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
                                                                                                                                                                     
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
-
                                                                                                                                                                    Solution
                                                                                                                                                                    If you modify some parameters in these files, exceptions may occur after the upgrade. If you are not sure whether the modified parameters will affect the upgrade, contact technical support.
                                                                                                                                                                    
+
                                                                                                                                                                    Solution
                                                                                                                                                                    If you modify some parameters in these files, exceptions may occur after the upgrade. If you are not sure whether the modified parameters will affect the upgrade, contact technical support.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0492.html b/docs/cce/umn/cce_10_0492.html
index ee9be9062..3a80ec8fa 100644
--- a/docs/cce/umn/cce_10_0492.html
+++ b/docs/cce/umn/cce_10_0492.html
@@ -1,57 +1,57 @@
 
 
 
                                                                                                                                                                    Node Configuration File
                                                                                                                                                                    
-
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether the configuration files of key components exist on the node.
                                                                                                                                                                    
-
                                                                                                                                                                    The following table lists the files to be checked.
                                                                                                                                                                    
+
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether the configuration files of key components exist on the node.
                                                                                                                                                                    
+
                                                                                                                                                                    The following table lists the files to be checked.
                                                                                                                                                                    
 
-
                                                                                                                                                                    File Name
                                                                                                                                                                    
+
                                                                                                                                                                    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                    File Name
                                                                                                                                                                    
 
                                                                                                                                                                    File Content
                                                                                                                                                                    
+
                                                                                                                                                                    File Content
                                                                                                                                                                    
 
                                                                                                                                                                    Remarks
                                                                                                                                                                    
+
                                                                                                                                                                    Remarks
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
 
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet
                                                                                                                                                                    
+
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet
                                                                                                                                                                    
 
                                                                                                                                                                    kubelet command line startup parameters
                                                                                                                                                                    
+
                                                                                                                                                                    kubelet command line startup parameters
                                                                                                                                                                    
 
                                                                                                                                                                    -
                                                                                                                                                                    
+
                                                                                                                                                                    None
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
+
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kubelet/kubelet_config.yaml
                                                                                                                                                                    
 
                                                                                                                                                                    kubelet startup parameters
                                                                                                                                                                    
+
                                                                                                                                                                    kubelet startup parameters
                                                                                                                                                                    
 
                                                                                                                                                                    -
                                                                                                                                                                    
+
                                                                                                                                                                    None
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kube-proxy/kube-proxy
                                                                                                                                                                    
+
                                                                                                                                                                    /opt/cloud/cce/kubernetes/kube-proxy/kube-proxy
                                                                                                                                                                    
 
                                                                                                                                                                    kube-proxy command line startup parameters
                                                                                                                                                                    
+
                                                                                                                                                                    kube-proxy command line startup parameters
                                                                                                                                                                    
 
                                                                                                                                                                    -
                                                                                                                                                                    
+
                                                                                                                                                                    None
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    /etc/sysconfig/docker
                                                                                                                                                                    
+
                                                                                                                                                                    /etc/sysconfig/docker
                                                                                                                                                                    
 
                                                                                                                                                                    Docker configuration file
                                                                                                                                                                    
+
                                                                                                                                                                    Docker configuration file
                                                                                                                                                                    
 
                                                                                                                                                                    Not checked when containerd or the Debain-Group machine is used.
                                                                                                                                                                    
+
                                                                                                                                                                    Not checked when containerd or the Debain-Group machine is used.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    /etc/default/docker
                                                                                                                                                                    
+
                                                                                                                                                                    /etc/default/docker
                                                                                                                                                                    
 
                                                                                                                                                                    Docker configuration file
                                                                                                                                                                    
+
                                                                                                                                                                    Docker configuration file
                                                                                                                                                                    
 
                                                                                                                                                                    Not checked when containerd or the Centos-Group machine is used.
                                                                                                                                                                    
+
                                                                                                                                                                    Not checked when containerd or the Centos-Group machine is used.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
                                                                                                                                                                     
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
-
                                                                                                                                                                    Solution
                                                                                                                                                                    Contact technical support to restore the configuration file and then perform the upgrade.
                                                                                                                                                                    
+
                                                                                                                                                                    Solution
                                                                                                                                                                    Contact technical support to restore the configuration file and then perform the upgrade.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0493.html b/docs/cce/umn/cce_10_0493.html
index 3c591a765..dfdfc696d 100644
--- a/docs/cce/umn/cce_10_0493.html
+++ b/docs/cce/umn/cce_10_0493.html
@@ -1,12 +1,12 @@
 
 
-
                                                                                                                                                                    Checking CoreDNS Configuration Consistency
                                                                                                                                                                    
-
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether the current CoreDNS key configuration Corefile is different from the Helm Release record. The difference may be overwritten during the add-on upgrade, affecting domain name resolution in the cluster.
                                                                                                                                                                    
+
                                                                                                                                                                    CoreDNS Configuration Consistency
                                                                                                                                                                    
+
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether the current CoreDNS key configuration Corefile is different from the Helm release record. The difference may be overwritten during the add-on upgrade, affecting domain name resolution in the cluster.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Solution
                                                                                                                                                                    You can upgrade the coredns add-on separately after confirming the configuration differences.
                                                                                                                                                                    
-
                                                                                                                                                                    1. For details about how to configure kubectl, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    2. Obtain the Corefile that takes effect currently.
                                                                                                                                                                      kubectl get cm -nkube-system coredns -o jsonpath='{.data.Corefile}' > corefile_now.txt
+
                                                                                                                                                                      Solution
                                                                                                                                                                      You can upgrade CoreDNS separately after confirming the configuration differences.
                                                                                                                                                                      
+
                                                                                                                                                                      1. Configure kubectl, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                      2. Obtain the Corefile that takes effect currently.
                                                                                                                                                                        kubectl get cm -nkube-system coredns -o jsonpath='{.data.Corefile}' > corefile_now.txt
 cat corefile_now.txt
                                                                                                                                                                        
-
                                                                                                                                                                      3. Obtain the Corefile in the Helm Release record (depending on Python 3).
                                                                                                                                                                        latest_release=`kubectl get secret -nkube-system -l owner=helm -l name=cceaddon-coredns --sort-by=.metadata.creationTimestamp | awk 'END{print $1}'`
+
                                                                                                                                                                      4. Obtain the Corefile in the Helm release record (depending on Python 3).
                                                                                                                                                                        latest_release=`kubectl get secret -nkube-system -l owner=helm -l name=cceaddon-coredns --sort-by=.metadata.creationTimestamp | awk 'END{print $1}'`
 kubectl get secret -nkube-system $latest_release -o jsonpath='{.data.release}' | base64 -d | base64 -d | gzip -d | python -m json.tool | python -c "
 import json,sys,re,yaml;
 manifests = json.load(sys.stdin)['manifest']
@@ -21,13 +21,13 @@ exit(1);
 " > corefile_record.txt
 cat corefile_record.txt
 
                                                                                                                                                                        
-
                                                                                                                                                                      5. Compare the output information of 2 and 3.
                                                                                                                                                                        diff corefile_now.txt corefile_record.txt -y;
                                                                                                                                                                        
-
                                                                                                                                                                        
-
                                                                                                                                                                      6. Return to the CCE console and click the cluster name to go to the cluster console. On the Add-ons page, select the coredns add-on and click Upgrade.
                                                                                                                                                                        To retain the differentiated configurations, use either of the following methods:
                                                                                                                                                                        • Set parameterSyncStrategy to force. You need to manually enter the differentiated configurations. For details, see coredns (System Resource Add-On, Mandatory).
                                                                                                                                                                        • If parameterSyncStrategy is set to inherit, differentiated configurations are automatically inherited. The system automatically parses, identifies, and inherits differentiated parameters.
                                                                                                                                                                        
+
                                                                                                                                                                      7. Compare the output differences between 2 and 3.
                                                                                                                                                                        diff corefile_now.txt corefile_record.txt -y;
                                                                                                                                                                        
+
                                                                                                                                                                        Figure 1 Viewing output differences
                                                                                                                                                                        
+
                                                                                                                                                                      8. Return to the CCE console and click the cluster name to go to the cluster console. On the Add-ons page, select CoreDNS and click Upgrade.
                                                                                                                                                                        To retain the different configurations, use either of the following methods:
                                                                                                                                                                        • Set parameterSyncStrategy to force. Manually enter the differential configuration. For details, see coredns (System Resource Add-on, Mandatory).
                                                                                                                                                                        • If parameterSyncStrategy is set to inherit, differentiated configurations are automatically inherited. The system automatically parses, identifies, and inherits differentiated parameters.
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        
-
                                                                                                                                                                      9. Click OK. After the add-on upgrade is complete, check whether all CoreDNS instances are available and whether the Corefile meets the expectation.
                                                                                                                                                                        kubectl get cm -nkube-system coredns -o jsonpath='{.data.Corefile}'
                                                                                                                                                                        
-
                                                                                                                                                                      10. Change the value of parameterSyncStrategy to ensureConsistent to enable configuration consistency verification.
                                                                                                                                                                        Use the parameter configuration function of CCE add-on management to modify the Corefile configuration to avoid differences.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      11. Click OK. After the add-on upgrade is complete, check whether all CoreDNS instances are available and whether Corefile meets the expectation.
                                                                                                                                                                        kubectl get cm -nkube-system coredns -o jsonpath='{.data.Corefile}'
                                                                                                                                                                        
+
                                                                                                                                                                      12. Change the value of parameterSyncStrategy to ensureConsistent to enable configuration consistency verification.
                                                                                                                                                                        In addition, you are advised to use the parameter configuration function of CCE add-on management to modify the Corefile configuration to avoid differences.
                                                                                                                                                                        
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0549.html b/docs/cce/umn/cce_10_0549.html
index efbfe901f..e9fa1162f 100644
--- a/docs/cce/umn/cce_10_0549.html
+++ b/docs/cce/umn/cce_10_0549.html
@@ -1,217 +1,303 @@
 
 
-
                                                                                                                                                                    Performing Pre-upgrade Check
                                                                                                                                                                    
-
                                                                                                                                                                    The system performs a comprehensive pre-upgrade check before the cluster upgrade. If the cluster does not meet the pre-upgrade check conditions, the upgrade cannot continue. To prevent upgrade risks, you can perform pre-upgrade check according to the check items provided by this section.
                                                                                                                                                                    
+
                                                                                                                                                                    Pre-upgrade Check
                                                                                                                                                                    
+
                                                                                                                                                                    The system performs a comprehensive pre-upgrade check before the cluster upgrade. If the cluster does not meet the pre-upgrade check conditions, the upgrade cannot continue. To prevent upgrade risks, you can perform pre-upgrade check according to the check items provided by this section.
                                                                                                                                                                    
 
-
                                                                                                                                                                    Table 1 Check items
                                                                                                                                                                    Check Item
                                                                                                                                                                    
+
                                                                                                                                                                    
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
diff --git a/docs/cce/umn/cce_10_0550.html b/docs/cce/umn/cce_10_0550.html
index 961e2919b..d6e2e1e59 100644
--- a/docs/cce/umn/cce_10_0550.html
+++ b/docs/cce/umn/cce_10_0550.html
@@ -5,35 +5,35 @@
 
                                                                                                                                                                    
 
 
diff --git a/docs/cce/umn/cce_10_0551.html b/docs/cce/umn/cce_10_0551.html
index 93edd2104..d68e46f6d 100644
--- a/docs/cce/umn/cce_10_0551.html
+++ b/docs/cce/umn/cce_10_0551.html
@@ -1,19 +1,16 @@
 
 
-
-  
                                                                                                                                                                    CPU Core Binding
                                                                                                                                                                    
-
-  
                                                                                                                                                                    
+
                                                                                                                                                                    CPU Scheduling
                                                                                                                                                                    
+
                                                                                                                                                                    
 
                                                                                                                                                                    
-
 
                                                                                                                                                                    
 
 
 
                                                                                                                                                                    
-
                                                                                                                                                                    Parent topic: Workloads
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Scheduling
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_10_0553.html b/docs/cce/umn/cce_10_0553.html
index ea69ff6eb..f36d4fce2 100644
--- a/docs/cce/umn/cce_10_0553.html
+++ b/docs/cce/umn/cce_10_0553.html
@@ -4,10 +4,14 @@
 
                                                                                                                                                                    
 
 
diff --git a/docs/cce/umn/cce_10_0557.html b/docs/cce/umn/cce_10_0557.html
index c5743b1fc..2f2de5105 100644
--- a/docs/cce/umn/cce_10_0557.html
+++ b/docs/cce/umn/cce_10_0557.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                    Log Management Overview
                                                                                                                                                                    
+
                                                                                                                                                                    Overview
                                                                                                                                                                    
 
                                                                                                                                                                    CCE allows you to configure policies for collecting, managing, and analyzing workload logs periodically to prevent logs from being over-sized.
                                                                                                                                                                    
 
                                                                                                                                                                    • Using ICAgent:
                                                                                                                                                                      By default, the ICAgent collects container standard outputs (stdout logs). No configuration required.
                                                                                                                                                                      
 
                                                                                                                                                                      You can also configure the path for storing container logs when creating a workload so that the ICAgent collects logs from this path.
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0560.html b/docs/cce/umn/cce_10_0560.html
index 4f0fab10a..cf69a46a1 100644
--- a/docs/cce/umn/cce_10_0560.html
+++ b/docs/cce/umn/cce_10_0560.html
@@ -1,6 +1,6 @@
 
 
-
                                                                                                                                                                      Post-Upgrade Verification
                                                                                                                                                                      
+
                                                                                                                                                                      Performing Post-Upgrade Verification
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_10_0561.html b/docs/cce/umn/cce_10_0561.html
index f2717379d..a2bd2b0a9 100644
--- a/docs/cce/umn/cce_10_0561.html
+++ b/docs/cce/umn/cce_10_0561.html
@@ -12,7 +12,7 @@
 
                                                                                                                                                                      
 
 
diff --git a/docs/cce/umn/cce_10_0562.html b/docs/cce/umn/cce_10_0562.html
index bcd613ddb..b2d9d7817 100644
--- a/docs/cce/umn/cce_10_0562.html
+++ b/docs/cce/umn/cce_10_0562.html
@@ -1,19 +1,17 @@
 
 
 
                                                                                                                                                                      Pod Check
                                                                                                                                                                      
-
                                                                                                                                                                      Check Item
                                                                                                                                                                      • Check whether unexpected pods exist in the cluster.
                                                                                                                                                                      • Check whether there are pods restart unexpectedly in the cluster.
                                                                                                                                                                      
+
                                                                                                                                                                      Check Item
                                                                                                                                                                      • Check whether there are unexpected pods in the cluster.
                                                                                                                                                                      • Check whether there are any pods that ran properly originally in the cluster restart unexpectedly.
                                                                                                                                                                      
 
                                                                                                                                                                      
-
                                                                                                                                                                      Procedure
                                                                                                                                                                      Go to the CCE console and access the cluster console. Choose Workloads in the navigation pane. On the displayed page, switch to the Pods tab page. Select All namespaces, click Status, and check whether abnormal pods exist.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      Procedure
                                                                                                                                                                      Log in to the CCE console and access the cluster console. Choose Workloads in the navigation pane. On the displayed page, switch to the Pods tab page. Select all namespaces, click Status, and check whether there are any abnormal pods.
                                                                                                                                                                      
 
                                                                                                                                                                      View the Restarts column to check whether there are pods that are restarted abnormally.
                                                                                                                                                                      
-
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Solution
                                                                                                                                                                      If there are abnormal pods in your cluster after the cluster upgrade, contact technical support.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      
 
 
diff --git a/docs/cce/umn/cce_10_0563.html b/docs/cce/umn/cce_10_0563.html
index f8787dce7..a0bff0e04 100644
--- a/docs/cce/umn/cce_10_0563.html
+++ b/docs/cce/umn/cce_10_0563.html
@@ -4,8 +4,7 @@
 
                                                                                                                                                                      Check Item
                                                                                                                                                                      • Check whether the nodes are running properly.
                                                                                                                                                                      • Check whether the node network is normal.
                                                                                                                                                                      • Check whether the container network is normal.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Procedure
                                                                                                                                                                      The node status reflects whether the node component or network is normal.
                                                                                                                                                                      
-
                                                                                                                                                                      Go to the CCE console and access the cluster console. Choose Nodes in the navigation pane. You can filter node status by status to check whether there are abnormal nodes.
                                                                                                                                                                      
-
                                                                                                                                                                      
+
                                                                                                                                                                      Go to the CCE console and access the cluster console. Choose Nodes in the navigation pane. You can filter node status by status to check whether there are abnormal nodes.
                                                                                                                                                                      
 
                                                                                                                                                                      The container network affects services. Check whether your services are available.
                                                                                                                                                                      
 
                                                                                                                                                                      
 
                                                                                                                                                                      Solution
                                                                                                                                                                      If the node status is abnormal, contact technical support.
                                                                                                                                                                      
@@ -21,8 +20,7 @@
 
 
 
-
                                                                                                                                                                    
@@ -105,14 +103,14 @@
 
-
-
                                                                                                                                                                    Table 1 Check items
                                                                                                                                                                    No.
                                                                                                                                                                    
 
                                                                                                                                                                    Description
                                                                                                                                                                    
+
                                                                                                                                                                    Check Item
                                                                                                                                                                    
+
                                                                                                                                                                    Description
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
 
                                                                                                                                                                    Checking the Node
                                                                                                                                                                    
+
                                                                                                                                                                    1
                                                                                                                                                                    
 
                                                                                                                                                                    • Check whether the node is available. 
                                                                                                                                                                    • Check whether the node OS supports the upgrade.
                                                                                                                                                                    • Check whether there are unexpected node pool tags in the node.
                                                                                                                                                                    • Check whether the Kubernetes node name is consistent with the ECS name.
                                                                                                                                                                    
+
                                                                                                                                                                    Node Restrictions
                                                                                                                                                                    
+
                                                                                                                                                                    • Check whether the node is available.
                                                                                                                                                                    • Check whether the node OS supports the upgrade.
                                                                                                                                                                    • Check whether there are unexpected node pool tags in the node.
                                                                                                                                                                    • Check whether the Kubernetes node name is consistent with the ECS name.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Checking the Blocklist
                                                                                                                                                                    
+
                                                                                                                                                                    2
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the current user is in the upgrade blocklist.
                                                                                                                                                                    
+
                                                                                                                                                                    Blocklist
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the current user is in the upgrade blocklist.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Checking the Add-on
                                                                                                                                                                    
+
                                                                                                                                                                    3
                                                                                                                                                                    
 
                                                                                                                                                                    • Check whether the add-on status is normal.
                                                                                                                                                                    • Check whether the add-on support the target version.
                                                                                                                                                                    
+
                                                                                                                                                                    Add-ons
                                                                                                                                                                    
+
                                                                                                                                                                    • Check whether the add-on status is normal.
                                                                                                                                                                    • Check whether the add-on support the target version.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Checking the Helm Chart
                                                                                                                                                                    
+
                                                                                                                                                                    4
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the current HelmRelease record contains discarded Kubernetes APIs that are not supported by the target cluster version. If yes, the Helm chart may be unavailable after the upgrade.
                                                                                                                                                                    
+
                                                                                                                                                                    Helm Charts
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the current HelmRelease record contains discarded Kubernetes APIs that are not supported by the target cluster version. If yes, the Helm chart may be unavailable after the upgrade.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Checking the Master Node SSH Connectivity
                                                                                                                                                                    
+
                                                                                                                                                                    5
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether CCE can connect to your master nodes.
                                                                                                                                                                    
+
                                                                                                                                                                    SSH Connectivity of Master Nodes
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether CCE can connect to your master nodes.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Checking the Node Pool
                                                                                                                                                                    
+
                                                                                                                                                                    6
                                                                                                                                                                    
 
                                                                                                                                                                    • Check the node status.
                                                                                                                                                                    • Check whether the auto scaling function of the node pool is disabled.
                                                                                                                                                                    
+
                                                                                                                                                                    Node Pools
                                                                                                                                                                    
+
                                                                                                                                                                    Check the node pool status.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Checking the Security Group
                                                                                                                                                                    
+
                                                                                                                                                                    7
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the security group allows the master node to access nodes using ICMP.
                                                                                                                                                                    
+
                                                                                                                                                                    Security Groups
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the security group allows the master node to access nodes using ICMP.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    To-Be-Migrated Node
                                                                                                                                                                    
+
                                                                                                                                                                    8
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the node needs to be migrated.
                                                                                                                                                                    
+
                                                                                                                                                                    To-Be-Migrated Nodes
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the node needs to be migrated.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Discarded Kubernetes Resource
                                                                                                                                                                    
+
                                                                                                                                                                    9
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether there are discarded resources in the clusters.
                                                                                                                                                                    
+
                                                                                                                                                                    Discarded Kubernetes Resources
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether there are discarded resources in the clusters.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Compatibility Risk
                                                                                                                                                                    
+
                                                                                                                                                                    10
                                                                                                                                                                    
 
                                                                                                                                                                    Read the version compatibility differences and ensure that they are not affected.
                                                                                                                                                                    
+
                                                                                                                                                                    Compatibility Risks
                                                                                                                                                                    
+
                                                                                                                                                                    Read the version compatibility differences and ensure that they are not affected. The patch upgrade does not involve version compatibility differences.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node CCEAgent Version
                                                                                                                                                                    
+
                                                                                                                                                                    11
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether cce-agent on the current node is of the latest version.
                                                                                                                                                                    
+
                                                                                                                                                                    Node CCE Agent Versions
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether cce-agent on the current node is of the latest version.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node CPU Usage
                                                                                                                                                                    
+
                                                                                                                                                                    12
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the CPU usage of the node exceeds 90%.
                                                                                                                                                                    
+
                                                                                                                                                                    Node CPU Usage
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the CPU usage of the node exceeds 90%.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    CRD Check
                                                                                                                                                                    
+
                                                                                                                                                                    13
                                                                                                                                                                    
 
                                                                                                                                                                    • Check whether the key CRD packageversions.version.cce.io of the cluster is deleted.
                                                                                                                                                                    • Check whether the cluster key CRD network-attachment-definitions.k8s.cni.cncf.io is deleted.
                                                                                                                                                                    
+
                                                                                                                                                                    CRDs
                                                                                                                                                                    
+
                                                                                                                                                                    • Check whether the key CRD packageversions.version.cce.io of the cluster is deleted.
                                                                                                                                                                    • Check whether the cluster key CRD network-attachment-definitions.k8s.cni.cncf.io is deleted.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node Disk
                                                                                                                                                                    
+
                                                                                                                                                                    14
                                                                                                                                                                    
 
                                                                                                                                                                    • Check whether the key data disks on the node meet the upgrade requirements.
                                                                                                                                                                    • Check whether the /tmp directory has 500 MB available space.
                                                                                                                                                                    
+
                                                                                                                                                                    Node Disks
                                                                                                                                                                    
+
                                                                                                                                                                    • Check whether the key data disks on the node meet the upgrade requirements.
                                                                                                                                                                    • Check whether the /tmp directory has 500 MiB available space.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node DNS
                                                                                                                                                                    
+
                                                                                                                                                                    15
                                                                                                                                                                    
 
                                                                                                                                                                    • Check whether the DNS configuration of the current node can resolve the OBS address.
                                                                                                                                                                    • Check whether the current node can access the OBS address of the storage upgrade component package.
                                                                                                                                                                    
+
                                                                                                                                                                    Node DNS
                                                                                                                                                                    
+
                                                                                                                                                                    • Check whether the DNS configuration of the current node can resolve the OBS address.
                                                                                                                                                                    • Check whether the current node can access the OBS address of the storage upgrade component package.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node Key Directory File Permissions
                                                                                                                                                                    
+
                                                                                                                                                                    16
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the key directory /var/paas on the nodes contain files with abnormal owners or owner groups.
                                                                                                                                                                    
+
                                                                                                                                                                    Node Key Directory File Permissions
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the key directory /var/paas on the nodes contain files with abnormal owners or owner groups.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Kubelet
                                                                                                                                                                    
+
                                                                                                                                                                    17
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the kubelet on the node is running properly.
                                                                                                                                                                    
+
                                                                                                                                                                    Kubelet
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the kubelet on the node is running properly.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node Memory
                                                                                                                                                                    
+
                                                                                                                                                                    18
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the memory usage of the node exceeds 90%.
                                                                                                                                                                    
+
                                                                                                                                                                    Node Memory
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the memory usage of the node exceeds 90%.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node Clock Synchronization Server
                                                                                                                                                                    
+
                                                                                                                                                                    19
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the clock synchronization server ntpd or chronyd of the node is running properly.
                                                                                                                                                                    
+
                                                                                                                                                                    Node Clock Synchronization Server
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the clock synchronization server ntpd or chronyd of the node is running properly.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node OS
                                                                                                                                                                    
+
                                                                                                                                                                    20
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the OS kernel version of the node is supported by CCE.
                                                                                                                                                                    
+
                                                                                                                                                                    Node OS
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the OS kernel version of the node is supported by CCE.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node CPU Count
                                                                                                                                                                    
+
                                                                                                                                                                    21
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the number of CPUs on the master node is greater than 2.
                                                                                                                                                                    
+
                                                                                                                                                                    Node CPUs
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the number of CPUs on the master node is greater than 2.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node Python Command
                                                                                                                                                                    
+
                                                                                                                                                                    22
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the Python commands are available on a node.
                                                                                                                                                                    
+
                                                                                                                                                                    Node Python Commands
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the Python commands are available on a node.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node Readiness
                                                                                                                                                                    
+
                                                                                                                                                                    23
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the nodes in the cluster are ready.
                                                                                                                                                                    
+
                                                                                                                                                                    Node Readiness
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the nodes in the cluster are ready.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node journald
                                                                                                                                                                    
+
                                                                                                                                                                    24
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether journald of a node is normal.
                                                                                                                                                                    
+
                                                                                                                                                                    Node journald
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether journald of a node is normal.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    containerd.sock Check
                                                                                                                                                                    
+
                                                                                                                                                                    25
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the containerd.sock file exists on the node. This file affects the startup of container runtime in the Euler OS.
                                                                                                                                                                    
+
                                                                                                                                                                    containerd.sock
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the containerd.sock file exists on the node. This file affects the startup of container runtime in the Euler OS.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Internal Error
                                                                                                                                                                    
+
                                                                                                                                                                    26
                                                                                                                                                                    
 
                                                                                                                                                                    Before the upgrade, check whether an internal error occurs.
                                                                                                                                                                    
+
                                                                                                                                                                    Internal Errors
                                                                                                                                                                    
+
                                                                                                                                                                    Before the upgrade, check whether an internal error occurs.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node Mount Point
                                                                                                                                                                    
+
                                                                                                                                                                    27
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether inaccessible mount points exist on the node.
                                                                                                                                                                    
+
                                                                                                                                                                    Node Mount Points
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether inaccessible mount points exist on the node.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Kubernetes Node Taint
                                                                                                                                                                    
+
                                                                                                                                                                    28
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the taint needed for cluster upgrade exists on the node.
                                                                                                                                                                    
+
                                                                                                                                                                    Kubernetes Node Taints
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the taint needed for cluster upgrade exists on the node.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    everest Restriction Check
                                                                                                                                                                    
+
                                                                                                                                                                    29
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the current everest add-on has compatibility restrictions.
                                                                                                                                                                    
+
                                                                                                                                                                    everest Restrictions
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether there are any compatibility restrictions on the current everest add-on.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    cce-hpa-controller Restriction Check
                                                                                                                                                                    
+
                                                                                                                                                                    30
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the current cce-controller-hpa add-on has compatibility restrictions.
                                                                                                                                                                    
+
                                                                                                                                                                    cce-hpa-controller Restrictions
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the current cce-controller-hpa add-on has compatibility restrictions.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Enhanced CPU Management Policy
                                                                                                                                                                    
+
                                                                                                                                                                    31
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the current cluster version and the target version support enhanced CPU policy.
                                                                                                                                                                    
+
                                                                                                                                                                    Enhanced CPU Policies
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the current cluster version and the target version support enhanced CPU policy.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    User Node Components Health
                                                                                                                                                                    
+
                                                                                                                                                                    32
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the container runtime and network components on the user node are healthy.
                                                                                                                                                                    
+
                                                                                                                                                                    Health of Worker Node Components
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the container runtime and network components on the worker nodes are healthy.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Controller Node Components Health
                                                                                                                                                                    
+
                                                                                                                                                                    33
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the Kubernetes, container runtime, and network components of the controller node are healthy.
                                                                                                                                                                    
+
                                                                                                                                                                    Health of Master Node Components
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the Kubernetes, container runtime, and network components of the master nodes are healthy.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Memory Resource Limit of Kubernetes Components
                                                                                                                                                                    
+
                                                                                                                                                                    34
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the resources of Kubernetes components, such as etcd and kube-controller-manager, exceed the upper limit.
                                                                                                                                                                    
+
                                                                                                                                                                    Memory Resource Limit of Kubernetes Components
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the resources of Kubernetes components, such as etcd and kube-controller-manager, exceed the upper limit.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Checking Deprecated Kubernetes APIs
                                                                                                                                                                    
+
                                                                                                                                                                    35
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the called API has been discarded in the target Kubernetes version.
                                                                                                                                                                    
+
                                                                                                                                                                    Discarded Kubernetes APIs
                                                                                                                                                                    
+
                                                                                                                                                                    The system scans the audit logs of the past day to check whether the user calls the deprecated APIs of the target Kubernetes version.
                                                                                                                                                                     NOTE: 
                                                                                                                                                                    Due to the limited time range of audit logs, this check item is only an auxiliary method. APIs to be deprecated may have been used in the cluster, but their usage is not included in the audit logs of the past day. Check the API usage carefully.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    IPv6 Capability of a CCE Turbo Cluster
                                                                                                                                                                    
+
                                                                                                                                                                    36
                                                                                                                                                                    
 
                                                                                                                                                                    If IPv6 is enabled for a CCE Turbo cluster, check whether the target cluster version supports IPv6.
                                                                                                                                                                    
+
                                                                                                                                                                    IPv6 Capabilities of a CCE Turbo Cluster
                                                                                                                                                                    
+
                                                                                                                                                                    If IPv6 is enabled for a CCE Turbo cluster, check whether the target cluster version supports IPv6.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node NetworkManager
                                                                                                                                                                    
+
                                                                                                                                                                    37
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether NetworkManager of a node is normal.
                                                                                                                                                                    
+
                                                                                                                                                                    Node NetworkManager
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether NetworkManager of a node is normal.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node ID File
                                                                                                                                                                    
+
                                                                                                                                                                    38
                                                                                                                                                                    
 
                                                                                                                                                                    Check the ID file format.
                                                                                                                                                                    
+
                                                                                                                                                                    Node ID File
                                                                                                                                                                    
+
                                                                                                                                                                    Check the ID file format.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node Configuration Consistency
                                                                                                                                                                    
+
                                                                                                                                                                    39
                                                                                                                                                                    
 
                                                                                                                                                                    When you upgrade a CCE cluster to v1.19 or later, the system checks whether the following configuration files have been modified in the background:
                                                                                                                                                                    
+
                                                                                                                                                                    Node Configuration Consistency
                                                                                                                                                                    
+
                                                                                                                                                                    When you upgrade a CCE cluster to v1.19 or later, the system checks whether the following configuration files have been modified in the background.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Node Configuration File
                                                                                                                                                                    
+
                                                                                                                                                                    40
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the configuration files of key components exist on the node.
                                                                                                                                                                    
+
                                                                                                                                                                    Node Configuration File
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the configuration files of key components exist on the node.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Checking CoreDNS Configuration Consistency
                                                                                                                                                                    
+
                                                                                                                                                                    41
                                                                                                                                                                    
 
                                                                                                                                                                    Check whether the current CoreDNS key configuration Corefile is different from the Helm release record. The difference may be overwritten during the add-on upgrade, affecting domain name resolution in the cluster.
                                                                                                                                                                    
+
                                                                                                                                                                    CoreDNS Configuration Consistency
                                                                                                                                                                    
+
                                                                                                                                                                    Check whether the current CoreDNS key configuration Corefile is different from the Helm release record. The difference may be overwritten during the add-on upgrade, affecting domain name resolution in the cluster.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
                                                                                                                                                                     
 
                                                                                                                                                                    • Pods (inside a cluster)
                                                                                                                                                                    • Nodes (inside a cluster)
                                                                                                                                                                    • Nodes in the same VPC (outside a cluster)
                                                                                                                                                                    • Third-party clouds
                                                                                                                                                                    
-
                                                                                                                                                                    
+
                                                                                                                                                                    • Pods (inside a cluster)
                                                                                                                                                                    • Nodes (inside a cluster)
                                                                                                                                                                    • Cloud servers outside the cluster but in the same VPC as the cluster
                                                                                                                                                                    • Outside the VPC to which the cluster belongs
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Public IP address of Service ELB
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Domain name resolution
                                                                                                                                                                    
 
                                                                                                                                                                    After the coredns add-on is upgraded, the configuration is overwritten. This fault has been rectified in the add-on upgrade process.
                                                                                                                                                                    
+
                                                                                                                                                                    After CoreDNS is upgraded, the configuration is overwritten. This fault has been rectified in the add-on upgrade process.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
 
                                                                                                                                                                    External domain names are resolved based on the CoreDNS upstream server.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    Domain name resolution
                                                                                                                                                                    
 
                                                                                                                                                                    After the coredns add-on is upgraded, the configuration is overwritten. This fault has been rectified in the add-on upgrade process.
                                                                                                                                                                    
+
                                                                                                                                                                    After CoreDNS is upgraded, the configuration is overwritten. This fault has been rectified in the add-on upgrade process.
                                                                                                                                                                    
                                                                                                                                                                     		
 
                                                                                                                                                                    
 
                                                                                                                                                                    External domain names are not resolved by CoreDNS.
                                                                                                                                                                    
@@ -129,7 +127,7 @@
 
 
 
diff --git a/docs/cce/umn/cce_10_0564.html b/docs/cce/umn/cce_10_0564.html
index 15c8e73fd..21123c996 100644
--- a/docs/cce/umn/cce_10_0564.html
+++ b/docs/cce/umn/cce_10_0564.html
@@ -1,20 +1,19 @@
 
 
 
                                                                                                                                                                    Node Label and Taint Check
                                                                                                                                                                    
-
                                                                                                                                                                    Check Item
                                                                                                                                                                    • Check whether the label is lost.
                                                                                                                                                                    • Check whether there are unexpected taints.
                                                                                                                                                                    
+
                                                                                                                                                                    Check Item
                                                                                                                                                                    • Check whether custom node labels are lost.
                                                                                                                                                                    • Check whether there are any unexpected taints newly added on the node, which will affect workload scheduling.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Procedure
                                                                                                                                                                    Go to the CCE console, access the cluster console, and choose Nodes in the navigation pane. On the displayed page, click the Nodes tab, select all nodes, and click Manage Labels and Taints to view the labels and taints of the current node.
                                                                                                                                                                    
-
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Solution
                                                                                                                                                                    User labels are not changed during the cluster upgrade. If you find that labels are lost or added abnormally, contact technical support.
                                                                                                                                                                    
+
                                                                                                                                                                    Solution
                                                                                                                                                                    Custom labels will not be changed during a cluster upgrade. If you find that labels are lost or added unexpectedly, contact technical support.
                                                                                                                                                                    
 
                                                                                                                                                                    If you find a new taint (node.kubernetes.io/upgrade) on a node, the node may be skipped during the upgrade. For details, see Node Skipping Check for Reset.
                                                                                                                                                                    
 
                                                                                                                                                                    If you find that other taints are added to the node, contact technical support.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
 
diff --git a/docs/cce/umn/cce_10_0565.html b/docs/cce/umn/cce_10_0565.html
index 4e41622ae..ae3f30aa6 100644
--- a/docs/cce/umn/cce_10_0565.html
+++ b/docs/cce/umn/cce_10_0565.html
@@ -3,15 +3,14 @@
 
                                                                                                                                                                    New Node Check
                                                                                                                                                                    
 
                                                                                                                                                                    Check Item
                                                                                                                                                                    Check whether nodes can be created in the cluster.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Procedure
                                                                                                                                                                    Go to the CCE console and access the cluster console. Choose Nodes in the navigation pane, and click Create Node.
                                                                                                                                                                    
-
                                                                                                                                                                    
+
                                                                                                                                                                    Procedure
                                                                                                                                                                    Log in to the CCE console and access the cluster console. Choose Nodes in the navigation pane, and click Create Node. For details about node configurations, see Creating a Node.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Solution
                                                                                                                                                                    If nodes cannot be created in your cluster after the cluster is upgraded, contact technical support.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
 
diff --git a/docs/cce/umn/cce_10_0566.html b/docs/cce/umn/cce_10_0566.html
index 49d8c00e2..775862cf8 100644
--- a/docs/cce/umn/cce_10_0566.html
+++ b/docs/cce/umn/cce_10_0566.html
@@ -4,10 +4,9 @@
 
                                                                                                                                                                    Check Item
                                                                                                                                                                    • Check whether pods can be created on the existing nodes after the cluster is upgraded.
                                                                                                                                                                    • Check whether pods can be created on new nodes after the cluster is upgraded.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Procedure
                                                                                                                                                                    After creating a node based on New Node Check, create a DaemonSet workload to create pods on each node.
                                                                                                                                                                    
-
                                                                                                                                                                    Go to the CCE console, access the cluster console, and choose Workloads in the navigation pane. On the displayed page, switch to the DaemonSets tab page and click Create Workload or Create from YAML in the upper right corner.
                                                                                                                                                                    
-
                                                                                                                                                                    
+
                                                                                                                                                                    Go to the CCE console, access the cluster console, and choose Workloads in the navigation pane. On the displayed page, switch to the DaemonSets tab page and click Create Workload or Create from YAML in the upper right corner. For details, see Creating a DaemonSet.
                                                                                                                                                                    
 
                                                                                                                                                                    You are advised to use the image for routine tests as the base image. You can deploy a pod by referring to the following YAML file.
                                                                                                                                                                    
-
                                                                                                                                                                     
                                                                                                                                                                    In this test, YAML deploys DaemonSet in the default namespace, uses ngxin:perl as the base image, requests 10 MB CPU and 10 Mi memory, and limits 100 MB CPU and 50 Mi memory.
                                                                                                                                                                    
+
                                                                                                                                                                     
                                                                                                                                                                    In this test, YAML deploys DaemonSet in the default namespace, uses ngxin:perl as the base image, requests 10 MB CPU and 10 MiB memory, and limits 100 MB CPU and 50 MiB memory.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    apiVersion: apps/v1
 kind: DaemonSet
@@ -38,14 +37,13 @@ spec:
               memory: 50Mi
                                                                                                                                                                    
 
                                                                                                                                                                    After the workload is created, check whether the pod status of the workload is normal.
                                                                                                                                                                    
 
                                                                                                                                                                    After the check is complete, go to the CCE console and access the cluster console. Choose Workloads in the navigation pane. On the displayed page, switch to the DaemonSets tab page, choose More > Delete in the Operation column of the post-upgrade-check workload to delete the test workload.
                                                                                                                                                                    
-
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Solution
                                                                                                                                                                    If the pod cannot be created or the pod status is abnormal, contact technical support and specify whether the exception occurs on new nodes or existing nodes.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
 
diff --git a/docs/cce/umn/cce_10_0567.html b/docs/cce/umn/cce_10_0567.html
index 7097d0fef..08da3f851 100644
--- a/docs/cce/umn/cce_10_0567.html
+++ b/docs/cce/umn/cce_10_0567.html
@@ -1,20 +1,17 @@
 
 
 
                                                                                                                                                                    Node Skipping Check for Reset
                                                                                                                                                                    
-
                                                                                                                                                                    Check Item
                                                                                                                                                                    After the cluster is upgraded, you need to reset the nodes that fail to be upgraded.
                                                                                                                                                                    
+
                                                                                                                                                                    Check Item
                                                                                                                                                                    After the cluster is upgraded, reset the nodes that fail to be upgraded.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Procedure
                                                                                                                                                                    Go back to the previous step or view the upgrade details on the upgrade history page to view the nodes that are skipped during the upgrade.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    
 
                                                                                                                                                                    The skipped nodes are displayed on the upgrade details page. Reset the skipped nodes after the upgrade is complete. For details about how to reset a node, see Resetting a Node.
                                                                                                                                                                    
-
                                                                                                                                                                    
 
                                                                                                                                                                     
                                                                                                                                                                    Resetting a node will reset all node labels, which may affect workload scheduling. Before resetting a node, check and retain the labels that you have manually added to the node.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    
 
 
diff --git a/docs/cce/umn/cce_10_0601.html b/docs/cce/umn/cce_10_0601.html
new file mode 100644
index 000000000..f408ab893
--- /dev/null
+++ b/docs/cce/umn/cce_10_0601.html
@@ -0,0 +1,28 @@
+
+
+
                                                                                                                                                                    Migrating Nodes from Docker to containerd
                                                                                                                                                                    
+
                                                                                                                                                                    Context
                                                                                                                                                                    Kubernetes has removed dockershim from v1.24 and does not support Docker by default. CCE will continue to support Docker in v1.25 but just till v1.27. The following steps show you how to migrate nodes from Docker to containerd.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Prerequisites
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Precautions
                                                                                                                                                                    • Theoretically, migration during container running will interrupt services for a short period of time. Therefore, it is strongly recommended that the services to be migrated have been deployed as multi-instance. In addition, you are advised to test the migration impact in the test environment to minimize potential risks.
                                                                                                                                                                    • containerd cannot build images. Do not use the docker build command to build images on containerd nodes. For other differences between Docker and containerd, see Container Engine.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Migrating a Node
                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    2. In the navigation pane, choose Nodes. In the node list, select one or more nodes to be reset and choose More > Reset Node.
                                                                                                                                                                    3. Set Container Engine to containerd. You can adjust other parameters as required or retain them as set during creation.
                                                                                                                                                                      
+
                                                                                                                                                                    4. If the node status is Installing, the node is being reset.
                                                                                                                                                                      When the node status is Running, you can see that the node version is switched to containerd. You can log in to the node and run containerd commands such as crictl to view information about the containers running on the node.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Migrating a Node Pool
                                                                                                                                                                    You can copy a node pool, set the container engine of the new node pool to containerd, and keep other configurations the same as those of the original Docker node pool.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    2. In the navigation pane, choose Nodes. On the Node Pools tab page, locate the Docker node pool to be copied and choose More > Copy in the Operation column.
                                                                                                                                                                      
+
                                                                                                                                                                    3. On the Compute Settings area, set Container Engine to containerd and modify other parameters as required.
                                                                                                                                                                      
+
                                                                                                                                                                    4. Scale the number of created containerd node pools to the number of original Docker node pools and delete nodes from the Docker node pools one by one.
                                                                                                                                                                      Rolling migration is preferred. That is, add some containerd nodes and then delete some Docker nodes until the number of nodes in the new containerd node pool is the same as that in the original Docker node pool.
                                                                                                                                                                      
+
                                                                                                                                                                       
                                                                                                                                                                      If you have set node affinity for the workloads deployed on the original Docker nodes or node pool, set affinity policies for the workloads to run on the new containerd nodes or node pool.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    5. After the migration, delete the original Docker node pool.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Node O&M
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0602.html b/docs/cce/umn/cce_10_0602.html
index efd78f0d7..66e5efa99 100644
--- a/docs/cce/umn/cce_10_0602.html
+++ b/docs/cce/umn/cce_10_0602.html
@@ -1,16 +1,14 @@
 
 
 
                                                                                                                                                                    Cluster Overload Control
                                                                                                                                                                    
-
                                                                                                                                                                    Scenario
                                                                                                                                                                    If overload control is enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.
                                                                                                                                                                    
+
                                                                                                                                                                    Scenario
                                                                                                                                                                    If enabled, concurrent requests are dynamically controlled based on the resource pressure of master nodes to keep them and the cluster available.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Notes and Constraints
                                                                                                                                                                    The cluster version must be 1.23 or later.
                                                                                                                                                                    
+
                                                                                                                                                                    Constraints
                                                                                                                                                                    The cluster version must be 1.23 or later.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Enabling Overload Control
                                                                                                                                                                    Method 1: Enabling it when creating a cluster
                                                                                                                                                                    
 
                                                                                                                                                                    When creating a cluster of v1.23 or later, you can enable overload control during the cluster creation.
                                                                                                                                                                    
-
                                                                                                                                                                    
-
                                                                                                                                                                    Method 2: Enabling it in an existing cluster
                                                                                                                                                                    
-
                                                                                                                                                                    1. Log in to the CCE console and go to an existing cluster whose version is v1.23 or later.
                                                                                                                                                                    2. On the cluster information page, view the master node information. If overload control is not enabled, a message is displayed. You can click Enable to enable the function.
                                                                                                                                                                      
-
                                                                                                                                                                    
+
                                                                                                                                                                    Method 2: Enabling it in an existing cluster
                                                                                                                                                                    
+
                                                                                                                                                                    1. Log in to the CCE console and go to an existing cluster whose version is v1.23 or later.
                                                                                                                                                                    2. On the cluster information page, view the master node information. If overload control is not enabled, a message is displayed. You can click Enable to enable the function.
                                                                                                                                                                    
 
                                                                                                                                                                    
 
                                                                                                                                                                    Disabling Cluster Overload Control
                                                                                                                                                                    1. Log in to the CCE console and go to an existing cluster whose version is v1.23 or later.
                                                                                                                                                                    2. On the Cluster Information page, click Manage in the upper right corner.
                                                                                                                                                                    3. Set support-overload to false under kube-apiserver.
                                                                                                                                                                    4. Click OK.
                                                                                                                                                                    
 
                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_10_0613.html b/docs/cce/umn/cce_10_0613.html
new file mode 100644
index 000000000..eaf2ab58c
--- /dev/null
+++ b/docs/cce/umn/cce_10_0613.html
@@ -0,0 +1,103 @@
+
+
+
                                                                                                                                                                    Overview
                                                                                                                                                                    
+
                                                                                                                                                                    To achieve persistent storage, CCE allows you to mount the storage volumes created from Elastic Volume Service (EVS) disks to a path of a container. When the container is migrated within an AZ, the mounted EVS volumes are also migrated. By using EVS volumes, you can mount the remote file directory of a storage system to a container so that data in the data volume is permanently preserved. Even if the container is deleted, the data in the data volume is still stored in the storage system.
                                                                                                                                                                    
+
                                                                                                                                                                    EVS Disk Performance Specifications
                                                                                                                                                                    EVS performance metrics include:
                                                                                                                                                                    
+
                                                                                                                                                                    • IOPS: number of read/write operations performed by an EVS disk per second
                                                                                                                                                                    • Throughput: amount of data read from and written into an EVS disk per second
                                                                                                                                                                    • Read/write I/O latency: minimum interval between two consecutive read/write operations on an EVS disk
                                                                                                                                                                    
+
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 1 EVS disk performance specifications
                                                                                                                                                                    Parameter
                                                                                                                                                                    
+
                                                                                                                                                                    Ultra-high I/O
                                                                                                                                                                    
+
                                                                                                                                                                    High I/O
                                                                                                                                                                    
+
                                                                                                                                                                    Common I/O
                                                                                                                                                                    
+
                                                                                                                                                                    Max. capacity (GiB)
                                                                                                                                                                    
+
                                                                                                                                                                    • System disk: 1,024
                                                                                                                                                                    • Data disk: 32,768
                                                                                                                                                                    
+
                                                                                                                                                                    • System disk: 1,024
                                                                                                                                                                    • Data disk: 32,768
                                                                                                                                                                    
+
                                                                                                                                                                    • System disk: 1,024
                                                                                                                                                                    • Data disk: 32,768
                                                                                                                                                                    
+
                                                                                                                                                                    Max. IOPS
                                                                                                                                                                    
+
                                                                                                                                                                    50,000
                                                                                                                                                                    
+
                                                                                                                                                                    5,000
                                                                                                                                                                    
+
                                                                                                                                                                    2,200
                                                                                                                                                                    
+
                                                                                                                                                                    Max. throughput (MiB/s)
                                                                                                                                                                    
+
                                                                                                                                                                    350
                                                                                                                                                                    
+
                                                                                                                                                                    150
                                                                                                                                                                    
+
                                                                                                                                                                    50
                                                                                                                                                                    
+
                                                                                                                                                                    Burst IOPS limit
                                                                                                                                                                    
+
                                                                                                                                                                    16,000
                                                                                                                                                                    
+
                                                                                                                                                                    5,000
                                                                                                                                                                    
+
                                                                                                                                                                    2,200
                                                                                                                                                                    
+
                                                                                                                                                                    Disk IOPS
                                                                                                                                                                    
+
                                                                                                                                                                    Min. (50,000, 1,800 + 50 x Capacity)
                                                                                                                                                                    
+
                                                                                                                                                                    Min. (5,000, 1,800 + 8 x Capacity)
                                                                                                                                                                    
+
                                                                                                                                                                    Min. (2,200, 500 + 2 x Capacity)
                                                                                                                                                                    
+
                                                                                                                                                                    Disk throughput (MiB/s)
                                                                                                                                                                    
+
                                                                                                                                                                    Min. (350, 120 + 0.5 × Capacity)
                                                                                                                                                                    
+
                                                                                                                                                                    Min. (150, 100 + 0.15 × Capacity)
                                                                                                                                                                    
+
                                                                                                                                                                    50
                                                                                                                                                                    
+
                                                                                                                                                                    Single-queue access latency (ms)
                                                                                                                                                                    
+
                                                                                                                                                                    1
                                                                                                                                                                    
+
                                                                                                                                                                    1–3
                                                                                                                                                                    
+
                                                                                                                                                                    5–10
                                                                                                                                                                    
+
                                                                                                                                                                    API name
                                                                                                                                                                    
+
                                                                                                                                                                    SSD
                                                                                                                                                                    
+
                                                                                                                                                                    SAS
                                                                                                                                                                    
+
                                                                                                                                                                    SATA
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Application Scenarios
                                                                                                                                                                    EVS disks can be mounted in the following modes based on application scenarios:
                                                                                                                                                                    
+
                                                                                                                                                                    • Using an Existing EVS Disk Through a Static PV: static creation mode, where you use an existing EVS disk to create a PV and then mount storage to the workload through a PVC. This mode applies to scenarios where the underlying storage is available.
                                                                                                                                                                    • Using an EVS Disk Through a Dynamic PV: dynamic creation mode, where you do not need to create EVS volumes in advance. Instead, specify a StorageClass during PVC creation and an EVS disk and a PV will be automatically created. This mode applies to scenarios where no underlying storage is available.
                                                                                                                                                                    • Dynamically Mounting an EVS Disk to a StatefulSet: Only StatefulSets support this mode. Each pod is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. This mode applies to StatefulSets with multiple pods.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Elastic Volume Service (EVS)
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0614.html b/docs/cce/umn/cce_10_0614.html
new file mode 100644
index 000000000..1bda050f3
--- /dev/null
+++ b/docs/cce/umn/cce_10_0614.html
@@ -0,0 +1,419 @@
+
+
+
                                                                                                                                                                    Using an Existing EVS Disk Through a Static PV
                                                                                                                                                                    
+
                                                                                                                                                                    CCE allows you to create a PV using an existing EVS disk. After the PV is created, you can create a PVC and bind it to the PV. This mode applies to scenarios where the underlying storage is available.
                                                                                                                                                                    
+
                                                                                                                                                                    Prerequisites
                                                                                                                                                                    • You have created a cluster and installed the CSI add-on (everest) in the cluster.
                                                                                                                                                                    • You have created an EVS disk that meets the following requirements:
                                                                                                                                                                      • The existing EVS disk cannot be a system disk, DSS disk, or shared disk.
                                                                                                                                                                      • The device type of the EVS disk must be SCSI (the default device type is VBD when you purchase an EVS disk).
                                                                                                                                                                      • The EVS disk must be available and not used by other resources.
                                                                                                                                                                      • The AZ of the EVS disk must be the same as that of the cluster node. Otherwise, the EVS disk cannot be mounted and the pod cannot start.
                                                                                                                                                                      • If the EVS disk is encrypted, the key must be available.
                                                                                                                                                                      • EVS disks that have partitions or use non-ext4 file systems are not supported.
                                                                                                                                                                      
+
                                                                                                                                                                    • If you want to create a cluster using commands, use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Constraints
                                                                                                                                                                    • EVS disks cannot be attached across AZs and cannot be used by multiple workloads, multiple pods of the same workload, or multiple tasks. Data sharing of a shared disk is not supported between nodes in a CCE cluster. If an EVS disk is attacked to multiple nodes, I/O conflicts and data cache conflicts may occur. Therefore, create only one pod when creating a Deployment that uses EVS disks.
                                                                                                                                                                    • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS disks attached, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                                                                                      For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS disks attached, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Using an Existing EVS Disk on the Console
                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    2. Statically create a PVC and PV.
                                                                                                                                                                      1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        PVC Type
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, select EVS.
                                                                                                                                                                        
+
                                                                                                                                                                        PVC Name
                                                                                                                                                                        
+
                                                                                                                                                                        Enter the PVC name, which must be unique in the same namespace.
                                                                                                                                                                        
+
                                                                                                                                                                        Creation Method
                                                                                                                                                                        
+
                                                                                                                                                                        • If underlying storage is available, create a storage volume or use an existing storage volume to statically create a PVC based on whether a PV has been created.
                                                                                                                                                                        • If no underlying storage is available, select Dynamically provision. For details, see Using an EVS Disk Through a Dynamic PV.
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, select Create new to create a PV and PVC at the same time on the console.
                                                                                                                                                                        
+
                                                                                                                                                                        PVa
                                                                                                                                                                        
+
                                                                                                                                                                        Select an existing PV in the cluster. Create a PV in advance. For details, see "Creating a storage volume" in Related Operations.
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, you do not need to set this parameter.
                                                                                                                                                                        
+
                                                                                                                                                                        EVSb
                                                                                                                                                                        
+
                                                                                                                                                                        Click Select EVS. On the displayed page, select the EVS disk that meets your requirements and click OK.
                                                                                                                                                                        
+
                                                                                                                                                                        PV Nameb
                                                                                                                                                                        
+
                                                                                                                                                                        Enter the PV name, which must be unique in the same cluster.
                                                                                                                                                                        
+
                                                                                                                                                                        Access Modeb
                                                                                                                                                                        
+
                                                                                                                                                                        EVS disks support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                                        
+
                                                                                                                                                                        Reclaim Policyb
                                                                                                                                                                        
+
                                                                                                                                                                        You can select Delete or Retain to specify the reclaim policy of the underlying storage when the PVC is deleted. For details, see PV Reclaim Policy.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                         
                                                                                                                                                                        a: The parameter is available when Creation Method is set to Use existing.
                                                                                                                                                                        
+
                                                                                                                                                                        b: The parameter is available when Creation Method is set to Create new.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Click Create to create a PVC and a PV.
                                                                                                                                                                        You can choose Storage in the navigation pane and view the created PVC and PV on the PersistentVolumeClaims (PVCs) and PersistentVolumes (PVs) tab pages.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Create an application.
                                                                                                                                                                      1. In the navigation pane on the left, click Workloads. In the right pane, click the StatefulSets tab.
                                                                                                                                                                      2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                                                                        Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 1 Mounting a storage volume
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        PVC
                                                                                                                                                                        
+
                                                                                                                                                                        Select an existing EVS volume.
                                                                                                                                                                        
+
                                                                                                                                                                        An EVS volume cannot be repeatedly mounted to multiple workloads.
                                                                                                                                                                        
+
                                                                                                                                                                        Mount Path
                                                                                                                                                                        
+
                                                                                                                                                                        Enter a mount path, for example, /tmp.
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run; this action may cause container errors. You are advised to mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                                         NOTICE: 
                                                                                                                                                                        When the container is mounted to a high-risk directory, you are advised to use an account with minimum permissions to start the container; otherwise, high-risk files on the host machine may be damaged.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Subpath
                                                                                                                                                                        
+
                                                                                                                                                                        Enter a subpath, for example, tmp, indicating that data in the mount path of the container will be stored in the tmp folder of the volume.
                                                                                                                                                                        
+
                                                                                                                                                                        A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                                                                                                                                        
+
                                                                                                                                                                        Permission
                                                                                                                                                                        
+
                                                                                                                                                                        • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                                        • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause data loss.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, the disk is mounted to the /data path of the container. The container data generated in this path is stored in the EVS disk.
                                                                                                                                                                        
+
                                                                                                                                                                         
                                                                                                                                                                        A non-shared EVS disk cannot be attached to multiple pods in a workload. Otherwise, the pods cannot start properly. Ensure that the number of workload pods is 1 when you attach an EVS disk.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. After the configuration, click Create Workload.
                                                                                                                                                                        After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    (kubectl) Using an Existing EVS Disk
                                                                                                                                                                    1. Use kubectl to connect to the cluster.
                                                                                                                                                                    2. Create a PV. If a PV has been created in your cluster, skip this step.
                                                                                                                                                                      1. Create the pv-evs.yaml file.
                                                                                                                                                                        apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
+    everest.io/reclaim-policy: retain-volume-only         # (Optional) The PV is deleted while the underlying volume is retained.
+  name: pv-evs    # PV name.
+  labels:
+    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed.
+    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed.
+spec:
+  accessModes:
+    - ReadWriteOnce     # Access mode. The value is fixed to ReadWriteOnce for EVS disks.
+  capacity:
+    storage: 10Gi       # EVS disk capacity, in the unit of Gi. The value ranges from 1 to 32768.
+  csi:
+    driver: disk.csi.everest.io     # Dependent storage driver for the mounting.
+    fsType: ext4
+    volumeHandle: <your_volume_id>   # Volume ID of the EVS disk.
+    volumeAttributes:
+      everest.io/disk-mode: SCSI           # Device type of the EVS disk. Only SCSI is supported.
+      everest.io/disk-volume-type: SAS     # EVS disk type.
+      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
+      everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
+
+  persistentVolumeReclaimPolicy: Delete    # Reclaim policy.
+  storageClassName: csi-disk              # Storage class name. The value must be csi-disk for EVS disks.
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 2 Key parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Mandatory
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        everest.io/reclaim-policy: retain-volume-only
                                                                                                                                                                        
+
                                                                                                                                                                        No
                                                                                                                                                                        
+
                                                                                                                                                                        Optional.
                                                                                                                                                                        
+
                                                                                                                                                                        Currently, only retain-volume-only is supported.
                                                                                                                                                                        
+
                                                                                                                                                                        This field is valid only when the everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                                                                                                        
+
                                                                                                                                                                        failure-domain.beta.kubernetes.io/region
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Region where the cluster is located.
                                                                                                                                                                        
+
                                                                                                                                                                        For details about the value of region, see Regions and Endpoints.
                                                                                                                                                                        
+
                                                                                                                                                                        failure-domain.beta.kubernetes.io/zone
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                                                        
+
                                                                                                                                                                        For details about the value of zone, see Regions and Endpoints.
                                                                                                                                                                        
+
                                                                                                                                                                        volumeHandle
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Volume ID of the EVS disk.
                                                                                                                                                                        
+
                                                                                                                                                                        To obtain the volume ID, log in to the Cloud Server Console. In the navigation pane, choose Elastic Volume Service > Disks. Click the name of the target EVS disk to go to its details page. On the Summary tab page, click the copy button after ID.
                                                                                                                                                                        
+
                                                                                                                                                                        everest.io/disk-volume-type
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        EVS disk type. All letters are in uppercase.
                                                                                                                                                                        • SATA: common I/O
                                                                                                                                                                        • SAS: high I/O
                                                                                                                                                                        • SSD: ultra-high I/O
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        everest.io/crypt-key-id
                                                                                                                                                                        
+
                                                                                                                                                                        No
                                                                                                                                                                        
+
                                                                                                                                                                        Mandatory when the EVS disk is encrypted. Enter the encryption key ID selected during EVS disk creation.
                                                                                                                                                                        
+
                                                                                                                                                                        To obtain the encryption key ID, log in to the Cloud Server Console. In the navigation pane, choose Elastic Volume Service > Disks. Click the name of the target EVS disk to go to its details page. On the Summary tab page, copy the value of KMS Key ID in the Configuration Information area.
                                                                                                                                                                        
+
                                                                                                                                                                        persistentVolumeReclaimPolicy
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        A reclaim policy is supported when the cluster version is or later than 1.19.10 and the everest version is or later than 1.2.9.
                                                                                                                                                                        
+
                                                                                                                                                                        The Delete and Retain reclaim policies are supported. For details, see PV Reclaim Policy. If high data security is required, you are advised to select Retain to prevent data from being deleted by mistake.
                                                                                                                                                                        
+
                                                                                                                                                                        Delete:
                                                                                                                                                                        
+
                                                                                                                                                                        • If everest.io/reclaim-policy is not specified, both the PV and EVS volare deleted when a PVC is deleted.
                                                                                                                                                                        • If everest.io/reclaim-policy is set to retain-volume-only, when a PVC is deleted, the PV is deleted but the EVS resources are retained.
                                                                                                                                                                        
+
                                                                                                                                                                        Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV is in the Released status and cannot be bound to the PVC again.
                                                                                                                                                                        
+
                                                                                                                                                                        storageClassName
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        The storage class name for EVS disks is csi-disk.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a PV:
                                                                                                                                                                        kubectl apply -f pv-evs.yaml
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Create a PVC.
                                                                                                                                                                      1. Create the pvc-evs.yaml file.
                                                                                                                                                                        apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-evs
+  namespace: default
+  annotations:
+      everest.io/disk-volume-type: SAS    # EVS disk type.
+    everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
+
+  labels:
+    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed.
+    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed.
+spec:
+  accessModes:
+  - ReadWriteOnce               # The value must be ReadWriteOnce for EVS disks.
+  resources:
+    requests:
+      storage: 10Gi             # EVS disk capacity, ranging from 1 to 32768. The value must be the same as the storage size of the existing PV.
+  storageClassName: csi-disk    # Storage class type for EVS disks.
+  volumeName: pv-evs            # PV name.
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 3 Key parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Mandatory
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        failure-domain.beta.kubernetes.io/region
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Region where the cluster is located.
                                                                                                                                                                        
+
                                                                                                                                                                        For details about the value of region, see Regions and Endpoints.
                                                                                                                                                                        
+
                                                                                                                                                                        failure-domain.beta.kubernetes.io/zone
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                                                        
+
                                                                                                                                                                        For details about the value of zone, see Regions and Endpoints.
                                                                                                                                                                        
+
                                                                                                                                                                        storage
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Requested capacity in the PVC, in Gi.
                                                                                                                                                                        
+
                                                                                                                                                                        The value must be the same as the storage size of the existing PV.
                                                                                                                                                                        
+
                                                                                                                                                                        volumeName
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        PV name, which must be the same as the PV name in 1.
                                                                                                                                                                        
+
                                                                                                                                                                        storageClassName
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Storage class name, which must be the same as the storage class of the PV in 1.
                                                                                                                                                                        
+
                                                                                                                                                                        The storage class name of the EVS volumes is csi-disk.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a PVC:
                                                                                                                                                                        kubectl apply -f pvc-evs.yaml
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    4. Create an application.
                                                                                                                                                                      1. Create a file named web-evs.yaml. In this example, the EVS volume is mounted to the /data path.
                                                                                                                                                                        apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: web-evs
+  namespace: default
+spec:
+ replicas: 1            # The number of workload replicas that use the EVS volume must be 1.
+  selector:
+    matchLabels:
+      app: web-evs
+  serviceName: web-evs   # Headless Service name.
+  template:
+    metadata:
+      labels:
+        app: web-evs
+    spec:
+      containers:
+      - name: container-1
+        image: nginx:latest
+        volumeMounts:
+        - name: pvc-disk    # Volume name, which must be the same as the volume name in the volumes field.
+          mountPath: /data  # Location where the storage volume is mounted.
+      imagePullSecrets:
+        - name: default-secret
+      volumes:
+        - name: pvc-disk    # Volume name, which can be customized.
+          persistentVolumeClaim:
+            claimName: pvc-evs    # Name of the created PVC.
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: web-evs   # Headless Service name.
+  namespace: default
+  labels:
+    app: web-evs
+spec:
+  selector:
+    app: web-evs
+  clusterIP: None
+  ports:
+    - name: web-evs
+      targetPort: 80
+      nodePort: 0
+      port: 80
+      protocol: TCP
+  type: ClusterIP
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a workload to which the EVS volume is mounted:
                                                                                                                                                                        kubectl apply -f web-evs.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Verifying Data Persistence
                                                                                                                                                                    1. View the deployed application and EVS volume files.
                                                                                                                                                                      1. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep web-evs
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        web-evs-0                  1/1     Running   0               38s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to check whether the EVS volume has been mounted to the /data path:
                                                                                                                                                                        kubectl exec web-evs-0 -- df | grep data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        /dev/sdc              10255636     36888  10202364   0% /data
                                                                                                                                                                        
+
                                                                                                                                                                      3. Run the following command to view the files in the /data path:
                                                                                                                                                                        kubectl exec web-evs-0 -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        lost+found
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    2. Run the following command to create a file named static in the /data path:
                                                                                                                                                                      kubectl exec web-evs-0 --  touch /data/static
                                                                                                                                                                      
+
                                                                                                                                                                    3. Run the following command to view the files in the /data path:
                                                                                                                                                                      kubectl exec web-evs-0 -- ls /data
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      lost+found
+static
                                                                                                                                                                      
+
                                                                                                                                                                    4. Run the following command to delete the pod named web-evs-0:
                                                                                                                                                                      kubectl delete pod web-evs-0
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      pod "web-evs-0" deleted
                                                                                                                                                                      
+
                                                                                                                                                                    5. After the deletion, the StatefulSet controller automatically creates a replica with the same name. Run the following command to check whether the files in the /data path have been modified:
                                                                                                                                                                      kubectl exec web-evs-0 -- ls /data
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      lost+found
+static
                                                                                                                                                                      
+
                                                                                                                                                                      If the static file still exists, the data in the EVS volume can be stored persistently.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Related Operations
                                                                                                                                                                    You can also perform the operations listed in Table 4.
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 4 Related operations
                                                                                                                                                                    Operation
                                                                                                                                                                    
+
                                                                                                                                                                    Description
                                                                                                                                                                    
+
                                                                                                                                                                    Procedure
                                                                                                                                                                    
+
                                                                                                                                                                    Creating a storage volume (PV)
                                                                                                                                                                    
+
                                                                                                                                                                    Create a PV on the CCE console.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumes (PVs) tab. Click Create Volume in the upper right corner. In the dialog box displayed, configure the parameters.
                                                                                                                                                                      • Volume Type: Select EVS.
                                                                                                                                                                      • EVS: Click Select EVS. On the displayed page, select the EVS disk that meets your requirements and click OK.
                                                                                                                                                                      • PV Name: Enter the PV name, which must be unique in the same cluster.
                                                                                                                                                                      • Access Mode: EVS disks support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                                      • Reclaim Policy: Delete or Retain. For details, see PV Reclaim Policy.
                                                                                                                                                                      
+
                                                                                                                                                                    2. Click Create.
                                                                                                                                                                    
+
                                                                                                                                                                    Expanding the capacity of an EVS disk
                                                                                                                                                                    
+
                                                                                                                                                                    Quickly expand the capacity of a mounted EVS disk on the CCE console.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                                                                    2. Enter the capacity to be added and click OK.
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing events
                                                                                                                                                                    
+
                                                                                                                                                                    You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing a YAML file
                                                                                                                                                                    
+
                                                                                                                                                                    You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Elastic Volume Service (EVS)
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0615.html b/docs/cce/umn/cce_10_0615.html
new file mode 100644
index 000000000..5a585fb45
--- /dev/null
+++ b/docs/cce/umn/cce_10_0615.html
@@ -0,0 +1,311 @@
+
+
+
                                                                                                                                                                    Using an EVS Disk Through a Dynamic PV
                                                                                                                                                                    
+
                                                                                                                                                                    CCE allows you to specify a StorageClass to automatically create an EVS disk and the corresponding PV. This function is applicable when no underlying storage volume is available.
                                                                                                                                                                    
+
                                                                                                                                                                    Prerequisites
                                                                                                                                                                    • You have created a cluster and installed the CSI add-on (everest) in the cluster.
                                                                                                                                                                    • If you want to create a cluster using commands, use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Constraints
                                                                                                                                                                    • EVS disks cannot be attached across AZs and cannot be used by multiple workloads, multiple pods of the same workload, or multiple tasks. Data sharing of a shared disk is not supported between nodes in a CCE cluster. If an EVS disk is attacked to multiple nodes, I/O conflicts and data cache conflicts may occur. Therefore, create only one pod when creating a Deployment that uses EVS disks.
                                                                                                                                                                    • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS disks attached, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                                                                                      For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS disks attached, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    (Console) Automatically Creating an EVS Disk
                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    2. Dynamically create a PVC and PV.
                                                                                                                                                                      1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        PVC Type
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, select EVS.
                                                                                                                                                                        
+
                                                                                                                                                                        PVC Name
                                                                                                                                                                        
+
                                                                                                                                                                        Enter the PVC name, which must be unique in the same namespace.
                                                                                                                                                                        
+
                                                                                                                                                                        Creation Method
                                                                                                                                                                        
+
                                                                                                                                                                        • If no underlying storage is available, select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
                                                                                                                                                                        • If underlying storage is available, create a storage volume or use an existing storage volume to statically create a PVC based on whether a PV has been created. For details, see Using an Existing EVS Disk Through a Static PV.
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, select Dynamically provision.
                                                                                                                                                                        
+
                                                                                                                                                                        Storage Classes
                                                                                                                                                                        
+
                                                                                                                                                                        The storage class for EVS disks is csi-disk.
                                                                                                                                                                        
+
                                                                                                                                                                        AZ
                                                                                                                                                                        
+
                                                                                                                                                                        Select the AZ of the EVS disk. The AZ must be the same as that of the cluster node.
                                                                                                                                                                        
+
                                                                                                                                                                         NOTE: 
                                                                                                                                                                        An EVS disk can only be mounted to a node in the same AZ. After an EVS disk is created, its AZ cannot be changed.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Disk Type
                                                                                                                                                                        
+
                                                                                                                                                                        Select an EVS disk type.
                                                                                                                                                                        
+
                                                                                                                                                                        Access Mode
                                                                                                                                                                        
+
                                                                                                                                                                        EVS disks support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                                        
+
                                                                                                                                                                        Capacity (GiB)
                                                                                                                                                                        
+
                                                                                                                                                                        Capacity of the requested storage volume.
                                                                                                                                                                        
+
                                                                                                                                                                        Encryption
                                                                                                                                                                        
+
                                                                                                                                                                        You can select Encryption and an encryption key to encrypt underlying storage. Before using the encryption function, check whether the region where the EVS disk is located supports disk encryption.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Click Create.
                                                                                                                                                                        You can choose Storage in the navigation pane and view the created PVC and PV on the PersistentVolumeClaims (PVCs) and PersistentVolumes (PVs) tab pages.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Create an application.
                                                                                                                                                                      1. In the navigation pane on the left, click Workloads. In the right pane, click the StatefulSets tab.
                                                                                                                                                                      2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                                                                        Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 1 Mounting a storage volume
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        PVC
                                                                                                                                                                        
+
                                                                                                                                                                        Select an existing EVS volume.
                                                                                                                                                                        
+
                                                                                                                                                                        An EVS volume cannot be repeatedly mounted to multiple workloads.
                                                                                                                                                                        
+
                                                                                                                                                                        Mount Path
                                                                                                                                                                        
+
                                                                                                                                                                        Enter a mount path, for example, /tmp.
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run; this action may cause container errors. You are advised to mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                                         NOTICE: 
                                                                                                                                                                        When the container is mounted to a high-risk directory, you are advised to use an account with minimum permissions to start the container; otherwise, high-risk files on the host machine may be damaged.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Subpath
                                                                                                                                                                        
+
                                                                                                                                                                        Enter a subpath, for example, tmp, indicating that data in the mount path of the container will be stored in the tmp folder of the volume.
                                                                                                                                                                        
+
                                                                                                                                                                        A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                                                                                                                                        
+
                                                                                                                                                                        Permission
                                                                                                                                                                        
+
                                                                                                                                                                        • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                                        • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause data loss.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, the disk is mounted to the /data path of the container. The container data generated in this path is stored in the EVS disk.
                                                                                                                                                                        
+
                                                                                                                                                                         
                                                                                                                                                                        A non-shared EVS disk cannot be attached to multiple pods in a workload. Otherwise, the pods cannot start properly. Ensure that the number of workload pods is 1 when you attach an EVS disk.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. After the configuration, click Create Workload.
                                                                                                                                                                        After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    (kubectl) Automatically Creating an EVS Disk
                                                                                                                                                                    1. Use kubectl to connect to the cluster.
                                                                                                                                                                    2. Use StorageClass to dynamically create a PVC and PV.
                                                                                                                                                                      1. Create the pvc-evs-auto.yaml file.
                                                                                                                                                                        apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-evs-auto
+  namespace: default
+  annotations:
+      everest.io/disk-volume-type: SAS    # EVS disk type.
+    everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.
+
+  labels:
+    failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed.
+    failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed.
+spec:
+  accessModes:
+  - ReadWriteOnce               # The value must be ReadWriteOnce for EVS disks.
+  resources:
+    requests:
+      storage: 10Gi             # EVS disk capacity, ranging from 1 to 32768.
+  storageClassName: csi-disk    # Storage class type for EVS disks.
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 2 Key parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Mandatory
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        failure-domain.beta.kubernetes.io/region
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Region where the cluster is located.
                                                                                                                                                                        
+
                                                                                                                                                                        For details about the value of region, see Regions and Endpoints.
                                                                                                                                                                        
+
                                                                                                                                                                        failure-domain.beta.kubernetes.io/zone
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                                                        
+
                                                                                                                                                                        For details about the value of zone, see Regions and Endpoints.
                                                                                                                                                                        
+
                                                                                                                                                                        everest.io/disk-volume-type
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        EVS disk type. All letters are in uppercase.
                                                                                                                                                                        • SATA: common I/O
                                                                                                                                                                        • SAS: high I/O
                                                                                                                                                                        • SSD: ultra-high I/O
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        everest.io/crypt-key-id
                                                                                                                                                                        
+
                                                                                                                                                                        No
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter is mandatory when an EVS disk is encrypted. Enter the encryption key ID selected during EVS disk creation. You can use a custom key or the default key named evs/default.
                                                                                                                                                                        
+
                                                                                                                                                                        To obtain a key ID, log in to the DEW console, locate the key to be encrypted, and copy the key ID.
                                                                                                                                                                        
+
                                                                                                                                                                        storage
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Requested PVC capacity, in Gi. The value ranges from 1 to 32768.
                                                                                                                                                                        
+
                                                                                                                                                                        storageClassName
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        The storage class name of the EVS volumes is csi-disk.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a PVC:
                                                                                                                                                                        kubectl apply -f pvc-evs-auto.yaml
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Create an application.
                                                                                                                                                                      1. Create a file named web-evs-auto.yaml. In this example, the EVS volume is mounted to the /data path.
                                                                                                                                                                        apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: web-evs-auto
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: web-evs-auto
+  serviceName: web-evs-auto   # Headless Service name.
+  template:
+    metadata:
+      labels:
+        app: web-evs-auto
+    spec:
+      containers:
+      - name: container-1
+        image: nginx:latest
+        volumeMounts:
+        - name: pvc-disk    # Volume name, which must be the same as the volume name in the volumes field.
+          mountPath: /data  # Location where the storage volume is mounted.
+      imagePullSecrets:
+        - name: default-secret
+      volumes:
+        - name: pvc-disk    # Volume name, which can be customized.
+          persistentVolumeClaim:
+            claimName: pvc-evs-auto    # Name of the created PVC.
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: web-evs-auto   # Headless Service name.
+  namespace: default
+  labels:
+    app: web-evs-auto
+spec:
+  selector:
+    app: web-evs-auto
+  clusterIP: None
+  ports:
+    - name: web-evs-auto
+      targetPort: 80
+      nodePort: 0
+      port: 80
+      protocol: TCP
+  type: ClusterIP
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a workload to which the EVS volume is mounted:
                                                                                                                                                                        kubectl apply -f web-evs-auto.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Verifying Data Persistence
                                                                                                                                                                    1. View the deployed application and EVS volume files.
                                                                                                                                                                      1. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep web-evs-auto
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        web-evs-auto-0                  1/1     Running   0               38s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to check whether the EVS volume has been mounted to the /data path:
                                                                                                                                                                        kubectl exec web-evs-auto-0 -- df | grep data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        /dev/sdc              10255636     36888  10202364   0% /data
                                                                                                                                                                        
+
                                                                                                                                                                      3. Run the following command to view the files in the /data path:
                                                                                                                                                                        kubectl exec web-evs-auto-0 -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        lost+found
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    2. Run the following command to create a file named static in the /data path:
                                                                                                                                                                      kubectl exec web-evs-auto-0 --  touch /data/static
                                                                                                                                                                      
+
                                                                                                                                                                    3. Run the following command to view the files in the /data path:
                                                                                                                                                                      kubectl exec web-evs-auto-0 -- ls /data
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      lost+found
+static
                                                                                                                                                                      
+
                                                                                                                                                                    4. Run the following command to delete the pod named web-evs-auto-0:
                                                                                                                                                                      kubectl delete pod web-evs-auto-0
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      pod "web-evs-auto-0" deleted
                                                                                                                                                                      
+
                                                                                                                                                                    5. After the deletion, the StatefulSet controller automatically creates a replica with the same name. Run the following command to check whether the files in the /data path have been modified:
                                                                                                                                                                      kubectl exec web-evs-auto-0 -- ls /data
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      lost+found
+static
                                                                                                                                                                      
+
                                                                                                                                                                      If the static file still exists, the data in the EVS volume can be stored persistently.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Related Operations
                                                                                                                                                                    You can also perform the operations listed in Table 3.
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 3 Related operations
                                                                                                                                                                    Operation
                                                                                                                                                                    
+
                                                                                                                                                                    Description
                                                                                                                                                                    
+
                                                                                                                                                                    Procedure
                                                                                                                                                                    
+
                                                                                                                                                                    Expanding the capacity of an EVS disk
                                                                                                                                                                    
+
                                                                                                                                                                    Quickly expand the capacity of a mounted EVS disk on the CCE console.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                                                                    2. Enter the capacity to be added and click OK.
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing events
                                                                                                                                                                    
+
                                                                                                                                                                    You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing a YAML file
                                                                                                                                                                    
+
                                                                                                                                                                    You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Elastic Volume Service (EVS)
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0616.html b/docs/cce/umn/cce_10_0616.html
new file mode 100644
index 000000000..4ee69138f
--- /dev/null
+++ b/docs/cce/umn/cce_10_0616.html
@@ -0,0 +1,290 @@
+
+
+
                                                                                                                                                                    Dynamically Mounting an EVS Disk to a StatefulSet
                                                                                                                                                                    
+
                                                                                                                                                                    Application Scenarios
                                                                                                                                                                    Dynamic mounting is available only for creating a StatefulSet. It is implemented through a volume claim template (volumeClaimTemplates field) and depends on the storage class to dynamically provision PVs. In this mode, each pod in a multi-pod StatefulSet is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. In the common mounting mode for a Deployment, if ReadWriteMany is supported, multiple pods of the Deployment will be mounted to the same underlying storage.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Prerequisites
                                                                                                                                                                    • You have created a cluster and installed the CSI add-on (everest) in the cluster.
                                                                                                                                                                    • If you want to create a cluster using commands, use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    (Console) Dynamically Mounting an EVS Disk
                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    2. In the navigation pane on the left, click Workloads. In the right pane, click the StatefulSets tab.
                                                                                                                                                                    3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select VolumeClaimTemplate (VTC).
                                                                                                                                                                    4. Click Create PVC. In the dialog box displayed, configure the PVC parameters.
                                                                                                                                                                      Click Create.
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Parameter
                                                                                                                                                                      
+
                                                                                                                                                                      Description
                                                                                                                                                                      
+
                                                                                                                                                                      PVC Type
                                                                                                                                                                      
+
                                                                                                                                                                      In this example, select EVS.
                                                                                                                                                                      
+
                                                                                                                                                                      PVC Name
                                                                                                                                                                      
+
                                                                                                                                                                      Enter the name of the PVC. After a PVC is created, a suffix is automatically added based on the number of pods. The format is <Custom PVC name>-<Serial number>, for example, example-0.
                                                                                                                                                                      
+
                                                                                                                                                                      Creation Method
                                                                                                                                                                      
+
                                                                                                                                                                      You can select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
                                                                                                                                                                      
+
                                                                                                                                                                      Storage Classes
                                                                                                                                                                      
+
                                                                                                                                                                      The storage class for EVS disks is csi-disk.
                                                                                                                                                                      
+
                                                                                                                                                                      AZ
                                                                                                                                                                      
+
                                                                                                                                                                      Select the AZ of the EVS disk. The AZ must be the same as that of the cluster node.
                                                                                                                                                                      
+
                                                                                                                                                                       NOTE: 
                                                                                                                                                                      An EVS disk can only be mounted to a node in the same AZ. After an EVS disk is created, its AZ cannot be changed.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Disk Type
                                                                                                                                                                      
+
                                                                                                                                                                      Select an EVS disk type.
                                                                                                                                                                      
+
                                                                                                                                                                      Access Mode
                                                                                                                                                                      
+
                                                                                                                                                                      EVS disks support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                                      
+
                                                                                                                                                                      Capacity (GiB)
                                                                                                                                                                      
+
                                                                                                                                                                      Capacity of the requested storage volume.
                                                                                                                                                                      
+
                                                                                                                                                                      Encryption
                                                                                                                                                                      
+
                                                                                                                                                                      You can select Encryption and an encryption key to encrypt underlying storage. Only EVS disks and SFS file systems support encryption.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    5. Enter the path to which the volume is mounted.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Table 1 Mounting a storage volume
                                                                                                                                                                      Parameter
                                                                                                                                                                      
+
                                                                                                                                                                      Description
                                                                                                                                                                      
+
                                                                                                                                                                      Mount Path
                                                                                                                                                                      
+
                                                                                                                                                                      Enter a mount path, for example, /tmp.
                                                                                                                                                                      
+
                                                                                                                                                                      This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, errors will occur in containers. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                                       NOTICE: 
                                                                                                                                                                      If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Subpath
                                                                                                                                                                      
+
                                                                                                                                                                      Enter a subpath, for example, tmp, indicating that data in the mount path of the container will be stored in the tmp folder of the volume.
                                                                                                                                                                      
+
                                                                                                                                                                      A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                                                                                                                                      
+
                                                                                                                                                                      Permission
                                                                                                                                                                      
+
                                                                                                                                                                      • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                                      • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause data loss.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      In this example, the disk is mounted to the /data path of the container. The container data generated in this path is stored in the EVS disk.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    6. Dynamically mount and use storage volumes. For details about other parameters, see Creating a StatefulSet. After the configuration, click Create Workload.
                                                                                                                                                                      After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    (kubectl) Using an Existing EVS Disk
                                                                                                                                                                    1. Use kubectl to connect to the cluster.
                                                                                                                                                                    2. Create a file named statefulset-evs.yaml. In this example, the EVS volume is mounted to the /data path.
                                                                                                                                                                      apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: statefulset-evs
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: statefulset-evs
+  template:
+    metadata:
+      labels:
+        app: statefulset-evs
+    spec:
+      containers:
+        - name: container-1
+          image: nginx:latest
+          volumeMounts:
+            - name: pvc-disk           # The value must be the same as that in the volumeClaimTemplates field.
+              mountPath: /data         # Location where the storage volume is mounted.
+      imagePullSecrets:
+        - name: default-secret
+  serviceName: statefulset-evs         # Headless Service name.
+  replicas: 2
+  volumeClaimTemplates:
+    - apiVersion: v1
+      kind: PersistentVolumeClaim
+      metadata:
+        name: pvc-disk
+        namespace: default
+        annotations:
+          everest.io/disk-volume-type: SAS    # EVS disk type.
+          everest.io/crypt-key-id: <your_key_id>    # (Optional) Encryption key ID. Mandatory for an encrypted disk.          labels:
+          failure-domain.beta.kubernetes.io/region: <your_region>   # Region of the node where the application is to be deployed.
+          failure-domain.beta.kubernetes.io/zone: <your_zone>       # AZ of the node where the application is to be deployed.
+      spec:
+        accessModes:
+          - ReadWriteOnce               # The value must be ReadWriteOnce for EVS disks.
+        resources:
+          requests:
+            storage: 10Gi             # EVS disk capacity, ranging from 1 to 32768.
+        storageClassName: csi-disk    # Storage class type for EVS disks.
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: statefulset-evs   # Headless Service name.
+  namespace: default
+  labels:
+    app: statefulset-evs
+spec:
+  selector:
+    app: statefulset-evs
+  clusterIP: None
+  ports:
+    - name: statefulset-evs
+      targetPort: 80
+      nodePort: 0
+      port: 80
+      protocol: TCP
+  type: ClusterIP
                                                                                                                                                                      
+
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Table 2 Key parameters
                                                                                                                                                                      Parameter
                                                                                                                                                                      
+
                                                                                                                                                                      Mandatory
                                                                                                                                                                      
+
                                                                                                                                                                      Description
                                                                                                                                                                      
+
                                                                                                                                                                      failure-domain.beta.kubernetes.io/region
                                                                                                                                                                      
+
                                                                                                                                                                      Yes
                                                                                                                                                                      
+
                                                                                                                                                                      Region where the cluster is located.
                                                                                                                                                                      
+
                                                                                                                                                                      For details about the value of region, see Regions and Endpoints.
                                                                                                                                                                      
+
                                                                                                                                                                      failure-domain.beta.kubernetes.io/zone
                                                                                                                                                                      
+
                                                                                                                                                                      Yes
                                                                                                                                                                      
+
                                                                                                                                                                      AZ where the EVS volume is created. It must be the same as the AZ planned for the workload.
                                                                                                                                                                      
+
                                                                                                                                                                      For details about the value of zone, see Regions and Endpoints.
                                                                                                                                                                      
+
                                                                                                                                                                      everest.io/disk-volume-type
                                                                                                                                                                      
+
                                                                                                                                                                      Yes
                                                                                                                                                                      
+
                                                                                                                                                                      EVS disk type. All letters are in uppercase.
                                                                                                                                                                      • SATA: common I/O
                                                                                                                                                                      • SAS: high I/O
                                                                                                                                                                      • SSD: ultra-high I/O
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      everest.io/crypt-key-id
                                                                                                                                                                      
+
                                                                                                                                                                      No
                                                                                                                                                                      
+
                                                                                                                                                                      Mandatory when the EVS disk is encrypted. Enter the encryption key ID selected during EVS disk creation.
                                                                                                                                                                      
+
                                                                                                                                                                      To obtain the encryption key ID, log in to the Cloud Server Console. In the navigation pane, choose Elastic Volume Service > Disks. Click the name of the target EVS disk to go to its details page. On the Summary tab page, copy the value of KMS Key ID in the Configuration Information area.
                                                                                                                                                                      
+
                                                                                                                                                                      storage
                                                                                                                                                                      
+
                                                                                                                                                                      Yes
                                                                                                                                                                      
+
                                                                                                                                                                      Requested PVC capacity, in Gi. The value ranges from 1 to 32768.
                                                                                                                                                                      
+
                                                                                                                                                                      storageClassName
                                                                                                                                                                      
+
                                                                                                                                                                      Yes
                                                                                                                                                                      
+
                                                                                                                                                                      The storage class name for EVS disks is csi-disk.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Run the following command to create a workload to which the EVS volume is mounted:
                                                                                                                                                                      kubectl apply -f statefulset-evs.yaml
                                                                                                                                                                      
+
                                                                                                                                                                      After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Verifying Data Persistence
                                                                                                                                                                    1. View the deployed application and EVS volume files.
                                                                                                                                                                      1. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep statefulset-evs
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        statefulset-evs-0          1/1     Running   0             45s
+statefulset-evs-1          1/1     Running   0             28s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to check whether the EVS volume has been mounted to the /data path:
                                                                                                                                                                        kubectl exec statefulset-evs-0 -- df | grep data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        /dev/sdd              10255636     36888  10202364   0% /data
                                                                                                                                                                        
+
                                                                                                                                                                      3. Run the following command to view the files in the /data path:
                                                                                                                                                                        kubectl exec statefulset-evs-0 -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        lost+found
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    2. Run the following command to create a file named static in the /data path:
                                                                                                                                                                      kubectl exec statefulset-evs-0 --  touch /data/static
                                                                                                                                                                      
+
                                                                                                                                                                    3. Run the following command to view the files in the /data path:
                                                                                                                                                                      kubectl exec statefulset-evs-0 -- ls /data
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      lost+found
+static
                                                                                                                                                                      
+
                                                                                                                                                                    4. Run the following command to delete the pod named web-evs-auto-0:
                                                                                                                                                                      kubectl delete pod statefulset-evs-0
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      pod "statefulset-evs-0" deleted
                                                                                                                                                                      
+
                                                                                                                                                                    5. After the deletion, the StatefulSet controller automatically creates a replica with the same name. Run the following command to check whether the files in the /data path have been modified:
                                                                                                                                                                      kubectl exec statefulset-evs-0 -- ls /data
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      lost+found
+static
                                                                                                                                                                      
+
                                                                                                                                                                      If the static file still exists, the data in the EVS volume can be stored persistently.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Related Operations
                                                                                                                                                                    You can also perform the operations listed in Table 3.
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 3 Related operations
                                                                                                                                                                    Operation
                                                                                                                                                                    
+
                                                                                                                                                                    Description
                                                                                                                                                                    
+
                                                                                                                                                                    Procedure
                                                                                                                                                                    
+
                                                                                                                                                                    Expanding the capacity of an EVS disk
                                                                                                                                                                    
+
                                                                                                                                                                    Quickly expand the capacity of a mounted EVS disk on the CCE console.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                                                                    2. Enter the capacity to be added and click OK.
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing events
                                                                                                                                                                    
+
                                                                                                                                                                    You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing a YAML file
                                                                                                                                                                    
+
                                                                                                                                                                    You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Elastic Volume Service (EVS)
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0617.html b/docs/cce/umn/cce_10_0617.html
new file mode 100644
index 000000000..e891e0967
--- /dev/null
+++ b/docs/cce/umn/cce_10_0617.html
@@ -0,0 +1,17 @@
+
+
+
                                                                                                                                                                    Overview
                                                                                                                                                                    
+
                                                                                                                                                                    Introduction
                                                                                                                                                                    CCE allows you to mount a volume created from a Scalable File Service (SFS) file system to a container to store data persistently. SFS volumes are commonly used in ReadWriteMany scenarios for large-capacity expansion and cost-sensitive services, such as media processing, content management, big data analysis, and workload process analysis. For services with massive volume of small files, SFS Turbo file systems are recommended.
                                                                                                                                                                    
+
                                                                                                                                                                    Expandable to petabytes, SFS provides fully hosted shared file storage, highly available and stable to handle data- and bandwidth-intensive applications
                                                                                                                                                                    
+
                                                                                                                                                                    • Standard file protocols: You can mount file systems as volumes to servers, the same as using local directories.
                                                                                                                                                                    • Data sharing: The same file system can be mounted to multiple servers, so that data can be shared.
                                                                                                                                                                    • Private network: Users can access data only in private networks of data centers.
                                                                                                                                                                    • Capacity and performance: The capacity of a single file system is high (PB level) and the performance is excellent (ms-level read/write I/O latency).
                                                                                                                                                                    • Use cases: Deployments/StatefulSets in the ReadWriteMany mode and jobs created for high-performance computing (HPC), media processing, content management, web services, big data analysis, and workload process analysis
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Application Scenarios
                                                                                                                                                                    SFS supports the following mounting modes based on application scenarios:
                                                                                                                                                                    
+
                                                                                                                                                                    • Using an Existing SFS File System Through a Static PV: static creation mode, where you use an existing SFS volume to create a PV and then mount storage to the workload through a PVC. This mode applies to scenarios where the underlying storage is available.
                                                                                                                                                                    • Using an SFS File System Through a Dynamic PV: dynamic creation mode, where you do not need to create SFS volumes in advance. Instead, specify a StorageClass during PVC creation and an SFS volume and a PV will be automatically created. This mode applies to scenarios where no underlying storage is available.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Scalable File Service (SFS)
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0619.html b/docs/cce/umn/cce_10_0619.html
new file mode 100644
index 000000000..77f0a9e41
--- /dev/null
+++ b/docs/cce/umn/cce_10_0619.html
@@ -0,0 +1,374 @@
+
+
+
                                                                                                                                                                    Using an Existing SFS File System Through a Static PV
                                                                                                                                                                    
+
                                                                                                                                                                    SFS is a network-attached storage (NAS) that provides shared, scalable, and high-performance file storage. It applies to large-capacity expansion and cost-sensitive services. This section describes how to use an existing SFS file system to statically create PVs and PVCs and implement data persistence and sharing in workloads.
                                                                                                                                                                    
+
                                                                                                                                                                    Prerequisites
                                                                                                                                                                    • You have created a cluster and installed the CSI add-on (everest) in the cluster.
                                                                                                                                                                    • If you want to create a cluster using commands, use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    • You have created an SFS file system that is in the same VPC as the cluster.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Constraints
                                                                                                                                                                    • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                                                                                      • If multiple PVCs/PVs use the same underlying SFS or SFS Turbo file system, when you attempt to mount these PVCs/PVs to the same pod, all PVCs cannot be mounted to the pod and the pod startup fails. This is because the volumeHandle values of these PVs are the same.
                                                                                                                                                                      • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                                                                                      • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Using an Existing SFS File System on the Console
                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    2. Statically create a PVC and PV.
                                                                                                                                                                      1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        PVC Type
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, select SFS.
                                                                                                                                                                        
+
                                                                                                                                                                        PVC Name
                                                                                                                                                                        
+
                                                                                                                                                                        Enter the PVC name, which must be unique in the same namespace.
                                                                                                                                                                        
+
                                                                                                                                                                        Creation Method
                                                                                                                                                                        
+
                                                                                                                                                                        • If underlying storage is available, create a storage volume or use an existing storage volume to statically create a PVC based on whether a PV has been created.
                                                                                                                                                                        • If no underlying storage is available, select Dynamically provision. For details, see Using an SFS File System Through a Dynamic PV.
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, select Create new to create a PV and PVC at the same time on the console.
                                                                                                                                                                        
+
                                                                                                                                                                        PVa
                                                                                                                                                                        
+
                                                                                                                                                                        Select an existing PV in the cluster. Create a PV in advance. For details, see "Creating a storage volume " in Related Operations.
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, you do not need to set this parameter.
                                                                                                                                                                        
+
                                                                                                                                                                        SFSb
                                                                                                                                                                        
+
                                                                                                                                                                        Click Select SFS. On the displayed page, select the SFS file system that meets your requirements and click OK.
                                                                                                                                                                        
+
                                                                                                                                                                         NOTE: 
                                                                                                                                                                        Currently, only SFS 3.0 Capacity-Oriented is supported.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        PV Nameb
                                                                                                                                                                        
+
                                                                                                                                                                        Enter the PV name, which must be unique in the same cluster.
                                                                                                                                                                        
+
                                                                                                                                                                        Access Modeb
                                                                                                                                                                        
+
                                                                                                                                                                        SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                                        
+
                                                                                                                                                                        Reclaim Policyb
                                                                                                                                                                        
+
                                                                                                                                                                        You can select Delete or Retain to specify the reclaim policy of the underlying storage when the PVC is deleted. For details, see PV Reclaim Policy.
                                                                                                                                                                        
+
                                                                                                                                                                         NOTE: 
                                                                                                                                                                        If multiple PVs use the same underlying storage volume, use Retain to avoid cascading deletion of underlying volumes.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Mount Optionsb
                                                                                                                                                                        
+
                                                                                                                                                                        Enter the mounting parameter key-value pairs. For details, see Configuring SFS Volume Mount Options.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                         
                                                                                                                                                                        a: The parameter is available when Creation Method is set to Use existing.
                                                                                                                                                                        
+
                                                                                                                                                                        b: The parameter is available when Creation Method is set to Create new.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Click Create to create a PVC and a PV.
                                                                                                                                                                        You can choose Storage in the navigation pane and view the created PVC and PV on the PersistentVolumeClaims (PVCs) and PersistentVolumes (PVs) tab pages.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Create an application.
                                                                                                                                                                      1. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                                                                                                      2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                                                                        Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 1 Mounting a storage volume
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        PVC
                                                                                                                                                                        
+
                                                                                                                                                                        Select an existing SFS volume.
                                                                                                                                                                        
+
                                                                                                                                                                        Mount Path
                                                                                                                                                                        
+
                                                                                                                                                                        Enter a mount path, for example, /tmp.
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                                         NOTICE: 
                                                                                                                                                                        If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Subpath
                                                                                                                                                                        
+
                                                                                                                                                                        Enter a subpath, for example, tmp, indicating that data in the mount path of the container will be stored in the tmp folder of the volume.
                                                                                                                                                                        
+
                                                                                                                                                                        A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                                                                                                                                        
+
                                                                                                                                                                        Permission
                                                                                                                                                                        
+
                                                                                                                                                                        • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                                        • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause data loss.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, the disk is mounted to the /data path of the container. The container data generated in this path is stored in the SFS file system.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. After the configuration, click Create Workload.
                                                                                                                                                                        After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence and Sharing.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    (kubectl) Using an Existing SFS File System
                                                                                                                                                                    1. Use kubectl to connect to the cluster.
                                                                                                                                                                    2. Create a PV.
                                                                                                                                                                      1. Create the pv-sfs.yaml file.
                                                                                                                                                                        SFS Capacity-Oriented:
                                                                                                                                                                        apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
+    everest.io/reclaim-policy: retain-volume-only      # (Optional) The PV is deleted while the underlying volume is retained.
+  name: pv-sfs    # PV name.
+spec:
+  accessModes:
+  - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS.
+  capacity:
+    storage: 1Gi     # SFS volume capacity.
+  csi:
+    driver: disk.csi.everest.io   # Dependent storage driver for the mounting.
+    fsType: nfs
+    volumeHandle: <your_volume_id>   # SFS Capacity-Oriented volume ID.
+    volumeAttributes:
+      everest.io/share-export-location: <your_location>  # Shared path of the SFS volume.
+      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
+  persistentVolumeReclaimPolicy: Retain    # Reclaim policy.
+  storageClassName: csi-nas               # Storage class name. csi-nas indicates that SFS Capacity-Oriented is used.
+  mountOptions: []                         # Mount options.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 2 Key parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Mandatory
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        everest.io/reclaim-policy: retain-volume-only
                                                                                                                                                                        
+
                                                                                                                                                                        No
                                                                                                                                                                        
+
                                                                                                                                                                        Optional.
                                                                                                                                                                        
+
                                                                                                                                                                        Currently, only retain-volume-only is supported.
                                                                                                                                                                        
+
                                                                                                                                                                        This field is valid only when the everest version is 1.2.9 or later and the reclaim policy is Delete. If the reclaim policy is Delete and the current value is retain-volume-only, the associated PV is deleted while the underlying storage volume is retained, when a PVC is deleted.
                                                                                                                                                                        
+
                                                                                                                                                                        volumeHandle
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        • If an SFS Capacity-Oriented volume is used, enter the volume ID.
                                                                                                                                                                          Log in to the console, choose Service List > Storage > Scalable File Service, and select SFS Turbo. In the list, click the name of the target SFS file system. On the details page, copy the content following ID.
                                                                                                                                                                          
+
                                                                                                                                                                        
+
                                                                                                                                                                        everest.io/share-export-location
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Shared path of the file system.
                                                                                                                                                                        
+
                                                                                                                                                                        • For an SFS Capacity-Oriented file system, log in to the console, choose Service List > Storage > Scalable File Service, and obtain the shared path from the Mount Address column.
                                                                                                                                                                        
+
                                                                                                                                                                        mountOptions
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Mount options.
                                                                                                                                                                        
+
                                                                                                                                                                        If not specified, the following configurations are used by default. For details, see Configuring SFS Volume Mount Options.
                                                                                                                                                                        
+
                                                                                                                                                                        mountOptions:
+- vers=3
+- timeo=600
+- nolock
+- hard
                                                                                                                                                                        
+
                                                                                                                                                                        persistentVolumeReclaimPolicy
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        A reclaim policy is supported when the cluster version is or later than 1.19.10 and the everest version is or later than 1.2.9.
                                                                                                                                                                        
+
                                                                                                                                                                        The Delete and Retain reclaim policies are supported. For details, see PV Reclaim Policy. If multiple PVs use the same SFS volume, use Retain to avoid cascading deletion of underlying volumes.
                                                                                                                                                                        
+
                                                                                                                                                                        Delete:
                                                                                                                                                                        
+
                                                                                                                                                                        • If everest.io/reclaim-policy is not specified, both the PV and SFS volume are deleted when a PVC is deleted.
                                                                                                                                                                        • If everest.io/reclaim-policy is set to retain-volume-only set, when a PVC is deleted, the PV is deleted but the SFS volume resources are retained.
                                                                                                                                                                        
+
                                                                                                                                                                        Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV is in the Released status and cannot be bound to the PVC again.
                                                                                                                                                                        
+
                                                                                                                                                                        storage
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Requested capacity in the PVC, in Gi.
                                                                                                                                                                        
+
                                                                                                                                                                        For SFS, this field is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for SFS file systems.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a PV:
                                                                                                                                                                        kubectl apply -f pv-sfs.yaml
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Create a PVC.
                                                                                                                                                                      1. Create the pvc-sfs.yaml file.
                                                                                                                                                                        apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-sfs
+  namespace: default
+  annotations:
+    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
+spec:
+  accessModes:
+  - ReadWriteMany               # The value must be ReadWriteMany for SFS.
+  resources:
+    requests:
+      storage: 1Gi               # SFS volume capacity.
+storageClassName: csi-nas # Storage class name, which must be the same as the PV's storage class.
+  volumeName: pv-sfs    # PV name.
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 3 Key parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Mandatory
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        storage
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Requested capacity in the PVC, in Gi.
                                                                                                                                                                        
+
                                                                                                                                                                        The value must be the same as the storage size of the existing PV.
                                                                                                                                                                        
+
                                                                                                                                                                        volumeName
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        PV name, which must be the same as the PV name in 1.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a PVC:
                                                                                                                                                                        kubectl apply -f pvc-sfs.yaml
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    4. Create an application.
                                                                                                                                                                      1. Create a file named web-demo.yaml. In this example, the SFS volume is mounted to the /data path.
                                                                                                                                                                        apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web-demo
+  namespace: default
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: web-demo
+  template:
+    metadata:
+      labels:
+        app: web-demo
+    spec:
+      containers:
+      - name: container-1
+        image: nginx:latest
+        volumeMounts:
+        - name: pvc-sfs-volume    # Volume name, which must be the same as the volume name in the volumes field.
+          mountPath: /data  # Location where the storage volume is mounted.
+      imagePullSecrets:
+        - name: default-secret
+      volumes:
+        - name: pvc-sfs-volume    # Volume name, which can be customized.
+          persistentVolumeClaim:
+            claimName: pvc-sfs    # Name of the created PVC.
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create an application to which the SFS volume is mounted:
                                                                                                                                                                        kubectl apply -f web-demo.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence and Sharing.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Verifying Data Persistence and Sharing
                                                                                                                                                                    1. View the deployed applications and files.
                                                                                                                                                                      1. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep web-demo
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        web-demo-846b489584-mjhm9   1/1     Running   0             46s
+web-demo-846b489584-wvv5s   1/1     Running   0             46s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following commands in sequence to view the files in the /data path of the pods:
                                                                                                                                                                        kubectl exec web-demo-846b489584-mjhm9 -- ls /data
+kubectl exec web-demo-846b489584-wvv5s -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        If no result is returned for both pods, no file exists in the /data path.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    2. Run the following command to create a file named static in the /data path:
                                                                                                                                                                      kubectl exec web-demo-846b489584-mjhm9 --  touch /data/static
                                                                                                                                                                      
+
                                                                                                                                                                    3. Run the following command to view the files in the /data path:
                                                                                                                                                                      kubectl exec web-demo-846b489584-mjhm9 -- ls /data
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      static
                                                                                                                                                                      
+
                                                                                                                                                                    4. Verify data persistence.
                                                                                                                                                                      1. Run the following command to delete the pod named web-demo-846b489584-mjhm9:
                                                                                                                                                                        kubectl delete pod web-demo-846b489584-mjhm9
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        pod "web-demo-846b489584-mjhm9" deleted
                                                                                                                                                                        
+
                                                                                                                                                                        After the deletion, the Deployment controller automatically creates a replica.
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep web-demo
                                                                                                                                                                        
+
                                                                                                                                                                        The expected output is as follows, in which web-demo-846b489584-d4d4j is the newly created pod:
                                                                                                                                                                        web-demo-846b489584-d4d4j   1/1     Running   0             110s
+web-demo-846b489584-wvv5s    1/1     Running   0             7m50s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. Run the following command to check whether the files in the /data path of the new pod have been modified:
                                                                                                                                                                        kubectl exec web-demo-846b489584-d4d4j -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        static
                                                                                                                                                                        
+
                                                                                                                                                                        If the static file still exists, the data can be stored persistently.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    5. Verify data sharing.
                                                                                                                                                                      1. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep web-demo
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        web-demo-846b489584-d4d4j   1/1     Running   0             7m
+web-demo-846b489584-wvv5s   1/1     Running   0             13m
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a file named share in the /data path of either pod: In this example, select the pod named web-demo-846b489584-d4d4j.
                                                                                                                                                                        kubectl exec web-demo-846b489584-d4d4j --  touch /data/share
                                                                                                                                                                        
+
                                                                                                                                                                        Check the files in the /data path of the pod.
                                                                                                                                                                        kubectl exec web-demo-846b489584-d4d4j -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        share
+static
                                                                                                                                                                        
+
                                                                                                                                                                      3. Check whether the share file exists in the /data path of another pod (web-demo-846b489584-wvv5s) as well to verify data sharing.
                                                                                                                                                                        kubectl exec web-demo-846b489584-wvv5s -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        share
+static
                                                                                                                                                                        
+
                                                                                                                                                                        After you create a file in the /data path of a pod, if the file is also created in the /data path of another pods, the two pods share the same volume.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Related Operations
                                                                                                                                                                    You can also perform the operations listed in Table 4.
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 4 Related operations
                                                                                                                                                                    Operation
                                                                                                                                                                    
+
                                                                                                                                                                    Description
                                                                                                                                                                    
+
                                                                                                                                                                    Procedure
                                                                                                                                                                    
+
                                                                                                                                                                    Creating a storage volume (PV)
                                                                                                                                                                    
+
                                                                                                                                                                    Create a PV on the CCE console.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumes (PVs) tab. Click Create Volume in the upper right corner. In the dialog box displayed, configure the parameters.
                                                                                                                                                                      • Volume Type: Select SFS.
                                                                                                                                                                      • SFS: Click Select SFS. On the displayed page, select the SFS file system that meets your requirements and click OK.
                                                                                                                                                                      • PV Name: Enter the PV name. The PV name must be unique in the same cluster.
                                                                                                                                                                      • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                                      • Reclaim Policy: Delete or Retain. For details, see PV Reclaim Policy.
                                                                                                                                                                         NOTE: 
                                                                                                                                                                        If multiple PVs use the same underlying storage volume, use Retain to avoid cascading deletion of underlying volumes.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      • Mount Options: Enter the mounting parameter key-value pairs. For details, see Configuring SFS Volume Mount Options.
                                                                                                                                                                      
+
                                                                                                                                                                    2. Click Create.
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing events
                                                                                                                                                                    
+
                                                                                                                                                                    You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing a YAML file
                                                                                                                                                                    
+
                                                                                                                                                                    You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Scalable File Service (SFS)
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0620.html b/docs/cce/umn/cce_10_0620.html
new file mode 100644
index 000000000..42b0e9f33
--- /dev/null
+++ b/docs/cce/umn/cce_10_0620.html
@@ -0,0 +1,255 @@
+
+
+
                                                                                                                                                                    Using an SFS File System Through a Dynamic PV
                                                                                                                                                                    
+
                                                                                                                                                                    This section describes how to use storage classes to dynamically create PVs and PVCs and implement data persistence and sharing in workloads.
                                                                                                                                                                    
+
                                                                                                                                                                    Automatically Creating an SFS File System on the Console
                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    2. Dynamically create a PVC and PV.
                                                                                                                                                                      1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        PVC Type
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, select SFS.
                                                                                                                                                                        
+
                                                                                                                                                                        PVC Name
                                                                                                                                                                        
+
                                                                                                                                                                        Enter the PVC name, which must be unique in the same namespace.
                                                                                                                                                                        
+
                                                                                                                                                                        Creation Method
                                                                                                                                                                        
+
                                                                                                                                                                        • If no underlying storage is available, select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
                                                                                                                                                                        • If underlying storage is available, create a storage volume or use an existing storage volume to statically create a PVC based on whether a PV has been created. For details, see Using an Existing SFS File System Through a Static PV.
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, select Dynamically provision.
                                                                                                                                                                        
+
                                                                                                                                                                        Storage Classes
                                                                                                                                                                        
+
                                                                                                                                                                        The storage class for SFS volumes is csi-sfs.
                                                                                                                                                                        
+
                                                                                                                                                                        Access Mode
                                                                                                                                                                        
+
                                                                                                                                                                        SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Click Create to create a PVC and a PV.
                                                                                                                                                                        You can choose Storage in the navigation pane and view the created PVC and PV on the PersistentVolumeClaims (PVCs) and PersistentVolumes (PVs) tab pages.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Create an application.
                                                                                                                                                                      1. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                                                                                                      2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                                                                        Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 1 Mounting a storage volume
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        PVC
                                                                                                                                                                        
+
                                                                                                                                                                        Select an existing SFS volume.
                                                                                                                                                                        
+
                                                                                                                                                                        Mount Path
                                                                                                                                                                        
+
                                                                                                                                                                        Enter a mount path, for example, /tmp.
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                                         NOTICE: 
                                                                                                                                                                        If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Subpath
                                                                                                                                                                        
+
                                                                                                                                                                        Enter a subpath, for example, tmp, indicating that data in the mount path of the container will be stored in the tmp folder of the volume.
                                                                                                                                                                        
+
                                                                                                                                                                        A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                                                                                                                                        
+
                                                                                                                                                                        Permission
                                                                                                                                                                        
+
                                                                                                                                                                        • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                                        • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause data loss.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, the disk is mounted to the /data path of the container. The container data generated in this path is stored in the SFS file system.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. After the configuration, click Create Workload.
                                                                                                                                                                        After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence and Sharing.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    (kubectl) Automatically Creating an SFS File System
                                                                                                                                                                    1. Use kubectl to connect to the cluster.
                                                                                                                                                                    2. Use StorageClass to dynamically create a PVC and PV.
                                                                                                                                                                      1. Create the pvc-sfs-auto.yaml file.
                                                                                                                                                                        apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-sfs-auto
+  namespace: default
+  annotations: 
+    everest.io/crypt-key-id: <your_key_id>      # (Optional) ID of the key for encrypting file systems
+    everest.io/crypt-alias: sfs/default         # (Optional) Key name. Mandatory for encrypting volumes
+    everest.io/crypt-domain-id: <your_domain_id>   # (Optional) ID of the tenant to which an encrypted volume belongs. Mandatory for encrypting volumes
+spec:
+  accessModes:
+    - ReadWriteMany             # The value must be ReadWriteMany for SFS.
+  resources:
+    requests:
+      storage: 1Gi             # SFS volume capacity.
+  storageClassName: csi-nas    # The storage class type is SFS.
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 2 Key parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Mandatory
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        storage
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Requested capacity in the PVC, in Gi.
                                                                                                                                                                        
+
                                                                                                                                                                        For SFS, this field is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for SFS file systems.
                                                                                                                                                                        
+
                                                                                                                                                                        everest.io/crypt-key-id
                                                                                                                                                                        
+
                                                                                                                                                                        No
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter is mandatory when an SFS system is encrypted. Enter the encryption key ID selected during SFS system creation. You can use a custom key or the default key named sfs/default.
                                                                                                                                                                        
+
                                                                                                                                                                        To obtain a key ID, log in to the DEW console, locate the key to be encrypted, and copy the key ID.
                                                                                                                                                                        
+
                                                                                                                                                                        everest.io/crypt-alias
                                                                                                                                                                        
+
                                                                                                                                                                        No
                                                                                                                                                                        
+
                                                                                                                                                                        Key name, which is mandatory when you create an encrypted volume.
                                                                                                                                                                        
+
                                                                                                                                                                        To obtain a key name, log in to the DEW console, locate the key to be encrypted, and copy the key name.
                                                                                                                                                                        
+
                                                                                                                                                                        everest.io/crypt-domain-id
                                                                                                                                                                        
+
                                                                                                                                                                        No
                                                                                                                                                                        
+
                                                                                                                                                                        ID of the tenant to which the encrypted volume belongs. This parameter is mandatory for creating an encrypted volume.
                                                                                                                                                                        
+
                                                                                                                                                                        To obtain a tenant ID, hover the cursor over the username in the upper right corner of the ECS console, choose My Credentials, and copy the account ID.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a PVC:
                                                                                                                                                                        kubectl apply -f pvc-sfs-auto.yaml
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Create an application.
                                                                                                                                                                      1. Create a file named web-demo.yaml. In this example, the SFS volume is mounted to the /data path.
                                                                                                                                                                        apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web-demo
+  namespace: default
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: web-demo
+  template:
+    metadata:
+      labels:
+        app: web-demo
+    spec:
+      containers:
+      - name: container-1
+        image: nginx:latest
+        volumeMounts:
+        - name: pvc-sfs-volume    # Volume name, which must be the same as the volume name in the volumes field.
+          mountPath: /data  # Location where the storage volume is mounted.
+      imagePullSecrets:
+        - name: default-secret
+      volumes:
+        - name: pvc-sfs-volume    # Volume name, which can be customized.
+          persistentVolumeClaim:
+            claimName: pvc-sfs-auto    # Name of the created PVC.
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create an application to which the SFS volume is mounted:
                                                                                                                                                                        kubectl apply -f web-demo.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence and Sharing.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Verifying Data Persistence and Sharing
                                                                                                                                                                    1. View the deployed applications and files.
                                                                                                                                                                      1. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep web-demo
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        web-demo-846b489584-mjhm9   1/1     Running   0             46s
+web-demo-846b489584-wvv5s   1/1     Running   0             46s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following commands in sequence to view the files in the /data path of the pods:
                                                                                                                                                                        kubectl exec web-demo-846b489584-mjhm9 -- ls /data
+kubectl exec web-demo-846b489584-wvv5s -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        If no result is returned for both pods, no file exists in the /data path.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    2. Run the following command to create a file named static in the /data path:
                                                                                                                                                                      kubectl exec web-demo-846b489584-mjhm9 --  touch /data/static
                                                                                                                                                                      
+
                                                                                                                                                                    3. Run the following command to view the files in the /data path:
                                                                                                                                                                      kubectl exec web-demo-846b489584-mjhm9 -- ls /data
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      static
                                                                                                                                                                      
+
                                                                                                                                                                    4. Verify data persistence.
                                                                                                                                                                      1. Run the following command to delete the pod named web-demo-846b489584-mjhm9:
                                                                                                                                                                        kubectl delete pod web-demo-846b489584-mjhm9
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        pod "web-demo-846b489584-mjhm9" deleted
                                                                                                                                                                        
+
                                                                                                                                                                        After the deletion, the Deployment controller automatically creates a replica.
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep web-demo
                                                                                                                                                                        
+
                                                                                                                                                                        The expected output is as follows, in which web-demo-846b489584-d4d4j is the newly created pod:
                                                                                                                                                                        web-demo-846b489584-d4d4j   1/1     Running   0             110s
+web-demo-846b489584-wvv5s    1/1     Running   0             7m50s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. Run the following command to check whether the files in the /data path of the new pod have been modified:
                                                                                                                                                                        kubectl exec web-demo-846b489584-d4d4j -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        static
                                                                                                                                                                        
+
                                                                                                                                                                        If the static file still exists, the data can be stored persistently.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    5. Verify data sharing.
                                                                                                                                                                      1. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep web-demo
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        web-demo-846b489584-d4d4j   1/1     Running   0             7m
+web-demo-846b489584-wvv5s   1/1     Running   0             13m
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a file named share in the /data path of either pod: In this example, select the pod named web-demo-846b489584-d4d4j.
                                                                                                                                                                        kubectl exec web-demo-846b489584-d4d4j --  touch /data/share
                                                                                                                                                                        
+
                                                                                                                                                                        Check the files in the /data path of the pod.
                                                                                                                                                                        kubectl exec web-demo-846b489584-d4d4j -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        share
+static
                                                                                                                                                                        
+
                                                                                                                                                                      3. Check whether the share file exists in the /data path of another pod (web-demo-846b489584-wvv5s) as well to verify data sharing.
                                                                                                                                                                        kubectl exec web-demo-846b489584-wvv5s -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        share
+static
                                                                                                                                                                        
+
                                                                                                                                                                        After you create a file in the /data path of a pod, if the file is also created in the /data path of another pods, the two pods share the same volume.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Related Operations
                                                                                                                                                                    You can also perform the operations listed in Table 3.
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 3 Related operations
                                                                                                                                                                    Operation
                                                                                                                                                                    
+
                                                                                                                                                                    Description
                                                                                                                                                                    
+
                                                                                                                                                                    Procedure
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing events
                                                                                                                                                                    
+
                                                                                                                                                                    You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing a YAML file
                                                                                                                                                                    
+
                                                                                                                                                                    You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Scalable File Service (SFS)
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0624.html b/docs/cce/umn/cce_10_0624.html
new file mode 100644
index 000000000..96817da3c
--- /dev/null
+++ b/docs/cce/umn/cce_10_0624.html
@@ -0,0 +1,17 @@
+
+
+
                                                                                                                                                                    Overview
                                                                                                                                                                    
+
                                                                                                                                                                    Introduction
                                                                                                                                                                    CCE allows you to mount storage volumes created by SFS Turbo file systems to a path of a container to meet data persistence requirements. SFS Turbo file systems are fast, on-demand, and scalable, which are suitable for scenarios with a massive number of small files, such as DevOps, containerized microservices, and enterprise office applications.
                                                                                                                                                                    
+
                                                                                                                                                                    Expandable to 320 TB, SFS Turbo provides a fully hosted shared file storage, which is highly available and stable, to support small files and applications requiring low latency and high IOPS.
                                                                                                                                                                    
+
                                                                                                                                                                    • Standard file protocols: You can mount file systems as volumes to servers, the same as using local directories.
                                                                                                                                                                    • Data sharing: The same file system can be mounted to multiple servers, so that data can be shared.
                                                                                                                                                                    • Private network: Users can access data only in private networks of data centers.
                                                                                                                                                                    • Data isolation: The on-cloud storage service provides exclusive cloud file storage, which delivers data isolation and ensures IOPS performance.
                                                                                                                                                                    • Use cases: Deployments/StatefulSets in the ReadWriteMany mode, DaemonSets, and jobs created for high-traffic websites, log storage, DevOps, and enterprise OA applications
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Application Scenarios
                                                                                                                                                                    SFS Turbo supports the following mounting modes:
                                                                                                                                                                    
+
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: SFS Turbo File Systems
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0625.html b/docs/cce/umn/cce_10_0625.html
new file mode 100644
index 000000000..7155e1ea3
--- /dev/null
+++ b/docs/cce/umn/cce_10_0625.html
@@ -0,0 +1,376 @@
+
+
+
                                                                                                                                                                    Using an Existing SFS Turbo File System Through a Static PV
                                                                                                                                                                    
+
                                                                                                                                                                    SFS Turbo is a shared file system with high availability and durability. It is suitable for applications that contain massive small files and require low latency, and high IOPS. This section describes how to use an existing SFS Turbo file system to statically create PVs and PVCs and implement data persistence and sharing in workloads.
                                                                                                                                                                    
+
                                                                                                                                                                    Prerequisites
                                                                                                                                                                    • You have created a cluster and installed the CSI add-on (everest) in the cluster.
                                                                                                                                                                    • If you want to create a cluster using commands, use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    • You have created an available SFS Turbo file system, and the SFS Turbo file system and the cluster are in the same VPC.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Constraints
                                                                                                                                                                    • Multiple PVs can use the same SFS or SFS Turbo file system with the following restrictions:
                                                                                                                                                                      • If multiple PVCs/PVs use the same underlying SFS or SFS Turbo file system, when you attempt to mount these PVCs/PVs to the same pod, all PVCs cannot be mounted to the pod and the pod startup fails. This is because the volumeHandle values of these PVs are the same.
                                                                                                                                                                      • The persistentVolumeReclaimPolicy parameter in the PVs must be set to Retain. Otherwise, when a PV is deleted, the associated underlying volume may be deleted. In this case, other PVs associated with the underlying volume malfunction.
                                                                                                                                                                      • When the underlying volume is repeatedly used, enable isolation and protection for ReadWriteMany at the application layer to prevent data overwriting and loss.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Using an Existing SFS Turbo File System on the Console
                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    2. Statically create a PVC and PV.
                                                                                                                                                                      1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        PVC Type
                                                                                                                                                                        
+
                                                                                                                                                                        In this section, select SFS Turbo.
                                                                                                                                                                        
+
                                                                                                                                                                        PVC Name
                                                                                                                                                                        
+
                                                                                                                                                                        Enter the PVC name, which must be unique in the same namespace.
                                                                                                                                                                        
+
                                                                                                                                                                        Creation Method
                                                                                                                                                                        
+
                                                                                                                                                                        You can create a storage volume or use an existing storage volume to statically create a PVC based on whether a PV has been created.
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, select Create new to create a PV and PVC at the same time on the console.
                                                                                                                                                                        
+
                                                                                                                                                                        PVa
                                                                                                                                                                        
+
                                                                                                                                                                        Select an existing PV volume in the cluster. Create a PV in advance. For details, see "Creating a storage volume" in Related Operations.
                                                                                                                                                                        
+
                                                                                                                                                                        You do not need to specify this parameter in this example.
                                                                                                                                                                        
+
                                                                                                                                                                        SFS Turbob
                                                                                                                                                                        
+
                                                                                                                                                                        Click Select SFS Turbo. On the displayed page, select the SFS Turbo file system that meets your requirements and click OK.
                                                                                                                                                                        
+
                                                                                                                                                                        PV Nameb
                                                                                                                                                                        
+
                                                                                                                                                                        Enter the PV name, which must be unique in the same cluster.
                                                                                                                                                                        
+
                                                                                                                                                                        Access Modeb
                                                                                                                                                                        
+
                                                                                                                                                                        SFS Turbo volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                                        
+
                                                                                                                                                                        Reclaim Policyb
                                                                                                                                                                        
+
                                                                                                                                                                        Only Retain is supported, indicating that the PV is not deleted when the PVC is deleted. For details, see PV Reclaim Policy.
                                                                                                                                                                        
+
                                                                                                                                                                        Mount Optionsb
                                                                                                                                                                        
+
                                                                                                                                                                        Enter the mounting parameter key-value pairs. For details, see Configuring SFS Turbo Mount Options.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                         
                                                                                                                                                                        a: The parameter is available when Creation Method is set to Use existing.
                                                                                                                                                                        
+
                                                                                                                                                                        b: The parameter is available when Creation Method is set to Create new.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Click Create to create a PVC and a PV.
                                                                                                                                                                        You can choose Storage in the navigation pane and view the created PVC and PV on the PersistentVolumeClaims (PVCs) and PersistentVolumes (PVs) tab pages.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Create an application.
                                                                                                                                                                      1. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                                                                                                      2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                                                                        Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 1 Mounting a storage volume
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        PVC
                                                                                                                                                                        
+
                                                                                                                                                                        Select an existing SFS Turbo volume.
                                                                                                                                                                        
+
                                                                                                                                                                        Mount Path
                                                                                                                                                                        
+
                                                                                                                                                                        Enter a mount path, for example, /tmp.
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                                         NOTICE: 
                                                                                                                                                                        If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Subpath
                                                                                                                                                                        
+
                                                                                                                                                                        Enter a subpath, for example, tmp, indicating that data in the mount path of the container will be stored in the tmp folder of the volume.
                                                                                                                                                                        
+
                                                                                                                                                                        A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                                                                                                                                        
+
                                                                                                                                                                        Permission
                                                                                                                                                                        
+
                                                                                                                                                                        • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                                        • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause data loss.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, the disk is mounted to the /data path of the container. The container data generated in this path is stored in the SFS Turbo file system.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. After the configuration, click Create Workload.
                                                                                                                                                                        After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence and Sharing.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    (kubectl) Using an Existing SFS File System
                                                                                                                                                                    1. Use kubectl to connect to the cluster.
                                                                                                                                                                    2. Create a PV.
                                                                                                                                                                      1. Create the pv-sfsturbo.yaml file.
                                                                                                                                                                        apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
+  name: pv-sfsturbo    # PV name.
+spec:
+  accessModes:
+  - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS Turbo.
+  capacity:
+    storage: 500Gi       # SFS Turbo volume capacity.
+  csi:
+    driver: sfsturbo.csi.everest.io    # Dependent storage driver for the mounting.
+    fsType: nfs
+    volumeHandle: <your_volume_id>   # SFS Turbo volume ID.
+    volumeAttributes:
+      everest.io/share-export-location: <your_location>   # Shared path of the SFS Turbo volume.
+      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
+  persistentVolumeReclaimPolicy: Retain    # Reclaim policy.
+  storageClassName: csi-sfsturbo          # Storage class name of the SFS Turbo file system.
+  mountOptions: []                         # Mount options.
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 2 Key parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Mandatory
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        volumeHandle
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        SFS Turbo volume ID.
                                                                                                                                                                        
+
                                                                                                                                                                        How to obtain: Log in to the console, choose Service List > Storage > Scalable File Service, and select SFS Turbo. In the list, click the name of the target SFS Turbo volume. On the details page, copy the content following ID.
                                                                                                                                                                        
+
                                                                                                                                                                        everest.io/share-export-location
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Shared path of the SFS Turbo volume.
                                                                                                                                                                        
+
                                                                                                                                                                        Log in to the console, choose Service List > Storage > Scalable File Service, and select SFS Turbo. You can obtain the shared path of the file system from the Mount Address column.
                                                                                                                                                                        
+
                                                                                                                                                                        mountOptions
                                                                                                                                                                        
+
                                                                                                                                                                        No
                                                                                                                                                                        
+
                                                                                                                                                                        Mount options.
                                                                                                                                                                        
+
                                                                                                                                                                        If not specified, the following configurations are used by default. For details, see Configuring SFS Turbo Mount Options.
                                                                                                                                                                        
+
                                                                                                                                                                        mountOptions:
+- vers=3
+- timeo=600
+- nolock
+- hard
                                                                                                                                                                        
+
                                                                                                                                                                        persistentVolumeReclaimPolicy
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        A reclaim policy is supported when the cluster version is or later than 1.19.10 and the everest version is or later than 1.2.9.
                                                                                                                                                                        
+
                                                                                                                                                                        Only the Retain reclaim policy is supported. For details, see Verifying Data Persistence and Sharing.
                                                                                                                                                                        
+
                                                                                                                                                                        Retain: When a PVC is deleted, the PV and underlying storage resources are not deleted. Instead, you must manually delete these resources. After that, the PV is in the Released status and cannot be bound to the PVC again.
                                                                                                                                                                        
+
                                                                                                                                                                        storage
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Requested capacity in the PVC, in Gi.
                                                                                                                                                                        
+
                                                                                                                                                                        storageClassName
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        The storage class name of SFS Turbo volumes is csi-sfsturbo.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a PV:
                                                                                                                                                                        kubectl apply -f pv-sfsturbo.yaml
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Create a PVC.
                                                                                                                                                                      1. Create the pvc-sfsturbo.yaml file.
                                                                                                                                                                        apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-sfsturbo
+  namespace: default
+  annotations:
+    volume.beta.kubernetes.io/storage-provisioner: everest-csi-provisioner
+ spec:
+  accessModes:
+  - ReadWriteMany                  # The value must be ReadWriteMany for SFS Turbo.
+  resources:
+    requests:
+      storage: 500Gi               # SFS Turbo volume capacity.
+  storageClassName: csi-sfsturbo       # Storage class of the SFS Turbo volume, which must be the same as that of the PV.
+  volumeName: pv-sfsturbo    # PV name.
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 3 Key parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Mandatory
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        storage
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Requested capacity in the PVC, in Gi.
                                                                                                                                                                        
+
                                                                                                                                                                        The value must be the same as the storage size of the existing PV.
                                                                                                                                                                        
+
                                                                                                                                                                        storageClassName
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Storage class name, which must be the same as the storage class of the PV in 1.
                                                                                                                                                                        
+
                                                                                                                                                                        The storage class name of SFS Turbo volumes is csi-sfsturbo.
                                                                                                                                                                        
+
                                                                                                                                                                        volumeName
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        PV name, which must be the same as the PV name in 1.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a PVC:
                                                                                                                                                                        kubectl apply -f pvc-sfsturbo.yaml
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    4. Create an application.
                                                                                                                                                                      1. Create a file named web-demo.yaml. In this example, the SFS Turbo volume is mounted to the /data path.
                                                                                                                                                                        apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web-demo
+  namespace: default
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: web-demo
+  template:
+    metadata:
+      labels:
+        app: web-demo
+    spec:
+      containers:
+      - name: container-1
+        image: nginx:latest
+        volumeMounts:
+        - name: pvc-sfsturbo-volume    #Volume name, which must be the same as the volume name in the volumes field.
+          mountPath: /data  #Location where the storage volume is mounted.
+      imagePullSecrets:
+        - name: default-secret
+      volumes:
+        - name: pvc-sfsturbo-volume    #Volume name, which can be customized.
+          persistentVolumeClaim:
+            claimName: pvc-sfsturbo    #Name of the created PVC.
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create an application to which the SFS Turbo volume is mounted:
                                                                                                                                                                        kubectl apply -f web-demo.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        After the workload is created, you can try Verifying Data Persistence and Sharing.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Verifying Data Persistence and Sharing
                                                                                                                                                                    1. View the deployed applications and files.
                                                                                                                                                                      1. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep web-demo
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        web-demo-846b489584-mjhm9   1/1     Running   0             46s
+web-demo-846b489584-wvv5s   1/1     Running   0             46s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following commands in sequence to view the files in the /data path of the pods:
                                                                                                                                                                        kubectl exec web-demo-846b489584-mjhm9 -- ls /data
+kubectl exec web-demo-846b489584-wvv5s -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        If no result is returned for both pods, no file exists in the /data path.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    2. Run the following command to create a file named static in the /data path:
                                                                                                                                                                      kubectl exec web-demo-846b489584-mjhm9 --  touch /data/static
                                                                                                                                                                      
+
                                                                                                                                                                    3. Run the following command to view the files in the /data path:
                                                                                                                                                                      kubectl exec web-demo-846b489584-mjhm9 -- ls /data
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      static
                                                                                                                                                                      
+
                                                                                                                                                                    4. Verify data persistence.
                                                                                                                                                                      1. Run the following command to delete the pod named web-demo-846b489584-mjhm9:
                                                                                                                                                                        kubectl delete pod web-demo-846b489584-mjhm9
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        pod "web-demo-846b489584-mjhm9" deleted
                                                                                                                                                                        
+
                                                                                                                                                                        After the deletion, the Deployment controller automatically creates a replica.
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep web-demo
                                                                                                                                                                        
+
                                                                                                                                                                        The expected output is as follows, in which web-demo-846b489584-d4d4j is the newly created pod:
                                                                                                                                                                        web-demo-846b489584-d4d4j   1/1     Running   0             110s
+web-demo-846b489584-wvv5s    1/1     Running   0             7m50s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. Run the following command to check whether the files in the /data path of the new pod have been modified:
                                                                                                                                                                        kubectl exec web-demo-846b489584-d4d4j -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        static
                                                                                                                                                                        
+
                                                                                                                                                                        If the static file still exists, the data can be stored persistently.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    5. Verify data sharing.
                                                                                                                                                                      1. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep web-demo
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        web-demo-846b489584-d4d4j   1/1     Running   0             7m
+web-demo-846b489584-wvv5s   1/1     Running   0             13m
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a file named share in the /data path of either pod: In this example, select the pod named web-demo-846b489584-d4d4j.
                                                                                                                                                                        kubectl exec web-demo-846b489584-d4d4j --  touch /data/share
                                                                                                                                                                        
+
                                                                                                                                                                        Check the files in the /data path of the pod.
                                                                                                                                                                        kubectl exec web-demo-846b489584-d4d4j -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        share
+static
                                                                                                                                                                        
+
                                                                                                                                                                      3. Check whether the share file exists in the /data path of another pod (web-demo-846b489584-wvv5s) as well to verify data sharing.
                                                                                                                                                                        kubectl exec web-demo-846b489584-wvv5s -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        share
+static
                                                                                                                                                                        
+
                                                                                                                                                                        After you create a file in the /data path of a pod, if the file is also created in the /data path of another pods, the two pods share the same volume.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Related Operations
                                                                                                                                                                    You can also perform the operations listed in Table 4.
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 4 Related operations
                                                                                                                                                                    Operation
                                                                                                                                                                    
+
                                                                                                                                                                    Description
                                                                                                                                                                    
+
                                                                                                                                                                    Procedure
                                                                                                                                                                    
+
                                                                                                                                                                    Creating a storage volume (PV)
                                                                                                                                                                    
+
                                                                                                                                                                    Create a PV on the CCE console.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumes (PVs) tab. Click Create Volume in the upper right corner. In the dialog box displayed, configure the parameters.
                                                                                                                                                                      • Volume Type: Select SFS Turbo.
                                                                                                                                                                      • SFS Turbo: Click Select SFS Turbo. On the page displayed, select the SFS Turbo volume that meets the requirements and click OK.
                                                                                                                                                                      • PV Name: Enter the PV name, which must be unique in the same cluster.
                                                                                                                                                                      • Access Mode: SFS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                                      • Reclaim Policy: Only Retain is supported. For details, see PV Reclaim Policy.
                                                                                                                                                                      • Mount Options: Enter the mounting parameter key-value pairs. For details, see Configuring SFS Turbo Mount Options.
                                                                                                                                                                      
+
                                                                                                                                                                    2. Click Create.
                                                                                                                                                                    
+
                                                                                                                                                                    Expanding the capacity of an SFS Turbo volume
                                                                                                                                                                    
+
                                                                                                                                                                    Quickly expand the capacity of a mounted SFS Turbo volume on the CCE console.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab. Click More in the Operation column of the target PVC and select Scale-out.
                                                                                                                                                                    2. Enter the capacity to be added and click OK.
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing events
                                                                                                                                                                    
+
                                                                                                                                                                    You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing a YAML file
                                                                                                                                                                    
+
                                                                                                                                                                    You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: SFS Turbo File Systems
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0626.html b/docs/cce/umn/cce_10_0626.html
new file mode 100644
index 000000000..fcf09abe3
--- /dev/null
+++ b/docs/cce/umn/cce_10_0626.html
@@ -0,0 +1,97 @@
+
+
+
                                                                                                                                                                    Configuring SFS Turbo Mount Options
                                                                                                                                                                    
+
                                                                                                                                                                    This section describes how to configure SFS Turbo mount options. For SFS Turbo, you can only set mount options in a PV and bind the PV by creating a PVC.
                                                                                                                                                                    
+
                                                                                                                                                                    Prerequisites
                                                                                                                                                                    The everest add-on version must be 1.2.8 or later. The add-on identifies the mount options and transfers them to the underlying storage resources, which determine whether the specified options are valid.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Constraints
                                                                                                                                                                    Mount options cannot be configured for Kata containers.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    SFS Turbo Mount Options
                                                                                                                                                                    The everest add-on in CCE presets the options described in Table 1 for mounting SFS Turbo volumes.
                                                                                                                                                                    
+
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 1 SFS Turbo mount options
                                                                                                                                                                    Parameter
                                                                                                                                                                    
+
                                                                                                                                                                    Value
                                                                                                                                                                    
+
                                                                                                                                                                    Description
                                                                                                                                                                    
+
                                                                                                                                                                    vers
                                                                                                                                                                    
+
                                                                                                                                                                    3
                                                                                                                                                                    
+
                                                                                                                                                                    File system version. Currently, only NFSv3 is supported. Value: 3
                                                                                                                                                                    
+
                                                                                                                                                                    nolock
                                                                                                                                                                    
+
                                                                                                                                                                    Leave it blank.
                                                                                                                                                                    
+
                                                                                                                                                                    Whether to lock files on the server using the NLM protocol. If nolock is selected, the lock is valid for applications on one host. For applications on another host, the lock is invalid.
                                                                                                                                                                    
+
                                                                                                                                                                    timeo
                                                                                                                                                                    
+
                                                                                                                                                                    600
                                                                                                                                                                    
+
                                                                                                                                                                    Waiting time before the NFS client retransmits a request. The unit is 0.1 seconds. Recommended value: 600
                                                                                                                                                                    
+
                                                                                                                                                                    hard/soft
                                                                                                                                                                    
+
                                                                                                                                                                    Leave it blank.
                                                                                                                                                                    
+
                                                                                                                                                                    Mount mode.
                                                                                                                                                                    
+
                                                                                                                                                                    • hard: If the NFS request times out, the client keeps resending the request until the request is successful.
                                                                                                                                                                    • soft: If the NFS request times out, the client returns an error to the invoking program.
                                                                                                                                                                    
+
                                                                                                                                                                    The default value is hard.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    You can set other mount options if needed. For details, see Mounting an NFS File System to ECSs (Linux).
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Configuring Mount Options in a PV
                                                                                                                                                                    You can use the mountOptions field to configure mount options in a PV. The options you can configure in mountOptions are listed in SFS Turbo Mount Options.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    2. Configure mount options in a PV. Example:
                                                                                                                                                                      apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
+  name: pv-sfsturbo    # PV name.
+spec:
+  accessModes:
+  - ReadWriteMany      # Access mode. The value must be ReadWriteMany for SFS Turbo.
+  capacity:
+    storage: 500Gi       # SFS Turbo volume capacity.
+  csi:
+    driver: sfsturbo.csi.everest.io    # Dependent storage driver for the mounting.
+    fsType: nfs
+    volumeHandle: {your_volume_id}   # SFS Turbo volume ID
+    volumeAttributes:
+      everest.io/share-export-location: {your_location}   # Shared path of the SFS Turbo volume.
+      everest.io/enterprise-project-id: {your_project_id}  # Project ID of the SFS Turbo volume.
+      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
+  persistentVolumeReclaimPolicy: Retain    # Reclaim policy.
+  storageClassName: csi-sfsturbo           # SFS Turbo storage class name.
+  mountOptions:                            # Mount options.
+  - vers=3
+  - nolock
+  - timeo=600
+  - hard
                                                                                                                                                                      
+
                                                                                                                                                                    3. After a PV is created, you can create a PVC and bind it to the PV, and then mount the PV to the container in the workload. For details, see Using an Existing SFS Turbo File System Through a Static PV.
                                                                                                                                                                    4. Check whether the mount options take effect.
                                                                                                                                                                      In this example, the PVC is mounted to the workload that uses the nginx:latest image. You can run the mount -l command to check whether the mount options take effect.
                                                                                                                                                                      1. View the pod to which the SFS Turbo volume has been mounted. In this example, the workload name is web-sfsturbo.
                                                                                                                                                                        kubectl get pod | grep web-sfsturbo
                                                                                                                                                                        
+
                                                                                                                                                                        Command output:
                                                                                                                                                                        
+
                                                                                                                                                                        web-sfsturbo-***   1/1     Running   0             23m
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to check the mount options (web-sfsturbo-*** is an example pod):
                                                                                                                                                                        kubectl exec -it web-sfsturbo-*** -- mount -l | grep nfs
                                                                                                                                                                        
+
                                                                                                                                                                        If the mounting information in the command output is consistent with the configured mount options, the mount options have been configured.
                                                                                                                                                                        
+
                                                                                                                                                                        <Your mount path> on /data type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,nolock,noresvport,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=**.**.**.**,mountvers=3,mountport=20048,mountproto=tcp,local_lock=all,addr=**.**.**.**)
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: SFS Turbo File Systems
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0628.html b/docs/cce/umn/cce_10_0628.html
new file mode 100644
index 000000000..59c177038
--- /dev/null
+++ b/docs/cce/umn/cce_10_0628.html
@@ -0,0 +1,20 @@
+
+
+
                                                                                                                                                                    Overview
                                                                                                                                                                    
+
                                                                                                                                                                    Introduction
                                                                                                                                                                    Object Storage Service (OBS) provides massive, secure, and cost-effective data storage capabilities for you to store data of any type and size. You can use it in enterprise backup/archiving, video on demand (VoD), video surveillance, and many other scenarios.
                                                                                                                                                                    
+
                                                                                                                                                                    • Standard APIs: With HTTP RESTful APIs, OBS allows you to use client tools or third-party tools to access object storage.
                                                                                                                                                                    • Data sharing: Servers, embedded devices, and IoT devices can use the same path to access shared object data in OBS.
                                                                                                                                                                    • Public/Private networks: OBS allows data to be accessed from public networks to meet Internet application requirements.
                                                                                                                                                                    • Capacity and performance: No capacity limit; high performance (read/write I/O latency within 10 ms).
                                                                                                                                                                    • Use cases: Deployments/StatefulSets in the ReadOnlyMany mode and jobs created for big data analysis, static website hosting, online VOD, gene sequencing, intelligent video surveillance, backup and archiving, and enterprise cloud boxes (web disks). You can create object storage by using the OBS console, tools, and SDKs.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    OBS Specifications
                                                                                                                                                                    OBS provides multiple storage classes to meet customers' requirements on storage performance and costs.
                                                                                                                                                                    
+
                                                                                                                                                                    • Parallel File System (PFS, recommended): It is an optimized high-performance file system provided by OBS. It provides millisecond-level access latency, TB/s-level bandwidth, and million-level IOPS, and can quickly process HPC workloads. PFS outperforms OBS buckets.  
                                                                                                                                                                    • Object bucket (not recommended):
                                                                                                                                                                      • Standard: features low latency and high throughput. It is therefore good for storing frequently (multiple times per month) accessed files or small files (less than 1 MB). Its application scenarios include big data analytics, mobile apps, hot videos, and social apps.
                                                                                                                                                                      • OBS Infrequent Access: applicable to storing semi-frequently accessed (less than 12 times a year) data requiring quick response. Its application scenarios include file synchronization or sharing, and enterprise-level backup. This storage class has the same durability, low latency, and high throughput as the Standard storage class, with a lower cost, but its availability is slightly lower than the Standard storage class.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Application Scenarios
                                                                                                                                                                    OBS supports the following mounting modes based on application scenarios:
                                                                                                                                                                    
+
                                                                                                                                                                    • Using an Existing OBS Bucket Through a Static PV: static creation mode, where you use an existing OBS volume to create a PV and then mount storage to the workload through a PVC. This mode applies to scenarios where the underlying storage is available.
                                                                                                                                                                    • Using an OBS Bucket Through a Dynamic PV: dynamic creation mode, where you do not need to create OBS volumes in advance. Instead, specify a StorageClass during PVC creation and an OBS volume and a PV will be automatically created. This mode applies to scenarios where no underlying storage is available.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Object Storage Service (OBS)
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0630.html b/docs/cce/umn/cce_10_0630.html
new file mode 100644
index 000000000..3c15be474
--- /dev/null
+++ b/docs/cce/umn/cce_10_0630.html
@@ -0,0 +1,304 @@
+
+
+
                                                                                                                                                                    Using an OBS Bucket Through a Dynamic PV
                                                                                                                                                                    
+
                                                                                                                                                                    This section describes how to automatically create an OBS bucket. It is applicable when no underlying storage volume is available.
                                                                                                                                                                    
+
                                                                                                                                                                    Constraints
                                                                                                                                                                    • Kata containers do not support OBS volumes.
                                                                                                                                                                    • When parallel file systems and object buckets are used, the group and permission of the mount point cannot be modified.
                                                                                                                                                                    • CCE allows you to use OBS parallel file systems by calling the OBS SDK or mounting a PVC through the obsfs tool provided by OBS. Each time an OBS parallel file system is mounted, an obsfs resident process is generated, as shown in the following figure.
                                                                                                                                                                      Figure 1 obsfs resident process
                                                                                                                                                                      
+
                                                                                                                                                                      Reserve 1 GiB of memory for each obsfs process. For example, for a node with 4 vCPUs and 8 GiB of memory, the obsfs parallel file system should be mounted to no more than eight pods.
                                                                                                                                                                      
+
                                                                                                                                                                       
                                                                                                                                                                      An obsfs resident process runs on a node. If the consumed memory exceeds the upper limit of the node, the node malfunctions. On a node with 4 vCPUs and 8 GiB of memory, if more than 100 pods are mounted to parallel file systems, the node will be unavailable. Control the number of pods mounted to parallel file systems on a single node.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    • OBS allows a single user to create a maximum of 100 buckets. If a large number of dynamic PVCs are created, the number of buckets may exceed the upper limit. As a result, no more OBS buckets can be created. In this scenario, use OBS through the OBS API or SDK and do not mount OBS buckets to the workload on the console.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Automatically Creating an OBS Volume on the Console
                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    2. Dynamically create a PVC and PV.
                                                                                                                                                                      1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        PVC Type
                                                                                                                                                                        
+
                                                                                                                                                                        In this section, select OBS.
                                                                                                                                                                        
+
                                                                                                                                                                        PVC Name
                                                                                                                                                                        
+
                                                                                                                                                                        Enter the PVC name, which must be unique in the same namespace.
                                                                                                                                                                        
+
                                                                                                                                                                        Creation Method
                                                                                                                                                                        
+
                                                                                                                                                                        • If no underlying storage is available, select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
                                                                                                                                                                        • If underlying storage is available, create a storage volume or use an existing storage volume to statically create a PVC based on whether a PV has been created. For details, see Using an Existing OBS Bucket Through a Static PV.
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, select Dynamically provision.
                                                                                                                                                                        
+
                                                                                                                                                                        Storage Classes
                                                                                                                                                                        
+
                                                                                                                                                                        The storage class of OBS volumes is csi-obs.
                                                                                                                                                                        
+
                                                                                                                                                                        Instance Type
                                                                                                                                                                        
+
                                                                                                                                                                        • Parallel file system: a high-performance file system provided by OBS. It provides millisecond-level access latency, TB/s-level bandwidth, and million-level IOPS. Parallel file systems are recommended.
                                                                                                                                                                        • Object bucket: a container that stores objects in OBS. All objects in a bucket are at the same logical level.
                                                                                                                                                                        
+
                                                                                                                                                                        OBS Class
                                                                                                                                                                        
+
                                                                                                                                                                        You can select the following object bucket types:
                                                                                                                                                                        • Standard: Applicable when a large number of hotspot files or small-sized files need to be accessed frequently (multiple times per month on average) and require fast access response.
                                                                                                                                                                        • Infrequent access: Applicable when data is not frequently accessed (fewer than 12 times per year on average) but requires fast access response.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Access Mode
                                                                                                                                                                        
+
                                                                                                                                                                        OBS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                                        
+
                                                                                                                                                                        Secret
                                                                                                                                                                        
+
                                                                                                                                                                        Custom: Customize a secret if you want to assign different user permissions to different OBS storage devices. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
                                                                                                                                                                        
+
                                                                                                                                                                        Only secrets with the secret.kubernetes.io/used-by = csi label can be selected. The secret type is cfe/secure-opaque. If no secret is available, click Create Secret to create one.
                                                                                                                                                                        • Name: Enter a secret name.
                                                                                                                                                                        • Namespace: Select the namespace where the secret is.
                                                                                                                                                                        • Access Key (AK/SK): Upload a key file in .csv format. For details, see Obtaining an Access Key.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Click Create to create a PVC and a PV.
                                                                                                                                                                        You can choose Storage in the navigation pane and view the created PVC and PV on the PersistentVolumeClaims (PVCs) and PersistentVolumes (PVs) tab pages.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Create an application.
                                                                                                                                                                      1. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                                                                                                      2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                                                                        Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 1 Mounting a storage volume
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        PVC
                                                                                                                                                                        
+
                                                                                                                                                                        Select an existing object storage volume.
                                                                                                                                                                        
+
                                                                                                                                                                        Mount Path
                                                                                                                                                                        
+
                                                                                                                                                                        Enter a mount path, for example, /tmp.
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                                         NOTICE: 
                                                                                                                                                                        If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Subpath
                                                                                                                                                                        
+
                                                                                                                                                                        Enter a subpath, for example, tmp, indicating that data in the mount path of the container will be stored in the tmp folder of the volume.
                                                                                                                                                                        
+
                                                                                                                                                                        A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                                                                                                                                        
+
                                                                                                                                                                        Permission
                                                                                                                                                                        
+
                                                                                                                                                                        • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                                        • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause data loss.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, the disk is mounted to the /data path of the container. The container data generated in this path is stored in the OBS volume.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. After the configuration, click Create Workload.
                                                                                                                                                                        After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to PV Reclaim Policy.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    (kubectl) Automatically Creating an OBS Volume
                                                                                                                                                                    1. Use kubectl to connect to the cluster.
                                                                                                                                                                    2. Use StorageClass to dynamically create a PVC and PV.
                                                                                                                                                                      1. Create the pvc-obs-auto.yaml file.
                                                                                                                                                                        apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-obs-auto
+  namespace: default
+  annotations:
+    everest.io/obs-volume-type: STANDARD    # Object storage type.
+    csi.storage.k8s.io/fstype: obsfs        # Instance type.
+    csi.storage.k8s.io/node-publish-secret-name: <your_secret_name>       # Custom secret name.
+    csi.storage.k8s.io/node-publish-secret-namespace: <your_namespace>    # Namespace of the custom secret.
+ spec:
+  accessModes:
+    - ReadWriteMany             # For object storage, the value must be ReadWriteMany.
+  resources:
+    requests:
+      storage: 1Gi               # OBS volume capacity.
+  storageClassName: csi-obs    # The storage class type is OBS.
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 2 Key parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Mandatory
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        everest.io/obs-volume-type
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        OBS storage class.
                                                                                                                                                                        
+
                                                                                                                                                                        • If fsType is set to s3fs, STANDARD (standard bucket) and WARM (infrequent access bucket) are supported.
                                                                                                                                                                        • This parameter is invalid when fsType is set to obsfs.
                                                                                                                                                                        
+
                                                                                                                                                                        csi.storage.k8s.io/fstype
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Instance type. The value can be obsfs or s3fs.
                                                                                                                                                                        
+
                                                                                                                                                                        • obsfs: Parallel file system, which is mounted using obsfs (recommended).
                                                                                                                                                                        • s3fs: Object bucket, which is mounted using s3fs.
                                                                                                                                                                        
+
                                                                                                                                                                        csi.storage.k8s.io/node-publish-secret-name
                                                                                                                                                                        
+
                                                                                                                                                                        No
                                                                                                                                                                        
+
                                                                                                                                                                        Custom secret name.
                                                                                                                                                                        
+
                                                                                                                                                                        (Recommended) Select this option if you want to assign different user permissions to different OBS storage devices. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
                                                                                                                                                                        
+
                                                                                                                                                                        csi.storage.k8s.io/node-publish-secret-namespace
                                                                                                                                                                        
+
                                                                                                                                                                        No
                                                                                                                                                                        
+
                                                                                                                                                                        Namespace of a custom secret.
                                                                                                                                                                        
+
                                                                                                                                                                        storage
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Requested capacity in the PVC, in Gi.
                                                                                                                                                                        
+
                                                                                                                                                                        For OBS buckets, this field is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for OBS buckets.
                                                                                                                                                                        
+
                                                                                                                                                                        storageClassName
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Storage class name. The storage class name of OBS volumes is csi-obs.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a PVC:
                                                                                                                                                                        kubectl apply -f pvc-obs-auto.yaml
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Create an application.
                                                                                                                                                                      1. Create a file named web-demo.yaml. In this example, the OBS volume is mounted to the /data path.
                                                                                                                                                                        apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web-demo
+  namespace: default
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: web-demo
+  template:
+    metadata:
+      labels:
+        app: web-demo
+    spec:
+      containers:
+      - name: container-1
+        image: nginx:latest
+        volumeMounts:
+        - name: pvc-obs-volume    #Volume name, which must be the same as the volume name in the volumes field.
+          mountPath: /data  #Location where the storage volume is mounted.
+      imagePullSecrets:
+        - name: default-secret
+      volumes:
+        - name: pvc-obs-volume    #Volume name, which can be customized.
+          persistentVolumeClaim:
+            claimName: pvc-obs-auto    #Name of the created PVC.
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create an application to which the OBS volume is mounted:
                                                                                                                                                                        kubectl apply -f web-demo.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        After the workload is created, you can try Verifying Data Persistence and Sharing.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Verifying Data Persistence and Sharing
                                                                                                                                                                    1. View the deployed applications and files.
                                                                                                                                                                      1. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep web-demo
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        web-demo-846b489584-mjhm9   1/1     Running   0             46s
+web-demo-846b489584-wvv5s   1/1     Running   0             46s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following commands in sequence to view the files in the /data path of the pods:
                                                                                                                                                                        kubectl exec web-demo-846b489584-mjhm9 -- ls /data
+kubectl exec web-demo-846b489584-wvv5s -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        If no result is returned for both pods, no file exists in the /data path.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    2. Run the following command to create a file named static in the /data path:
                                                                                                                                                                      kubectl exec web-demo-846b489584-mjhm9 --  touch /data/static
                                                                                                                                                                      
+
                                                                                                                                                                    3. Run the following command to view the files in the /data path:
                                                                                                                                                                      kubectl exec web-demo-846b489584-mjhm9 -- ls /data
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      static
                                                                                                                                                                      
+
                                                                                                                                                                    4. Verify data persistence.
                                                                                                                                                                      1. Run the following command to delete the pod named web-demo-846b489584-mjhm9:
                                                                                                                                                                        kubectl delete pod web-demo-846b489584-mjhm9
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        pod "web-demo-846b489584-mjhm9" deleted
                                                                                                                                                                        
+
                                                                                                                                                                        After the deletion, the Deployment controller automatically creates a replica.
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep web-demo
                                                                                                                                                                        
+
                                                                                                                                                                        The expected output is as follows, in which web-demo-846b489584-d4d4j is the newly created pod:
                                                                                                                                                                        web-demo-846b489584-d4d4j   1/1     Running   0             110s
+web-demo-846b489584-wvv5s    1/1     Running   0             7m50s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. Run the following command to check whether the files in the /data path of the new pod have been modified:
                                                                                                                                                                        kubectl exec web-demo-846b489584-d4d4j -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        static
                                                                                                                                                                        
+
                                                                                                                                                                        If the static file still exists, the data can be stored persistently.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    5. Verify data sharing.
                                                                                                                                                                      1. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep web-demo
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        web-demo-846b489584-d4d4j   1/1     Running   0             7m
+web-demo-846b489584-wvv5s   1/1     Running   0             13m
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a file named share in the /data path of either pod: In this example, select the pod named web-demo-846b489584-d4d4j.
                                                                                                                                                                        kubectl exec web-demo-846b489584-d4d4j --  touch /data/share
                                                                                                                                                                        
+
                                                                                                                                                                        Check the files in the /data path of the pod.
                                                                                                                                                                        kubectl exec web-demo-846b489584-d4d4j -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        share
+static
                                                                                                                                                                        
+
                                                                                                                                                                      3. Check whether the share file exists in the /data path of another pod (web-demo-846b489584-wvv5s) as well to verify data sharing.
                                                                                                                                                                        kubectl exec web-demo-846b489584-wvv5s -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        share
+static
                                                                                                                                                                        
+
                                                                                                                                                                        After you create a file in the /data path of a pod, if the file is also created in the /data path of another pods, the two pods share the same volume.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Related Operations
                                                                                                                                                                    You can also perform the operations listed in Table 3.
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 3 Related operations
                                                                                                                                                                    Operation
                                                                                                                                                                    
+
                                                                                                                                                                    Description
                                                                                                                                                                    
+
                                                                                                                                                                    Procedure
                                                                                                                                                                    
+
                                                                                                                                                                    Updating an access key
                                                                                                                                                                    
+
                                                                                                                                                                    Update the access key of object storage on the CCE console.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab. Click More > Update Access Key in the Operation column of the PVC.
                                                                                                                                                                    2. Upload a key file in .csv format. For details, see Obtaining an Access Key. Click OK.
                                                                                                                                                                       NOTE: 
                                                                                                                                                                      After a global access key is updated, all pods mounted with the object storage that uses this access key can be accessed only after being restarted.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    Events
                                                                                                                                                                    
+
                                                                                                                                                                    You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing a YAML file
                                                                                                                                                                    
+
                                                                                                                                                                    You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Object Storage Service (OBS)
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0631.html b/docs/cce/umn/cce_10_0631.html
new file mode 100644
index 000000000..99c9d3164
--- /dev/null
+++ b/docs/cce/umn/cce_10_0631.html
@@ -0,0 +1,183 @@
+
+
+
                                                                                                                                                                    Configuring OBS Mount Options
                                                                                                                                                                    
+
                                                                                                                                                                    This section describes how to configure OBS volume mount options. You can configure mount options in a PV and bind the PV to a PVC. Alternatively, configure mount options in a StorageClass and use the StorageClass to create a PVC. In this way, PVs can be dynamically created and inherit mount options configured in the StorageClass by default.
                                                                                                                                                                    
+
                                                                                                                                                                    Prerequisites
                                                                                                                                                                    The everest add-on version must be 1.2.8 or later. The add-on identifies the mount options and transfers them to the underlying storage resources, which determine whether the specified options are valid.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Constraints
                                                                                                                                                                    Mount options cannot be configured for Kata containers.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    OBS Mount Options
                                                                                                                                                                    When mounting an OBS volume, the everest add-on presets the options described in Table 1 and Table 2 by default. The options in Table 1 are mandatory. 
                                                                                                                                                                    
+
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 1 Mandatory mount options configured by default
                                                                                                                                                                    Parameter
                                                                                                                                                                    
+
                                                                                                                                                                    Value
                                                                                                                                                                    
+
                                                                                                                                                                    Description
                                                                                                                                                                    
+
                                                                                                                                                                    use_ino
                                                                                                                                                                    
+
                                                                                                                                                                    Leave it blank.
                                                                                                                                                                    
+
                                                                                                                                                                    If enabled, obsfs allocates the inode number. Enabled by default in read/write mode.
                                                                                                                                                                    
+
                                                                                                                                                                    big_writes
                                                                                                                                                                    
+
                                                                                                                                                                    Leave it blank.
                                                                                                                                                                    
+
                                                                                                                                                                    If configured, the maximum size of the cache can be modified.
                                                                                                                                                                    
+
                                                                                                                                                                    nonempty
                                                                                                                                                                    
+
                                                                                                                                                                    Leave it blank.
                                                                                                                                                                    
+
                                                                                                                                                                    Allows non-empty mount paths.
                                                                                                                                                                    
+
                                                                                                                                                                    allow_other
                                                                                                                                                                    
+
                                                                                                                                                                    Leave it blank.
                                                                                                                                                                    
+
                                                                                                                                                                    Allows other users to access the parallel file system.
                                                                                                                                                                    
+
                                                                                                                                                                    no_check_certificate
                                                                                                                                                                    
+
                                                                                                                                                                    Leave it blank.
                                                                                                                                                                    
+
                                                                                                                                                                    Disables server certificate verification.
                                                                                                                                                                    
+
                                                                                                                                                                    enable_noobj_cache
                                                                                                                                                                    
+
                                                                                                                                                                    Leave it blank.
                                                                                                                                                                    
+
                                                                                                                                                                    Enables cache entries for objects that do not exist, which can improve performance. Enabled by default in object bucket read/write mode.
                                                                                                                                                                    
+
                                                                                                                                                                    This option is no longer configured by default since everest 1.2.40.
                                                                                                                                                                    
+
                                                                                                                                                                    sigv2
                                                                                                                                                                    
+
                                                                                                                                                                    Leave it blank.
                                                                                                                                                                    
+
                                                                                                                                                                    Specifies the signature version. Used by default in object buckets.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 2 Optional mount options configured by default
                                                                                                                                                                    Parameter
                                                                                                                                                                    
+
                                                                                                                                                                    Value
                                                                                                                                                                    
+
                                                                                                                                                                    Description
                                                                                                                                                                    
+
                                                                                                                                                                    max_write
                                                                                                                                                                    
+
                                                                                                                                                                    131072
                                                                                                                                                                    
+
                                                                                                                                                                    This parameter is valid only when big_writes is configured. The recommended value is 128 KB.
                                                                                                                                                                    
+
                                                                                                                                                                    ssl_verify_hostname
                                                                                                                                                                    
+
                                                                                                                                                                    0
                                                                                                                                                                    
+
                                                                                                                                                                    Disables SSL certificate verification based on the host name.
                                                                                                                                                                    
+
                                                                                                                                                                    max_background
                                                                                                                                                                    
+
                                                                                                                                                                    100
                                                                                                                                                                    
+
                                                                                                                                                                    Allows setting the maximum number of waiting requests in the background. Used by default in parallel file systems.
                                                                                                                                                                    
+
                                                                                                                                                                    public_bucket
                                                                                                                                                                    
+
                                                                                                                                                                    1
                                                                                                                                                                    
+
                                                                                                                                                                    If set to 1, public buckets are mounted anonymously. Enabled by default in object bucket read/write mode.
                                                                                                                                                                    
+
                                                                                                                                                                    umask
                                                                                                                                                                    
+
                                                                                                                                                                    Leave it blank.
                                                                                                                                                                    
+
                                                                                                                                                                    Mask of the configuration file permission.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Configuring Mount Options in a PV
                                                                                                                                                                    You can use the mountOptions field to configure mount options in a PV. The options you can configure in mountOptions are listed in OBS Mount Options.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    2. Configure mount options in a PV. Example:
                                                                                                                                                                      apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: everest-csi-provisioner
+    everest.io/reclaim-policy: retain-volume-only      # (Optional) The PV is deleted while the underlying volume is retained.
+  name: pv-obs       # PV name.
+spec:
+  accessModes:
+  - ReadWriteMany    # Access mode. The value must be ReadWriteMany for OBS.
+  capacity:
+    storage: 1Gi     # OBS volume capacity.
+  csi:
+    driver: obs.csi.everest.io        # Dependent storage driver for the mounting.
+    fsType: obsfs                     # Instance type.
+    volumeHandle: <your_volume_id>    # Name of the OBS volume.
+    volumeAttributes:
+      storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
+      everest.io/obs-volume-type: STANDARD
+      everest.io/region: <your_region>                        # Region where the OBS volume is.
+
+    nodePublishSecretRef:            # Custom secret of the OBS volume.
+      name: <your_secret_name>       # Custom secret name.
+      namespace: <your_namespace>    # Namespace of the custom secret.
+  persistentVolumeReclaimPolicy: Retain    # Reclaim policy.
+  storageClassName: csi-obs               # Storage class name.
+  mountOptions:                            # Mount options.
+  - umask=0027
                                                                                                                                                                      
+
                                                                                                                                                                    3. After a PV is created, you can create a PVC and bind it to the PV, and then mount the PV to the container in the workload. For details, see Using an Existing OBS Bucket Through a Static PV.
                                                                                                                                                                    4. Check whether the mount options take effect.
                                                                                                                                                                      In this example, the PVC is mounted to the workload that uses the nginx:latest image. You can log in to the node where the pod to which the OBS volume is mounted resides and view the progress details.
                                                                                                                                                                      
+
                                                                                                                                                                      Run the following command:
                                                                                                                                                                      • Object bucket: ps -ef | grep s3fs
                                                                                                                                                                        root     22142     1  0 Jun03 ?        00:00:00 /usr/bin/s3fs {your_obs_name} /mnt/paas/kubernetes/kubelet/pods/{pod_uid}/volumes/kubernetes.io~csi/{your_pv_name}/mount -o url=https://{endpoint}:443 -o endpoint={region} -o passwd_file=/opt/everest-host-connector/***_obstmpcred/{your_obs_name} -o nonempty -o big_writes -o sigv2 -o allow_other -o no_check_certificate -o ssl_verify_hostname=0 -o umask=0027 -o max_write=131072 -o multipart_size=20
                                                                                                                                                                        
+
                                                                                                                                                                      • Parallel file system: ps -ef | grep obsfs
                                                                                                                                                                        root      1355     1  0 Jun03 ?        00:03:16 /usr/bin/obsfs {your_obs_name} /mnt/paas/kubernetes/kubelet/pods/{pod_uid}/volumes/kubernetes.io~csi/{your_pv_name}/mount -o url=https://{endpoint}:443 -o endpoint={region} -o passwd_file=/opt/everest-host-connector/***_obstmpcred/{your_obs_name} -o allow_other -o nonempty -o big_writes -o use_ino -o no_check_certificate -o ssl_verify_hostname=0 -o max_background=100 -o umask=0027 -o max_write=131072
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Configuring Mount Options in a StorageClass
                                                                                                                                                                    You can use the mountOptions field to configure mount options in a StorageClass. The options you can configure in mountOptions are listed in OBS Mount Options.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    2. Create a customized StorageClass. Example:
                                                                                                                                                                      kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: csi-obs-mount-option
+provisioner: everest-csi-provisioner
+parameters:
+  csi.storage.k8s.io/csi-driver-name: obs.csi.everest.io
+  csi.storage.k8s.io/fstype: s3fs
+  everest.io/obs-volume-type: STANDARD
+reclaimPolicy: Delete
+volumeBindingMode: Immediate
+mountOptions:                            # Mount options.
+- umask=0027
                                                                                                                                                                      
+
                                                                                                                                                                    3. After the StorageClass is configured, you can use it to create a PVC. By default, the dynamically created PVs inherit the mount options configured in the StorageClass. For details, see Using an OBS Bucket Through a Dynamic PV.
                                                                                                                                                                    4. Check whether the mount options take effect.
                                                                                                                                                                      In this example, the PVC is mounted to the workload that uses the nginx:latest image. You can log in to the node where the pod to which the OBS volume is mounted resides and view the progress details.
                                                                                                                                                                      
+
                                                                                                                                                                      Run the following command:
                                                                                                                                                                      • Object bucket: ps -ef | grep s3fs
                                                                                                                                                                        root     22142     1  0 Jun03 ?        00:00:00 /usr/bin/s3fs {your_obs_name} /mnt/paas/kubernetes/kubelet/pods/{pod_uid}/volumes/kubernetes.io~csi/{your_pv_name}/mount -o url=https://{endpoint}:443 -o endpoint={region} -o passwd_file=/opt/everest-host-connector/***_obstmpcred/{your_obs_name} -o nonempty -o big_writes -o sigv2 -o allow_other -o no_check_certificate -o ssl_verify_hostname=0 -o umask=0027 -o max_write=131072 -o multipart_size=20
                                                                                                                                                                        
+
                                                                                                                                                                      • Parallel file system: ps -ef | grep obsfs
                                                                                                                                                                        root      1355     1  0 Jun03 ?        00:03:16 /usr/bin/obsfs {your_obs_name} /mnt/paas/kubernetes/kubelet/pods/{pod_uid}/volumes/kubernetes.io~csi/{your_pv_name}/mount -o url=https://{endpoint}:443 -o endpoint={region} -o passwd_file=/opt/everest-host-connector/***_obstmpcred/{your_obs_name} -o allow_other -o nonempty -o big_writes -o use_ino -o no_check_certificate -o ssl_verify_hostname=0 -o max_background=100 -o umask=0027 -o max_write=131072
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Object Storage Service (OBS)
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0633.html b/docs/cce/umn/cce_10_0633.html
new file mode 100644
index 000000000..66da496b4
--- /dev/null
+++ b/docs/cce/umn/cce_10_0633.html
@@ -0,0 +1,20 @@
+
+
+
                                                                                                                                                                    Overview
                                                                                                                                                                    
+
                                                                                                                                                                    Introduction
                                                                                                                                                                    CCE allows you to use LVM to combine data volumes on nodes into a storage pool (VolumeGroup) and create LVs for containers to mount. A PV that uses a local persistent volume as the medium is considered local PV.
                                                                                                                                                                    
+
                                                                                                                                                                    Compared with the HostPath volume, the local PV can be used in a persistent and portable manner. In addition, the PV of the local PV has the node affinity configuration. The pod mounted to the local PV is automatically scheduled based on the affinity configuration. You do not need to manually schedule the pod to a specific node.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Mounting Modes
                                                                                                                                                                    Local PVs can be mounted only in the following modes:
                                                                                                                                                                    
+
                                                                                                                                                                    • Using a Local PV Through a Dynamic PV: dynamic creation mode, where you specify a StorageClass during PVC creation and an OBS volume and a PV will be automatically created.
                                                                                                                                                                    • Dynamically Mounting a Local PV to a StatefulSet: Only StatefulSets support this mode. Each pod is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. This mode applies to StatefulSets with multiple pods.
                                                                                                                                                                    
+
                                                                                                                                                                     
                                                                                                                                                                    Local PVs cannot be used through static PVs. That is, local PVs cannot be manually created and then mounted to workloads through PVCs.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Constraints
                                                                                                                                                                    • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                                                    • Deleting removing,, resetting, or scaling in a node will cause the PVC/PV data of the local PV associated with the node to be lost, which cannot be restored or used again. For details, see Removing a Node, Deleting a Node, Resetting a Node, and Scaling a Node. In these scenarios, the pod that uses the local PV is evicted from the node. A new pod will be created and stay in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
                                                                                                                                                                    • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                    • A local PV cannot be mounted to multiple workloads or jobs at the same time.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
+
diff --git a/docs/cce/umn/cce_10_0634.html b/docs/cce/umn/cce_10_0634.html
new file mode 100644
index 000000000..4b3bafabe
--- /dev/null
+++ b/docs/cce/umn/cce_10_0634.html
@@ -0,0 +1,250 @@
+
+
+
                                                                                                                                                                    Using a Local PV Through a Dynamic PV
                                                                                                                                                                    
+
                                                                                                                                                                    Prerequisites
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Constraints
                                                                                                                                                                    • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                                                    • Deleting removing,, resetting, or scaling in a node will cause the PVC/PV data of the local PV associated with the node to be lost, which cannot be restored or used again. For details, see Removing a Node, Deleting a Node, Resetting a Node, and Scaling a Node. In these scenarios, the pod that uses the local PV is evicted from the node. A new pod will be created and stay in the pending state. This is because the PVC used by the pod has a node label, due to which the pod cannot be scheduled. After the node is reset, the pod may be scheduled to the reset node. In this case, the pod remains in the creating state because the underlying logical volume corresponding to the PVC does not exist.
                                                                                                                                                                    • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                    • A local PV cannot be mounted to multiple workloads or jobs at the same time.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Automatically Creating a Local PV on the Console
                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    2. Dynamically create a PVC and PV.
                                                                                                                                                                      1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) tab. Click Create PVC in the upper right corner. In the dialog box displayed, configure the PVC parameters.
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        PVC Type
                                                                                                                                                                        
+
                                                                                                                                                                        In this section, select Local PV.
                                                                                                                                                                        
+
                                                                                                                                                                        PVC Name
                                                                                                                                                                        
+
                                                                                                                                                                        Enter the PVC name, which must be unique in the same namespace.
                                                                                                                                                                        
+
                                                                                                                                                                        Creation Method
                                                                                                                                                                        
+
                                                                                                                                                                        You can only select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
                                                                                                                                                                        
+
                                                                                                                                                                        Storage Classes
                                                                                                                                                                        
+
                                                                                                                                                                        The storage class of local PVs is csi-local-topology.
                                                                                                                                                                        
+
                                                                                                                                                                        Access Mode
                                                                                                                                                                        
+
                                                                                                                                                                        Local PVs support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                                        
+
                                                                                                                                                                        Storage Pool
                                                                                                                                                                        
+
                                                                                                                                                                        View the imported storage pool.
                                                                                                                                                                        
+
                                                                                                                                                                        Capacity (GiB)
                                                                                                                                                                        
+
                                                                                                                                                                        Capacity of the requested storage volume.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Click Create to create a PVC and a PV.
                                                                                                                                                                        You can choose Storage in the navigation pane and view the created PVC and PV on the PersistentVolumeClaims (PVCs) and PersistentVolumes (PVs) tab pages.
                                                                                                                                                                        
+
                                                                                                                                                                         
                                                                                                                                                                        The volume binding mode of the local storage class (named csi-local-topology) is late binding (that is, the value of volumeBindingMode is WaitForFirstConsumer). In this mode, PV creation and binding are delayed. The corresponding PV is created and bound only when the PVC is used during workload creation.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Create an application.
                                                                                                                                                                      1. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                                                                                                      2. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
                                                                                                                                                                        Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 1 Mounting a storage volume
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        PVC
                                                                                                                                                                        
+
                                                                                                                                                                        Select an existing local PV.
                                                                                                                                                                        
+
                                                                                                                                                                        A local PV cannot be repeatedly mounted to multiple workloads.
                                                                                                                                                                        
+
                                                                                                                                                                        Mount Path
                                                                                                                                                                        
+
                                                                                                                                                                        Enter a mount path, for example, /tmp.
                                                                                                                                                                        
+
                                                                                                                                                                        This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                                         NOTICE: 
                                                                                                                                                                        If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        Subpath
                                                                                                                                                                        
+
                                                                                                                                                                        Enter a subpath, for example, tmp, indicating that data in the mount path of the container will be stored in the tmp folder of the volume.
                                                                                                                                                                        
+
                                                                                                                                                                        A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                                                                                                                                        
+
                                                                                                                                                                        Permission
                                                                                                                                                                        
+
                                                                                                                                                                        • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                                        • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause data loss.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        In this example, the disk is mounted to the /data path of the container. The container data generated in this path is stored in the local PV.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      3. After the configuration, click Create Workload.
                                                                                                                                                                        After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    (kubectl) Automatically Creating a Local PV
                                                                                                                                                                    1. Use kubectl to connect to the cluster.
                                                                                                                                                                    2. Use StorageClass to dynamically create a PVC and PV.
                                                                                                                                                                      1. Create the pvc-local.yaml file.
                                                                                                                                                                        apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-local
+  namespace: default
+spec:
+  accessModes:
+    - ReadWriteOnce             # The local PV must adopt ReadWriteOnce.
+  resources:
+    requests:
+      storage: 10Gi             # Size of the local PV.
+  storageClassName: csi-local-topology    # StorageClass is local PV.
                                                                                                                                                                        
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 2 Key parameters
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Mandatory
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        storage
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Requested capacity in the PVC, in Gi.
                                                                                                                                                                        
+
                                                                                                                                                                        storageClassName
                                                                                                                                                                        
+
                                                                                                                                                                        Yes
                                                                                                                                                                        
+
                                                                                                                                                                        Storage class name. The storage class name of local PV is csi-local-topology.
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create a PVC:
                                                                                                                                                                        kubectl apply -f pvc-local.yaml
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Create an application.
                                                                                                                                                                      1. Create a file named web-demo.yaml. In this example, the local PV is mounted to the /data path.
                                                                                                                                                                        apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: web-local
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: web-local
+  serviceName: web-local   # Headless Service name.
+  template:
+    metadata:
+      labels:
+        app: web-local
+    spec:
+      containers:
+      - name: container-1
+        image: nginx:latest
+        volumeMounts:
+        - name: pvc-disk    #Volume name, which must be the same as the volume name in the volumes field.
+          mountPath: /data  #Location where the storage volume is mounted.
+      imagePullSecrets:
+        - name: default-secret
+      volumes:
+        - name: pvc-disk    #Volume name, which can be customized.
+          persistentVolumeClaim:
+            claimName: pvc-local    #Name of the created PVC.
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: web-local   # Headless Service name.
+  namespace: default
+  labels:
+    app: web-local
+spec:
+  selector:
+    app: web-local
+  clusterIP: None
+  ports:
+    - name: web-local
+      targetPort: 80
+      nodePort: 0
+      port: 80
+      protocol: TCP
+  type: ClusterIP
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to create an application to which the local PV is mounted:
                                                                                                                                                                        kubectl apply -f web-local.yaml
                                                                                                                                                                        
+
                                                                                                                                                                        After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence.
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Verifying Data Persistence
                                                                                                                                                                    1. View the deployed application and local files.
                                                                                                                                                                      1. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep web-local
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        web-local-0                  1/1     Running   0               38s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to check whether the local PV has been mounted to the /data path:
                                                                                                                                                                        kubectl exec web-local-0 -- df | grep data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        /dev/mapper/vg--everest--localvolume--persistent-pvc-local          10255636     36888  10202364   0% /data
                                                                                                                                                                        
+
                                                                                                                                                                      3. Run the following command to view the files in the /data path:
                                                                                                                                                                        kubectl exec web-local-0 -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        lost+found
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    2. Run the following command to create a file named static in the /data path:
                                                                                                                                                                      kubectl exec web-local-0 --  touch /data/static
                                                                                                                                                                      
+
                                                                                                                                                                    3. Run the following command to view the files in the /data path:
                                                                                                                                                                      kubectl exec web-local-0 -- ls /data
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      lost+found
+static
                                                                                                                                                                      
+
                                                                                                                                                                    4. Run the following command to delete the pod named web-local-0:
                                                                                                                                                                      kubectl delete pod web-local-0
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      pod "web-local-0" deleted
                                                                                                                                                                      
+
                                                                                                                                                                    5. After the deletion, the StatefulSet controller automatically creates a replica with the same name. Run the following command to check whether the files in the /data path have been modified:
                                                                                                                                                                      kubectl exec web-local-0 -- ls /data
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      lost+found
+static
                                                                                                                                                                      
+
                                                                                                                                                                      If the static file still exists, the data in the local PV can be stored persistently.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Related Operations
                                                                                                                                                                    You can also perform the operations listed in Table 3.
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 3 Related operations
                                                                                                                                                                    Operation
                                                                                                                                                                    
+
                                                                                                                                                                    Description
                                                                                                                                                                    
+
                                                                                                                                                                    Procedure
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing events
                                                                                                                                                                    
+
                                                                                                                                                                    You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing a YAML file
                                                                                                                                                                    
+
                                                                                                                                                                    You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
+
diff --git a/docs/cce/umn/cce_10_0635.html b/docs/cce/umn/cce_10_0635.html
new file mode 100644
index 000000000..a2a77ffd9
--- /dev/null
+++ b/docs/cce/umn/cce_10_0635.html
@@ -0,0 +1,234 @@
+
+
+
                                                                                                                                                                    Dynamically Mounting a Local PV to a StatefulSet
                                                                                                                                                                    
+
                                                                                                                                                                    Application Scenarios
                                                                                                                                                                    Dynamic mounting is available only for creating a StatefulSet. It is implemented through a volume claim template (volumeClaimTemplates field) and depends on the storage class to dynamically provision PVs. In this mode, each pod in a multi-pod StatefulSet is associated with a unique PVC and PV. After a pod is rescheduled, the original data can still be mounted to it based on the PVC name. In the common mounting mode for a Deployment, if ReadWriteMany is supported, multiple pods of the Deployment will be mounted to the same underlying storage.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Prerequisites
                                                                                                                                                                    • You have created a cluster and installed the CSI add-on (everest) in the cluster.
                                                                                                                                                                    • If you want to create a cluster using commands, use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    • You have imported a data disk of a node to the local PV storage pool.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Dynamically Mounting a Local PV on the Console
                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    2. In the navigation pane on the left, click Workloads. In the right pane, click the StatefulSets tab.
                                                                                                                                                                    3. Click Create Workload in the upper right corner. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select VolumeClaimTemplate (VTC).
                                                                                                                                                                    4. Click Create PVC. In the dialog box displayed, configure the volume claim template parameters.
                                                                                                                                                                      Click Create.
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Parameter
                                                                                                                                                                      
+
                                                                                                                                                                      Description
                                                                                                                                                                      
+
                                                                                                                                                                      PVC Type
                                                                                                                                                                      
+
                                                                                                                                                                      In this section, select Local PV.
                                                                                                                                                                      
+
                                                                                                                                                                      PVC Name
                                                                                                                                                                      
+
                                                                                                                                                                      Enter the name of the PVC. After a PVC is created, a suffix is automatically added based on the number of pods. The format is <Custom PVC name>-<Serial number>, for example, example-0.
                                                                                                                                                                      
+
                                                                                                                                                                      Creation Method
                                                                                                                                                                      
+
                                                                                                                                                                      You can only select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
                                                                                                                                                                      
+
                                                                                                                                                                      Storage Classes
                                                                                                                                                                      
+
                                                                                                                                                                      The storage class of local PVs is csi-local-topology.
                                                                                                                                                                      
+
                                                                                                                                                                      Access Mode
                                                                                                                                                                      
+
                                                                                                                                                                      Local PVs support only ReadWriteOnce, indicating that a storage volume can be mounted to one node in read/write mode. For details, see Volume Access Modes.
                                                                                                                                                                      
+
                                                                                                                                                                      Storage Pool
                                                                                                                                                                      
+
                                                                                                                                                                      View the imported storage pool.
                                                                                                                                                                      
+
                                                                                                                                                                      Capacity (GiB)
                                                                                                                                                                      
+
                                                                                                                                                                      Capacity of the requested storage volume.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    5. Enter the path to which the volume is mounted.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Table 1 Mounting a storage volume
                                                                                                                                                                      Parameter
                                                                                                                                                                      
+
                                                                                                                                                                      Description
                                                                                                                                                                      
+
                                                                                                                                                                      Mount Path
                                                                                                                                                                      
+
                                                                                                                                                                      Enter a mount path, for example, /tmp.
                                                                                                                                                                      
+
                                                                                                                                                                      This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, errors will occur in containers. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                                       NOTICE: 
                                                                                                                                                                      If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Subpath
                                                                                                                                                                      
+
                                                                                                                                                                      Enter a subpath, for example, tmp, indicating that data in the mount path of the container will be stored in the tmp folder of the volume.
                                                                                                                                                                      
+
                                                                                                                                                                      A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                                                                                                                                      
+
                                                                                                                                                                      Permission
                                                                                                                                                                      
+
                                                                                                                                                                      • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                                      • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause data loss.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      In this example, the disk is mounted to the /data path of the container. The container data generated in this path is stored in the local PV.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    6. Dynamically mount and use storage volumes. For details about other parameters, see Creating a StatefulSet. After the configuration, click Create Workload.
                                                                                                                                                                      After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    (kubectl) Using an Existing Local PV
                                                                                                                                                                    1. Use kubectl to connect to the cluster.
                                                                                                                                                                    2. Create a file named statefulset-local.yaml. In this example, the local PV is mounted to the /data path.
                                                                                                                                                                      apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: statefulset-local
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: statefulset-local
+  template:
+    metadata:
+      labels:
+        app: statefulset-local
+    spec:
+      containers:
+        - name: container-1
+          image: nginx:latest
+          volumeMounts:
+            - name: pvc-local          # The value must be the same as that in the volumeClaimTemplates field.
+              mountPath: /data         # Location where the storage volume is mounted.
+      imagePullSecrets:
+        - name: default-secret
+  serviceName: statefulset-local       # Headless Service name.
+  replicas: 2
+  volumeClaimTemplates:
+    - apiVersion: v1
+      kind: PersistentVolumeClaim
+      metadata:
+        name: pvc-local
+        namespace: default
+      spec:
+        accessModes:
+          - ReadWriteOnce               # The local PV must adopt ReadWriteOnce.
+        resources:
+          requests:
+            storage: 10Gi               # Storage volume capacity.
+        storageClassName: csi-local-topology      # StorageClass is local PV.
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: statefulset-local   # Headless Service name.
+  namespace: default
+  labels:
+    app: statefulset-local
+spec:
+  selector:
+    app: statefulset-local
+  clusterIP: None
+  ports:
+    - name: statefulset-local
+      targetPort: 80
+      nodePort: 0
+      port: 80
+      protocol: TCP
+  type: ClusterIP
                                                                                                                                                                      
+
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Table 2 Key parameters
                                                                                                                                                                      Parameter
                                                                                                                                                                      
+
                                                                                                                                                                      Mandatory
                                                                                                                                                                      
+
                                                                                                                                                                      Description
                                                                                                                                                                      
+
                                                                                                                                                                      storage
                                                                                                                                                                      
+
                                                                                                                                                                      Yes
                                                                                                                                                                      
+
                                                                                                                                                                      Requested capacity in the PVC, in Gi.
                                                                                                                                                                      
+
                                                                                                                                                                      storageClassName
                                                                                                                                                                      
+
                                                                                                                                                                      Yes
                                                                                                                                                                      
+
                                                                                                                                                                      The storage class of local PVs is csi-local-topology.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    3. Run the following command to create an application to which the local PV is mounted:
                                                                                                                                                                      kubectl apply -f statefulset-local.yaml
                                                                                                                                                                      
+
                                                                                                                                                                      After the workload is created, you can try Verifying Data Persistence.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Verifying Data Persistence
                                                                                                                                                                    1. View the deployed application and files.
                                                                                                                                                                      1. Run the following command to view the created pod:
                                                                                                                                                                        kubectl get pod | grep statefulset-local
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        statefulset-local-0          1/1     Running   0             45s
+statefulset-local-1          1/1     Running   0             28s
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      2. Run the following command to check whether the local PV has been mounted to the /data path:
                                                                                                                                                                        kubectl exec statefulset-local-0 -- df | grep data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        /dev/mapper/vg--everest--localvolume--persistent-pvc-local              10255636     36888  10202364   0% /data
                                                                                                                                                                        
+
                                                                                                                                                                      3. Run the following command to view the files in the /data path:
                                                                                                                                                                        kubectl exec statefulset-local-0 -- ls /data
                                                                                                                                                                        
+
                                                                                                                                                                        Expected output:
                                                                                                                                                                        
+
                                                                                                                                                                        lost+found
                                                                                                                                                                        
+
                                                                                                                                                                      
+
                                                                                                                                                                    2. Run the following command to create a file named static in the /data path:
                                                                                                                                                                      kubectl exec statefulset-local-0 --  touch /data/static
                                                                                                                                                                      
+
                                                                                                                                                                    3. Run the following command to view the files in the /data path:
                                                                                                                                                                      kubectl exec statefulset-local-0 -- ls /data
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      lost+found
+static
                                                                                                                                                                      
+
                                                                                                                                                                    4. Run the following command to delete the pod named web-local-auto-0:
                                                                                                                                                                      kubectl delete pod statefulset-local-0
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      pod "statefulset-local-0" deleted
                                                                                                                                                                      
+
                                                                                                                                                                    5. After the deletion, the StatefulSet controller automatically creates a replica with the same name. Run the following command to check whether the files in the /data path have been modified:
                                                                                                                                                                      kubectl exec statefulset-local-0 -- ls /data
                                                                                                                                                                      
+
                                                                                                                                                                      Expected output:
                                                                                                                                                                      
+
                                                                                                                                                                      lost+found
+static
                                                                                                                                                                      
+
                                                                                                                                                                      If the static file still exists, the data in the local PV can be stored persistently.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Related Operations
                                                                                                                                                                    You can also perform the operations listed in Table 3.
+
                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                    Table 3 Related operations
                                                                                                                                                                    Operation
                                                                                                                                                                    
+
                                                                                                                                                                    Description
                                                                                                                                                                    
+
                                                                                                                                                                    Procedure
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing events
                                                                                                                                                                    
+
                                                                                                                                                                    You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View Events in the Operation column of the target PVC or PV to view events generated within one hour (event data is retained for one hour).
                                                                                                                                                                    
+
                                                                                                                                                                    Viewing a YAML file
                                                                                                                                                                    
+
                                                                                                                                                                    You can view, copy, and download the YAML files of a PVC or PV.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Choose Storage from the navigation pane, and click the PersistentVolumeClaims (PVCs) or PersistentVolumes (PVs) tab.
                                                                                                                                                                    2. Click View YAML in the Operation column of the target PVC or PV to view or download the YAML.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
+
diff --git a/docs/cce/umn/cce_10_0636.html b/docs/cce/umn/cce_10_0636.html
new file mode 100644
index 000000000..a877bc5a1
--- /dev/null
+++ b/docs/cce/umn/cce_10_0636.html
@@ -0,0 +1,22 @@
+
+
+
                                                                                                                                                                    Ephemeral Volumes (emptyDir)
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
+
diff --git a/docs/cce/umn/cce_10_0637.html b/docs/cce/umn/cce_10_0637.html
new file mode 100644
index 000000000..0c3d9e630
--- /dev/null
+++ b/docs/cce/umn/cce_10_0637.html
@@ -0,0 +1,17 @@
+
+
+
                                                                                                                                                                    Overview
                                                                                                                                                                    
+
                                                                                                                                                                    Introduction
                                                                                                                                                                    Some applications require additional storage, but whether the data is still available after a restart is not important. For example, although cache services are limited by memory size, cache services can move infrequently used data to storage slower than memory. As a result, overall performance is not impacted significantly. Other applications require read-only data injected as files, such as configuration data or secrets.
                                                                                                                                                                    
+
                                                                                                                                                                    Ephemeral volumes (EVs) in Kubernetes are designed for the above scenario. EVs are created and deleted together with pods following the pod lifecycle.
                                                                                                                                                                    
+
                                                                                                                                                                    Common EVs in Kubernetes:
                                                                                                                                                                    • emptyDir: empty at pod startup, with storage coming locally from the kubelet base directory (usually the root disk) or memory. emptyDir is allocated from the EV of the node. If data from other sources (such as log files or image tiering data) occupies the temporary storage, the storage capacity may be insufficient.
                                                                                                                                                                    • ConfigMap: Kubernetes data of the ConfigMap type is mounted to pods as data volumes.
                                                                                                                                                                    • Secret: Kubernetes data of the Secret type is mounted to pods as data volumes.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Constraints
                                                                                                                                                                    • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the everest add-on version is 1.2.29 or later.
                                                                                                                                                                    • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                    • Ensure that the /var/lib/kubelet/pods/ directory is not mounted to the pod on the node. Otherwise, the pod, mounted with such volumes, may fail to be deleted.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Ephemeral Volumes (emptyDir)
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0638.html b/docs/cce/umn/cce_10_0638.html
new file mode 100644
index 000000000..08f74f0e4
--- /dev/null
+++ b/docs/cce/umn/cce_10_0638.html
@@ -0,0 +1,83 @@
+
+
+
                                                                                                                                                                    Using a Temporary Path
                                                                                                                                                                    
+
                                                                                                                                                                    A temporary path is of the Kubernetes-native emptyDir type. Its lifecycle is the same as that of a pod. Memory can be specified as the storage medium. When the pod is deleted, the emptyDir volume is deleted and its data is lost.
                                                                                                                                                                    
+
                                                                                                                                                                    Using the Console to Use a Temporary Path
                                                                                                                                                                    1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    2. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                                                                                                    3. Click Create Workload in the upper right corner of the page. In the Container Settings area, click the Data Storage tab and click Add Volume > emptyDir.
                                                                                                                                                                    4. Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                      Table 1 Mounting an EV
                                                                                                                                                                      Parameter
                                                                                                                                                                      
+
                                                                                                                                                                      Description
                                                                                                                                                                      
+
                                                                                                                                                                      Storage Medium
                                                                                                                                                                      
+
                                                                                                                                                                      Memory:
                                                                                                                                                                      • You can select this option to improve the running speed, but the storage capacity is subject to the memory size. This mode is applicable when data volume is small and efficient read and write is required.
                                                                                                                                                                      • If this function is disabled, data is stored in hard disks, which applies to a large amount of data with low requirements on reading and writing efficiency.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                       NOTE: 
                                                                                                                                                                      • If Memory is selected, pay attention to the memory size. If the storage capacity exceeds the memory size, an OOM event occurs.
                                                                                                                                                                      • If Memory is selected, the size of an EV is the same as pod specifications.
                                                                                                                                                                      • If Memory is not selected, EVs will not occupy the system memory.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Mount Path
                                                                                                                                                                      
+
                                                                                                                                                                      Enter a mount path, for example, /tmp.
                                                                                                                                                                      
+
                                                                                                                                                                      This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                                       NOTICE: 
                                                                                                                                                                      If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      Subpath
                                                                                                                                                                      
+
                                                                                                                                                                      Enter a subpath, for example, tmp, indicating that data in the mount path of the container will be stored in the tmp folder of the volume.
                                                                                                                                                                      
+
                                                                                                                                                                      A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                                                                                                                                      
+
                                                                                                                                                                      Permission
                                                                                                                                                                      
+
                                                                                                                                                                      • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                                      • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause data loss.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                    5. After the configuration, click Create Workload.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Using kubectl to Use a Temporary Path
                                                                                                                                                                    1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                    2. Create a file named nginx-emptydir.yaml and edit it.
                                                                                                                                                                      vi nginx-emptydir.yaml
                                                                                                                                                                      
+
                                                                                                                                                                      Content of the YAML file:
                                                                                                                                                                      
+
                                                                                                                                                                      apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-emptydir
+  namespace: default
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx-emptydir
+  template:
+    metadata:
+      labels:
+        app: nginx-emptydir
+    spec:
+      containers:
+        - name: container-1
+          image: nginx:latest
+          volumeMounts:
+            - name: vol-emptydir     # Volume name, which must be the same as the volume name in the volumes field.
+              mountPath: /tmp        # Path to which an EV is mounted.
+      imagePullSecrets:
+        - name: default-secret
+      volumes:
+        - name: vol-emptydir         # Volume name, which can be customized.
+          emptyDir:
+            medium: Memory          # EV disk medium: If this parameter is set to Memory, the memory is enabled. If this parameter is left blank, the native default storage medium is used.
+            sizeLimit: 1Gi          # Volume capacity.
                                                                                                                                                                      
+
                                                                                                                                                                    3. Create a workload.
                                                                                                                                                                      kubectl apply -f nginx-emptydir.yaml
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Parent topic: Ephemeral Volumes (emptyDir)
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_10_0642.html b/docs/cce/umn/cce_10_0642.html
new file mode 100644
index 000000000..bd44356b7
--- /dev/null
+++ b/docs/cce/umn/cce_10_0642.html
@@ -0,0 +1,24 @@
+
+
+
                                                                                                                                                                    Importing a PV to a Storage Pool
                                                                                                                                                                    
+
                                                                                                                                                                    CCE allows you to use LVM to combine data volumes on nodes into a storage pool (VolumeGroup) and create LVs for containers to mount. Before creating a local PV, import the data disk of the node to the storage pool.
                                                                                                                                                                    
+
                                                                                                                                                                    Constraints
                                                                                                                                                                    • Local PVs are supported only when the cluster version is v1.21.2-r0 or later and the everest add-on version is 2.1.23 or later. Version 2.1.23 or later is recommended.
                                                                                                                                                                    
+
                                                                                                                                                                    • The first data disk (used by container runtime and the kubelet component) on a node cannot be imported as a storage pool.
                                                                                                                                                                    • Storage pools in striped mode do not support scale-out. After scale-out, fragmented space may be generated and the storage pool cannot be used.
                                                                                                                                                                    • Storage pools cannot be scaled in or deleted.
                                                                                                                                                                    • If disks in a storage pool on a node are deleted, the storage pool will malfunction.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Importing a Storage Pool
                                                                                                                                                                    Imported during node creation
                                                                                                                                                                    
+
                                                                                                                                                                    When creating a node, you can add a data disk to the node in Storage Settings and import the data disk to the storage pool as a PV. For details, see Creating a Node.
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    Imported manually
                                                                                                                                                                    
+
                                                                                                                                                                    If no PV is imported during node creation, or the capacity of the current storage volume is insufficient, you can manually import a storage pool.
                                                                                                                                                                    
+
                                                                                                                                                                    1. Go to the ECS console and add a SCSI disk to the node. 
                                                                                                                                                                    2. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                    3. In the navigation pane, choose Storage and switch to the Storage Pool tab.
                                                                                                                                                                    4. View the node to which the disk has been added and select Import as PV. You can select a write mode during the import.
                                                                                                                                                                       
                                                                                                                                                                      If the manually attached disk is not displayed in the storage pool, wait for 1 minute and refresh the list.
                                                                                                                                                                      
+
                                                                                                                                                                      
+
                                                                                                                                                                      • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                                                                                                                      • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence, allowing data to be concurrently read and written. Select this option only when there are multiple volumes.
                                                                                                                                                                      
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
                                                                                                                                                                    
+
+
diff --git a/docs/cce/umn/cce_10_0652.html b/docs/cce/umn/cce_10_0652.html
index 6bbfa8d6f..3e953bb56 100644
--- a/docs/cce/umn/cce_10_0652.html
+++ b/docs/cce/umn/cce_10_0652.html
@@ -1,354 +1,455 @@
 
 
 
                                                                                                                                                                    Configuring a Node Pool
                                                                                                                                                                    
-
                                                                                                                                                                    Notes and Constraints
                                                                                                                                                                    The default node pool DefaultPool does not support the following management operations.
                                                                                                                                                                    
+
                                                                                                                                                                    Constraints
                                                                                                                                                                    The default node pool DefaultPool does not support the following management operations.
                                                                                                                                                                    
 
                                                                                                                                                                    
-
                                                                                                                                                                    Configuring Kubernetes Parameters
                                                                                                                                                                    CCE allows you to highly customize Kubernetes parameter settings on core components in a cluster. For more information, see kubelet.
                                                                                                                                                                    
-
                                                                                                                                                                    This function is supported only in clusters of v1.15 and later. It is not displayed for clusters earlier than v1.15.
                                                                                                                                                                    
-
                                                                                                                                                                    1. Log in to the CCE console.
                                                                                                                                                                    2. Click the cluster name and access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                                    3. Choose More > Manage next to the node pool name.
                                                                                                                                                                    4. On the Manage Component page on the right, change the values of the following Kubernetes parameters:
                                                                                                                                                                      
-
                                                                                                                                                                      Table 1 kubelet
                                                                                                                                                                      Parameter
                                                                                                                                                                      
+
                                                                                                                                                                      Configuration Management
                                                                                                                                                                      CCE allows you to highly customize Kubernetes parameter settings on core components in a cluster. For more information, see kubelet.
                                                                                                                                                                      
+
                                                                                                                                                                      This function is supported only in clusters of v1.15 and later. It is not displayed for clusters earlier than v1.15.
                                                                                                                                                                      
+
                                                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                                                      2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                                      3. Choose More > Manage in the Operation column of the target node pool
                                                                                                                                                                      4. On the Manage Components page on the right, change the values of the following Kubernetes parameters:
                                                                                                                                                                        
+
                                                                                                                                                                        
-
-
-
+
-
-
-
-
+
-
-
-
-
+
-
-
-
-
+
-
-
-
-
+
-
-
-
-
+
-
-
-
-
+
-
-
-
-
+
-
-
-
-
+
-
-
-
-
+
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
+
-
-
-
-
+
-
-
-
-
+
-
-
-
-
+
-
-
-
-
+
                                                                                                                                                                        Table 1 kubelet
                                                                                                                                                                        Parameter
                                                                                                                                                                        
 
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
 
                                                                                                                                                                        Default Value
                                                                                                                                                                        
+
                                                                                                                                                                        Default Value
                                                                                                                                                                        
 
                                                                                                                                                                        Remarks
                                                                                                                                                                        
+
                                                                                                                                                                        Modification
                                                                                                                                                                        
+
                                                                                                                                                                        Remarks
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        
 
                                                                                                                                                                        cpu-manager-policy
                                                                                                                                                                        
+
                                                                                                                                                                        cpu-manager-policy
                                                                                                                                                                        
 
                                                                                                                                                                        CPU management policy configuration. For details, see CPU Core Binding.
                                                                                                                                                                        
-
                                                                                                                                                                        • none: disables pods from exclusively occupying CPUs. Select this value if you want a large pool of shareable CPU cores.
                                                                                                                                                                        • static: enables pods to exclusively occupy CPUs. Select this value if your workload is sensitive to latency in CPU cache and scheduling.
                                                                                                                                                                        
+
                                                                                                                                                                        CPU management policy configuration. For details, see CPU Scheduling.
                                                                                                                                                                        
+
                                                                                                                                                                        • none: disables pods from exclusively occupying CPUs. Select this value if you want a large pool of shareable CPU cores.
                                                                                                                                                                        • static: enables pods to exclusively occupy CPUs. Select this value if your workload is sensitive to latency in CPU cache and scheduling.
                                                                                                                                                                        
 
                                                                                                                                                                        none
                                                                                                                                                                        
+
                                                                                                                                                                        none
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        kube-api-qps
                                                                                                                                                                        
+
                                                                                                                                                                        kube-api-qps
                                                                                                                                                                        
 
                                                                                                                                                                        Query per second (QPS) to use while talking with kube-apiserver.
                                                                                                                                                                        
+
                                                                                                                                                                        Query per second (QPS) for communicating with kube-apiserver.
                                                                                                                                                                        
 
                                                                                                                                                                        100
                                                                                                                                                                        
+
                                                                                                                                                                        100
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        kube-api-burst
                                                                                                                                                                        
+
                                                                                                                                                                        kube-api-burst
                                                                                                                                                                        
 
                                                                                                                                                                        Burst to use while talking with kube-apiserver.
                                                                                                                                                                        
+
                                                                                                                                                                        Burst to use while talking with kube-apiserver.
                                                                                                                                                                        
 
                                                                                                                                                                        100
                                                                                                                                                                        
+
                                                                                                                                                                        100
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        max-pods
                                                                                                                                                                        
+
                                                                                                                                                                        max-pods
                                                                                                                                                                        
 
                                                                                                                                                                        Maximum number of pods managed by kubelet.
                                                                                                                                                                        
+
                                                                                                                                                                        Maximum number of pods managed by kubelet.
                                                                                                                                                                        
 
                                                                                                                                                                        40
                                                                                                                                                                        
-
                                                                                                                                                                        20
                                                                                                                                                                        
+                                                                                                                                                                        		
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        pod-pids-limit
                                                                                                                                                                        
+
                                                                                                                                                                        pod-pids-limit
                                                                                                                                                                        
 
                                                                                                                                                                        PID limit in Kubernetes
                                                                                                                                                                        
+
                                                                                                                                                                        Limited number of PIDs in Kubernetes
                                                                                                                                                                        
 
                                                                                                                                                                        -1
                                                                                                                                                                        
+
                                                                                                                                                                        -1
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        with-local-dns
                                                                                                                                                                        
+
                                                                                                                                                                        with-local-dns
                                                                                                                                                                        
 
                                                                                                                                                                        Whether to use the local IP address as the ClusterDNS of the node.
                                                                                                                                                                        
+
                                                                                                                                                                        Whether to use the local IP address as the ClusterDNS of the node.
                                                                                                                                                                        
 
                                                                                                                                                                        false
                                                                                                                                                                        
+
                                                                                                                                                                        false
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        event-qps
                                                                                                                                                                        
+
                                                                                                                                                                        event-qps
                                                                                                                                                                        
 
                                                                                                                                                                        QPS limit for event creation
                                                                                                                                                                        
+
                                                                                                                                                                        QPS limit for event creation
                                                                                                                                                                        
 
                                                                                                                                                                        5
                                                                                                                                                                        
+
                                                                                                                                                                        5
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        allowed-unsafe-sysctls
                                                                                                                                                                        
+
                                                                                                                                                                        allowed-unsafe-sysctls
                                                                                                                                                                        
 
                                                                                                                                                                        Insecure system configuration allowed.
                                                                                                                                                                        
-
                                                                                                                                                                        Starting from v1.17.17, CCE enables pod security policies for kube-apiserver. You need to add corresponding configurations to allowedUnsafeSysctls of a pod security policy to make the policy take effect. (This configuration is not required for clusters earlier than v1.17.17.) For details, see Example of Enabling Unsafe Sysctls in Pod Security Policy.
                                                                                                                                                                        
+
                                                                                                                                                                        Insecure system configuration allowed.
                                                                                                                                                                        
+
                                                                                                                                                                        Starting from v1.17.17, CCE enables pod security policies for kube-apiserver. Add corresponding configurations to allowedUnsafeSysctls of a pod security policy to make the policy take effect. (This configuration is not required for clusters earlier than v1.17.17.) For details, see Example of Enabling Unsafe Sysctls in Pod Security Policy.
                                                                                                                                                                        
 
                                                                                                                                                                        []
                                                                                                                                                                        
+
                                                                                                                                                                        []
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        kube-reserved-mem
                                                                                                                                                                        
-
                                                                                                                                                                        system-reserved-mem
                                                                                                                                                                        
+
                                                                                                                                                                        over-subscription-resource
                                                                                                                                                                        
 
                                                                                                                                                                        Reserved node memory.
                                                                                                                                                                        
+
                                                                                                                                                                        Whether to enable node oversubscription.
                                                                                                                                                                        
+
                                                                                                                                                                        If this parameter is set to true, node oversubscription is enabled. For details, see Dynamic Resource Oversubscription.
                                                                                                                                                                        
 
                                                                                                                                                                        Depends on node specifications. For details, see Formula for Calculating the Reserved Resources of a Node.
                                                                                                                                                                        
+
                                                                                                                                                                        true
                                                                                                                                                                        
 
                                                                                                                                                                        The sum of kube-reserved-mem and system-reserved-mem is less than half of the memory.
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        topology-manager-policy
                                                                                                                                                                        
+
                                                                                                                                                                        colocation
                                                                                                                                                                        
 
                                                                                                                                                                        Set the topology management policy.
                                                                                                                                                                        
-
                                                                                                                                                                        Valid values are as follows:
                                                                                                                                                                        
-
                                                                                                                                                                        • restricted: kubelet accepts only pods that achieve optimal NUMA alignment on the requested resources.
                                                                                                                                                                        • best-effort: kubelet preferentially selects pods that implement NUMA alignment on CPU and device resources.
                                                                                                                                                                        • none (default): The topology management policy is disabled.
                                                                                                                                                                        • single-numa-node: kubelet allows only pods that are aligned to the same NUMA node in terms of CPU and device resources.
                                                                                                                                                                        
+
                                                                                                                                                                        Whether to enable hybrid deployment on nodes.
                                                                                                                                                                        
+
                                                                                                                                                                        If this parameter is set to true, hybrid deployment is enabled on nodes. For details, see Dynamic Resource Oversubscription.
                                                                                                                                                                        
 
                                                                                                                                                                        none
                                                                                                                                                                        
+
                                                                                                                                                                        true
                                                                                                                                                                        
 
                                                                                                                                                                        The values can be modified during the node pool lifecycle.
                                                                                                                                                                        
-
                                                                                                                                                                         NOTICE: 
                                                                                                                                                                        Exercise caution when modifying topology-manager-policy and topology-manager-scope will restart kubelet and recalculate the resource allocation of pods based on the modified policy. As a result, running pods may restart or even fail to receive any resources.
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        kube-reserved-mem
                                                                                                                                                                        
+
                                                                                                                                                                        system-reserved-mem
                                                                                                                                                                        
+
                                                                                                                                                                        Reserved node memory.
                                                                                                                                                                        
+
                                                                                                                                                                        Depends on node specifications. For details, see Node Resource Reservation Policy.
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        The sum of kube-reserved-mem and system-reserved-mem is less than half of the memory.
                                                                                                                                                                        
+
                                                                                                                                                                        topology-manager-policy
                                                                                                                                                                        
+
                                                                                                                                                                        Set the topology management policy.
                                                                                                                                                                        
+
                                                                                                                                                                        Valid values are as follows:
                                                                                                                                                                        
+
                                                                                                                                                                        • restricted: kubelet accepts only pods that achieve optimal NUMA alignment on the requested resources.
                                                                                                                                                                        • best-effort: kubelet preferentially selects pods that implement NUMA alignment on CPU and device resources.
                                                                                                                                                                        • none (default): The topology management policy is disabled.
                                                                                                                                                                        • single-numa-node: kubelet allows only pods that are aligned to the same NUMA node in terms of CPU and device resources.
                                                                                                                                                                        
+
                                                                                                                                                                        none
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                         NOTICE: 
                                                                                                                                                                        Modifying topology-manager-policy and topology-manager-scope will restart kubelet, and the resource allocation of pods will be recalculated based on the modified policy. In this case, running pods may restart or even fail to receive any resources.
                                                                                                                                                                        
 
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        topology-manager-scope
                                                                                                                                                                        
+
                                                                                                                                                                        topology-manager-scope
                                                                                                                                                                        
 
                                                                                                                                                                        Set the resource alignment granularity of the topology management policy. Valid values are as follows:
                                                                                                                                                                        
-
                                                                                                                                                                        • container (default)
                                                                                                                                                                        • pod
                                                                                                                                                                        
+
                                                                                                                                                                        Set the resource alignment granularity of the topology management policy. Valid values are as follows:
                                                                                                                                                                        
+
                                                                                                                                                                        • container (default)
                                                                                                                                                                        • pod
                                                                                                                                                                        
 
                                                                                                                                                                        Container
                                                                                                                                                                        
+
                                                                                                                                                                        container
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        resolv-conf
                                                                                                                                                                        
+
                                                                                                                                                                        resolv-conf
                                                                                                                                                                        
 
                                                                                                                                                                        DNS resolution configuration file specified by a container
                                                                                                                                                                        
+
                                                                                                                                                                        DNS resolution configuration file specified by the container
                                                                                                                                                                        
 
                                                                                                                                                                        The default value is null.
                                                                                                                                                                        
+
                                                                                                                                                                        The default value is null.
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        runtime-request-timeout
                                                                                                                                                                        
+
                                                                                                                                                                        runtime-request-timeout
                                                                                                                                                                        
 
                                                                                                                                                                        Timeout interval of all runtime requests except long-running requests (pull, logs, exec, and attach).
                                                                                                                                                                        
+
                                                                                                                                                                        Timeout interval of all runtime requests except long-running requests (pull, logs, exec, and attach).
                                                                                                                                                                        
 
                                                                                                                                                                        The default value is 2m0s.
                                                                                                                                                                        
+
                                                                                                                                                                        The default value is 2m0s.
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        registry-pull-qps
                                                                                                                                                                        
+
                                                                                                                                                                        registry-pull-qps
                                                                                                                                                                        
 
                                                                                                                                                                        Maximum number of image pulls per second.
                                                                                                                                                                        
+
                                                                                                                                                                        Maximum number of image pulls per second.
                                                                                                                                                                        
 
                                                                                                                                                                        The default value is 5.
                                                                                                                                                                        
+
                                                                                                                                                                        The default value is 5.
                                                                                                                                                                        
 
                                                                                                                                                                        The value ranges from 1 to 50.
                                                                                                                                                                        
+
                                                                                                                                                                        The value ranges from 1 to 50.
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        registry-burst
                                                                                                                                                                        
+
                                                                                                                                                                        registry-burst
                                                                                                                                                                        
 
                                                                                                                                                                        Maximum number of burst image pulls.
                                                                                                                                                                        
+
                                                                                                                                                                        Maximum number of burst image pulls.
                                                                                                                                                                        
 
                                                                                                                                                                        The default value is 10.
                                                                                                                                                                        
+
                                                                                                                                                                        The default value is 10.
                                                                                                                                                                        
 
                                                                                                                                                                        The value ranges from 1 to 100 and must be greater than or equal to the value of registry-pull-qps.
                                                                                                                                                                        
+
                                                                                                                                                                        The value ranges from 1 to 100 and must be greater than or equal to the value of registry-pull-qps.
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        serialize-image-pulls
                                                                                                                                                                        
+
                                                                                                                                                                        serialize-image-pulls
                                                                                                                                                                        
 
                                                                                                                                                                        When this function is enabled, kubelet is notified to pull only one image at a time.
                                                                                                                                                                        
+
                                                                                                                                                                        When this function is enabled, kubelet is notified to pull only one image at a time.
                                                                                                                                                                        
 
                                                                                                                                                                        The default value is true.
                                                                                                                                                                        
+
                                                                                                                                                                        The default value is true.
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        
                                                                                                                                                                         
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
-
                                                                                                                                                                        Table 2 kube-proxy
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                        Table 2 kube-proxy
                                                                                                                                                                        Parameter
                                                                                                                                                                        
 
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
 
                                                                                                                                                                        Default Value
                                                                                                                                                                        
+
                                                                                                                                                                        Default Value
                                                                                                                                                                        
 
                                                                                                                                                                        Remarks
                                                                                                                                                                        
+
                                                                                                                                                                        Modification
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        
 
                                                                                                                                                                        conntrack-min
                                                                                                                                                                        
+
                                                                                                                                                                        conntrack-min
                                                                                                                                                                        
 
                                                                                                                                                                        sysctl -w net.nf_conntrack_max
                                                                                                                                                                        
+
                                                                                                                                                                        Maximum number of connection tracking entries
                                                                                                                                                                        
+
                                                                                                                                                                        To obtain the value, run the following command:
                                                                                                                                                                        
+
                                                                                                                                                                        sysctl -w net.nf_conntrack_max
                                                                                                                                                                        
 
                                                                                                                                                                        131072
                                                                                                                                                                        
+
                                                                                                                                                                        131072
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        conntrack-tcp-timeout-close-wait
                                                                                                                                                                        
+
                                                                                                                                                                        conntrack-tcp-timeout-close-wait
                                                                                                                                                                        
 
                                                                                                                                                                        sysctl -w net.netfilter.nf_conntrack_tcp_timeout_close_wait
                                                                                                                                                                        
+
                                                                                                                                                                        Wait time of a closed TCP connection
                                                                                                                                                                        
+
                                                                                                                                                                        To obtain the value, run the following command:
                                                                                                                                                                        
+
                                                                                                                                                                        sysctl -w net.netfilter.nf_conntrack_tcp_timeout_close_wait
                                                                                                                                                                        
 
                                                                                                                                                                        1h0m0s
                                                                                                                                                                        
+
                                                                                                                                                                        1h0m0s
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        
                                                                                                                                                                         
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
-
                                                                                                                                                                        Table 3 Network components (available only for CCE Turbo clusters)
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        
-
-
-
-
-
+
+
-
+
-
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                        Table 3 Network components (available only for CCE Turbo clusters)
                                                                                                                                                                        Parameter
                                                                                                                                                                        
 
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
 
                                                                                                                                                                        Default Value
                                                                                                                                                                        
+
                                                                                                                                                                        Default Value
                                                                                                                                                                        
 
                                                                                                                                                                        Remarks
                                                                                                                                                                        
+
                                                                                                                                                                        Modification
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        
 
                                                                                                                                                                        nic-threshold
                                                                                                                                                                        
+
                                                                                                                                                                        nic-threshold
                                                                                                                                                                        
 
                                                                                                                                                                        Low threshold of the number of bound ENIs:High threshold of the number of bound ENIs
                                                                                                                                                                        
-
                                                                                                                                                                         NOTE: 
                                                                                                                                                                        This parameter is being discarded. Use the dynamic pre-binding parameters of the other four ENIs.
                                                                                                                                                                        
+
                                                                                                                                                                        Low threshold of the number of bound ENIs: High threshold of the number of bound ENIs
                                                                                                                                                                        
+
                                                                                                                                                                        Default: 0:0
                                                                                                                                                                        
+
                                                                                                                                                                         NOTE: 
                                                                                                                                                                        This parameter is being discarded. Use the dynamic pre-binding parameters of the other four ENIs.
                                                                                                                                                                        
 
                                                                                                                                                                        
 
                                                                                                                                                                        Default: 0:0
                                                                                                                                                                        
+
                                                                                                                                                                        nic-minimum-target
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        Minimum number of ENIs bound to the nodes in the node pool
                                                                                                                                                                        
+
                                                                                                                                                                        Default: 10
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        nic-minimum-target
                                                                                                                                                                        
+
                                                                                                                                                                        nic-maximum-target
                                                                                                                                                                        
 
                                                                                                                                                                        Minimum number of ENIs bound to a node at the node pool level
                                                                                                                                                                        
+
                                                                                                                                                                        Maximum number of ENIs pre-bound to a node at the node pool level
                                                                                                                                                                        
 
                                                                                                                                                                        Default: 10
                                                                                                                                                                        
+
                                                                                                                                                                        Default: 0
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        nic-maximum-target
                                                                                                                                                                        
+
                                                                                                                                                                        nic-warm-target
                                                                                                                                                                        
 
                                                                                                                                                                        Maximum number of ENIs pre-bound to a node at the node pool level
                                                                                                                                                                        
+
                                                                                                                                                                        Number of ENIs pre-bound to a node at the node pool level
                                                                                                                                                                        
 
                                                                                                                                                                        Default: 0
                                                                                                                                                                        
+
                                                                                                                                                                        Default: 2
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        nic-warm-target
                                                                                                                                                                        
+
                                                                                                                                                                        nic-max-above-warm-target
                                                                                                                                                                        
 
                                                                                                                                                                        Number of ENIs pre-bound to a node at the node pool level
                                                                                                                                                                        
+
                                                                                                                                                                        Reclaim number of ENIs pre-bound to a node at the node pool level
                                                                                                                                                                        
 
                                                                                                                                                                        Default: 2
                                                                                                                                                                        
+
                                                                                                                                                                        Default: 2
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
-
                                                                                                                                                                        nic-max-above-warm-target
                                                                                                                                                                        
-
                                                                                                                                                                        Reclaim number of ENIs pre-bound to a node at the node pool level
                                                                                                                                                                        
-
                                                                                                                                                                        Default: 2
                                                                                                                                                                        
-
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        
                                                                                                                                                                         
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
-
                                                                                                                                                                        Table 4 Pod security group in a node pool (available only for CCE Turbo clusters)
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        
-
-
-
-
-
-
-
                                                                                                                                                                        Table 4 Pod security group in a node pool (available only for CCE Turbo clusters)
                                                                                                                                                                        Parameter
                                                                                                                                                                        
 
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
 
                                                                                                                                                                        Default Value
                                                                                                                                                                        
+
                                                                                                                                                                        Default Value
                                                                                                                                                                        
 
                                                                                                                                                                        Remarks
                                                                                                                                                                        
+
                                                                                                                                                                        Modification
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        
 
                                                                                                                                                                        security_groups_for_nodepool
                                                                                                                                                                        
+
                                                                                                                                                                        security_groups_for_nodepool
                                                                                                                                                                        
 
                                                                                                                                                                        • Default security group used by pods in a node pool. You can enter the security group ID. If this parameter is not set, the default security group of the cluster container network is used. A maximum of five security group IDs can be specified at the same time, separated by semicolons (;).
                                                                                                                                                                        • The priority of the security group is lower than that of the security group configured for Security Groups.
                                                                                                                                                                        
+
                                                                                                                                                                        • Default security group used by pods in a node pool. You can enter the security group ID. If this parameter is not set, the default security group of the cluster container network is used. A maximum of five security group IDs can be specified at the same time, separated by semicolons (;).
                                                                                                                                                                        • The priority of the security group is lower than that of the security group configured for Security Groups.
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        
                                                                                                                                                                         
 
                                                                                                                                                                        
 
                                                                                                                                                                        
 
-
                                                                                                                                                                        Table 5 Docker (available only for node pools that use Docker)
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                        Table 5 Docker (available only for node pools that use Docker)
                                                                                                                                                                        Parameter
                                                                                                                                                                        
 
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
 
                                                                                                                                                                        Default Value
                                                                                                                                                                        
+
                                                                                                                                                                        Default Value
                                                                                                                                                                        
 
                                                                                                                                                                        Remarks
                                                                                                                                                                        
+
                                                                                                                                                                        Modification
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        
 
                                                                                                                                                                        native-umask
                                                                                                                                                                        
+
                                                                                                                                                                        native-umask
                                                                                                                                                                        
 
                                                                                                                                                                        `--exec-opt native.umask
                                                                                                                                                                        
+
                                                                                                                                                                        `--exec-opt native.umask
                                                                                                                                                                        
 
                                                                                                                                                                        normal
                                                                                                                                                                        
+
                                                                                                                                                                        normal
                                                                                                                                                                        
 
                                                                                                                                                                        Cannot be changed.
                                                                                                                                                                        
+
                                                                                                                                                                        Cannot be changed.
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        docker-base-size
                                                                                                                                                                        
+
                                                                                                                                                                        docker-base-size
                                                                                                                                                                        
 
                                                                                                                                                                        `--storage-opts dm.basesize
                                                                                                                                                                        
+
                                                                                                                                                                        `--storage-opts dm.basesize
                                                                                                                                                                        
 
                                                                                                                                                                        0
                                                                                                                                                                        
+
                                                                                                                                                                        0
                                                                                                                                                                        
 
                                                                                                                                                                        Cannot be changed.
                                                                                                                                                                        
+
                                                                                                                                                                        Cannot be changed.
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        insecure-registry
                                                                                                                                                                        
+
                                                                                                                                                                        insecure-registry
                                                                                                                                                                        
 
                                                                                                                                                                        Address of an insecure image registry
                                                                                                                                                                        
+
                                                                                                                                                                        Address of an insecure image registry
                                                                                                                                                                        
 
                                                                                                                                                                        false
                                                                                                                                                                        
+
                                                                                                                                                                        false
                                                                                                                                                                        
 
                                                                                                                                                                        Cannot be changed.
                                                                                                                                                                        
+
                                                                                                                                                                        Cannot be changed.
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        limitcore
                                                                                                                                                                        
+
                                                                                                                                                                        limitcore
                                                                                                                                                                        
 
                                                                                                                                                                        Maximum size of a core file in a container. The unit is byte.
                                                                                                                                                                        
-
                                                                                                                                                                        If not specified, the value is infinity.
                                                                                                                                                                        
+
                                                                                                                                                                        Maximum size of a core file in a container. The unit is byte.
                                                                                                                                                                        
+
                                                                                                                                                                        If not specified, the value is infinity.
                                                                                                                                                                        
 
                                                                                                                                                                        5368709120
                                                                                                                                                                        
+
                                                                                                                                                                        5368709120
                                                                                                                                                                        
 
                                                                                                                                                                        -
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        default-ulimit-nofile
                                                                                                                                                                        
+
                                                                                                                                                                        default-ulimit-nofile
                                                                                                                                                                        
 
                                                                                                                                                                        Limit on the number of handles in a container
                                                                                                                                                                        
+
                                                                                                                                                                        Limit on the number of handles in a container
                                                                                                                                                                        
 
                                                                                                                                                                        {soft}:{hard}
                                                                                                                                                                        
+
                                                                                                                                                                        {soft}:{hard}
                                                                                                                                                                        
 
                                                                                                                                                                        The value cannot exceed the value of the kernel parameter nr_open and cannot be a negative number.
                                                                                                                                                                        
-
                                                                                                                                                                        You can run the following command to obtain the kernel parameter nr_open:
                                                                                                                                                                        
-
                                                                                                                                                                        sysctl -a | grep nr_open
                                                                                                                                                                        
+
                                                                                                                                                                        The value cannot exceed the value of the kernel parameter nr_open and cannot be a negative number.
                                                                                                                                                                        
+
                                                                                                                                                                        You can run the following command to obtain the kernel parameter nr_open:
                                                                                                                                                                        
+
                                                                                                                                                                        sysctl -a | grep nr_open
                                                                                                                                                                        
                                                                                                                                                                         		
 
                                                                                                                                                                        
                                                                                                                                                                         
 
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                      5. Click OK.
                                                                                                                                                                        6. 
+
+
                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                        Table 6 containerd (available only for node pools that use containerd)
                                                                                                                                                                        Parameter
                                                                                                                                                                        
+
                                                                                                                                                                        Description
                                                                                                                                                                        
+
                                                                                                                                                                        Default Value
                                                                                                                                                                        
+
                                                                                                                                                                        Modification
                                                                                                                                                                        
+
                                                                                                                                                                        devmapper-base-size
                                                                                                                                                                        
+
                                                                                                                                                                        Available data space of a single container
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        Cannot be changed.
                                                                                                                                                                        
+
                                                                                                                                                                        limitcore
                                                                                                                                                                        
+
                                                                                                                                                                        Maximum size of a core file in a container. The unit is byte.
                                                                                                                                                                        
+
                                                                                                                                                                        If not specified, the value is infinity.
                                                                                                                                                                        
+
                                                                                                                                                                        5368709120
                                                                                                                                                                        
+
                                                                                                                                                                        None
                                                                                                                                                                        
+
                                                                                                                                                                        default-ulimit-nofile
                                                                                                                                                                        
+
                                                                                                                                                                        Limit on the number of handles in a container
                                                                                                                                                                        
+
                                                                                                                                                                        1048576
                                                                                                                                                                        
+
                                                                                                                                                                        The value cannot exceed the value of the kernel parameter nr_open and cannot be a negative number.
                                                                                                                                                                        
+
                                                                                                                                                                        You can run the following command to obtain the kernel parameter nr_open:
                                                                                                                                                                        
+
                                                                                                                                                                        sysctl -a | grep nr_open
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                        
+
                                                                                                                                                                      6. Click OK.
                                                                                                                                                                        7. 
 
 
 
                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_10_0653.html b/docs/cce/umn/cce_10_0653.html
index 60434d07d..b6a7b61cb 100644
--- a/docs/cce/umn/cce_10_0653.html
+++ b/docs/cce/umn/cce_10_0653.html
@@ -1,75 +1,75 @@
 
 
 
                                                                                                                                                                        Updating a Node Pool
                                                                                                                                                                        
-
                                                                                                                                                                        Constraints
                                                                                                                                                                        • When editing the resource tags of the node pool. The modified configuration takes effect only for new nodes. To synchronize the configuration to the existing nodes, you need to manually reset the existing nodes.
                                                                                                                                                                        • Updates of kubernetes labels and taints are automatically synchronized to existing nodes. You do not need to reset nodes.
                                                                                                                                                                        
+
                                                                                                                                                                        Constraints
                                                                                                                                                                        • When editing the resource tags of the node pool. The modified configuration takes effect only for new nodes. To synchronize the configuration to the existing nodes, manually reset the existing nodes.
                                                                                                                                                                        • Updates of kubernetes labels and taints are automatically synchronized to existing nodes. You do not need to reset nodes.
                                                                                                                                                                        
 
                                                                                                                                                                        
-
                                                                                                                                                                        Updating a Node Pool
                                                                                                                                                                        1. Log in to the CCE console.
                                                                                                                                                                        2. Click the cluster name and access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                                        3. Click Update next to the name of the node pool you will edit. Configure the parameters in the displayed Update Node Pool page.
                                                                                                                                                                          Basic Settings
-
                                                                                                                                                                          Table 1 Basic settings
                                                                                                                                                                          Parameter
                                                                                                                                                                          
+
                                                                                                                                                                          Updating a Node Pool
                                                                                                                                                                          1. Log in to the CCE console.
                                                                                                                                                                          2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                                          3. Click Update next to the name of the node pool you will edit. Configure the parameters in the displayed Update Node Pool page.
                                                                                                                                                                            Basic Settings
+
                                                                                                                                                                            
-
-
-
-
-
-
-
                                                                                                                                                                            Table 1 Basic settings
                                                                                                                                                                            Parameter
                                                                                                                                                                            
 
                                                                                                                                                                            Description
                                                                                                                                                                            
+
                                                                                                                                                                            Description
                                                                                                                                                                            
                                                                                                                                                                             		
 
                                                                                                                                                                            
 
                                                                                                                                                                            Node Pool Name
                                                                                                                                                                            
+
                                                                                                                                                                            Node Pool Name
                                                                                                                                                                            
 
                                                                                                                                                                            Name of the node pool.
                                                                                                                                                                            
+
                                                                                                                                                                            Name of the node pool.
                                                                                                                                                                            
                                                                                                                                                                             		
 
                                                                                                                                                                            Nodes
                                                                                                                                                                            
+
                                                                                                                                                                            Nodes
                                                                                                                                                                            
 
                                                                                                                                                                            Modify the number of nodes based on service requirements.
                                                                                                                                                                            
+
                                                                                                                                                                            Modify the number of nodes based on service requirements.
                                                                                                                                                                            
                                                                                                                                                                             		
 
                                                                                                                                                                            Auto Scaling
                                                                                                                                                                            
+
                                                                                                                                                                            Auto Scaling
                                                                                                                                                                            
 
                                                                                                                                                                            By default, this parameter is disabled.
                                                                                                                                                                            
-
                                                                                                                                                                            After you enable autoscaler by clicking , nodes in the node pool are automatically created or deleted based on service requirements.
                                                                                                                                                                            
-
                                                                                                                                                                            • Maximum Nodes and Minimum Nodes: You can set the maximum and minimum number of nodes to ensure that the number of nodes to be scaled is within a proper range.
                                                                                                                                                                            • Priority: A larger value indicates a higher priority. For example, if this parameter is set to 1 and 4 respectively for node pools A and B, B has a higher priority than A, and auto scaling is first triggered for B. If the priorities of multiple node pools are set to the same value, for example, 2, the node pools are not prioritized and the system performs scaling based on the minimum resource waste principle.
                                                                                                                                                                              After the priority is updated, the configuration takes effect within 1 minute.
                                                                                                                                                                              
-
                                                                                                                                                                            • Cooldown Period: Enter a period, in minutes. This field indicates the period during which the nodes added in the current node pool cannot be scaled in.
                                                                                                                                                                            
-
                                                                                                                                                                            If the Autoscaler field is set to on, install the autoscaler add-on to use the autoscaler feature.
                                                                                                                                                                            
+
                                                                                                                                                                            This function is disabled by default.
                                                                                                                                                                            
+
                                                                                                                                                                            After you enable autoscaler by clicking , nodes in the node pool are automatically created or deleted based on service requirements.
                                                                                                                                                                            
+
                                                                                                                                                                            • Maximum Nodes and Minimum Nodes: You can set the maximum and minimum number of nodes to ensure that the number of nodes to be scaled is within a proper range.
                                                                                                                                                                            • Node Pool Priority: indicates the priority of a node pool for a scale-out. A larger value indicates a higher priority. For example, the node pool with priority 4 is scaled out prior to the one with priority 1. If the priorities of multiple node pools are set to the same value, these node pools are not prioritized and they will be scaled out by following the rule of maximizing resource utilization.
                                                                                                                                                                              After the priority is changed, the modification takes effect within 1 minute.
                                                                                                                                                                              
+
                                                                                                                                                                            • Cooldown Period: Enter a period, in minutes. It specifies a period during which the nodes added in the current node pool cannot be scaled in.
                                                                                                                                                                            
+
                                                                                                                                                                            To ensure the proper running of AS, install the autoscaler.
                                                                                                                                                                            
                                                                                                                                                                             		
 
                                                                                                                                                                            
                                                                                                                                                                             
 
                                                                                                                                                                            
 
                                                                                                                                                                            
 
                                                                                                                                                                            
-
                                                                                                                                                                            Advanced Settings
-
                                                                                                                                                                            Table 2 Advanced settings
                                                                                                                                                                            Parameter
                                                                                                                                                                            
+
                                                                                                                                                                            Advanced Settings
+
                                                                                                                                                                            
-
-
-
-
-
-
-
-
-
@@ -77,7 +77,7 @@
 
                                                                                                                                                                            Table 2 Advanced settings
                                                                                                                                                                            Parameter
                                                                                                                                                                            
 
                                                                                                                                                                            Description
                                                                                                                                                                            
+
                                                                                                                                                                            Description
                                                                                                                                                                            
                                                                                                                                                                             		
 
                                                                                                                                                                            
 
                                                                                                                                                                            Kubernetes Label
                                                                                                                                                                            
+
                                                                                                                                                                            Kubernetes Label
                                                                                                                                                                            
 
                                                                                                                                                                            Click Add Label to set the key-value pair attached to the Kubernetes objects (such as pods). A maximum of 20 labels can be added.
                                                                                                                                                                            
-
                                                                                                                                                                            Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.
                                                                                                                                                                            
-
                                                                                                                                                                             NOTE: 
                                                                                                                                                                            After a Kubernetes label is modified, the inventory nodes in the node pool are updated synchronously.
                                                                                                                                                                            
+
                                                                                                                                                                            A Kubernetes label is a key-value pair added to a Kubernetes object (such as a pod). After specifying a label, click Add. A maximum of 20 labels can be added.
                                                                                                                                                                            
+
                                                                                                                                                                            Labels can be used to distinguish nodes. With workload affinity settings, container pods can be scheduled to a specified node. For more information, see Labels and Selectors.
                                                                                                                                                                            
+
                                                                                                                                                                             NOTE: 
                                                                                                                                                                            After a Kubernetes label is modified, the inventory nodes in the node pool are updated synchronously.
                                                                                                                                                                            
 
                                                                                                                                                                            
                                                                                                                                                                             		
 
                                                                                                                                                                            Resource Tag
                                                                                                                                                                            
+
                                                                                                                                                                            Resource Tag
                                                                                                                                                                            
 
                                                                                                                                                                            You can add resource tags to classify resources.
                                                                                                                                                                            
-
                                                                                                                                                                            You can create predefined tags in Tag Management Service (TMS). Predefined tags are visible to all service resources that support the tagging function. You can use these tags to improve tagging and resource migration efficiency. 
                                                                                                                                                                            
-
                                                                                                                                                                            CCE will automatically create the "CCE-Dynamic-Provisioning-Node=node id" tag.
                                                                                                                                                                            
-
                                                                                                                                                                             NOTE: 
                                                                                                                                                                            After a resource tag is modified, the modification automatically takes effect when a node is added. For existing nodes, you need to manually reset the nodes for the modification to take effect.
                                                                                                                                                                            
+
                                                                                                                                                                            You can add resource tags to classify resources.
                                                                                                                                                                            
+
                                                                                                                                                                            You can create predefined tags in Tag Management Service (TMS). Predefined tags are available to all service resources that support tags. You can use these tags to improve tagging and resource migration efficiency. 
                                                                                                                                                                            
+
                                                                                                                                                                            CCE will automatically create the "CCE-Dynamic-Provisioning-Node=node id" tag.
                                                                                                                                                                            
+
                                                                                                                                                                             NOTE: 
                                                                                                                                                                            After a resource tag is modified, the modification automatically takes effect on newly added nodes. For existing nodes, manually reset the nodes for the modification to take effect.
                                                                                                                                                                            
 
                                                                                                                                                                            
                                                                                                                                                                             		
 
                                                                                                                                                                            Taint
                                                                                                                                                                            
+
                                                                                                                                                                            Taint
                                                                                                                                                                            
 
                                                                                                                                                                            This field is left blank by default. You can add taints to set anti-affinity for the node. A maximum of 10 taints are allowed for each node. Each taint contains the following parameters:
                                                                                                                                                                            • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                                                                                                                                                                            • Value: A value must start with a letter or digit and can contain a maximum of 63 characters, including letters, digits, hyphens (-), underscores (_), and periods (.).
                                                                                                                                                                            • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                                                                                                                                                                            
+
                                                                                                                                                                            This field is left blank by default. You can add taints to configure node anti-affinity. A maximum of 20 taints are allowed for each node. Each taint contains the following parameters:
                                                                                                                                                                            • Key: A key must contain 1 to 63 characters, starting with a letter or digit. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed. A DNS subdomain name can be used as the prefix of a key.
                                                                                                                                                                            • Value: A value must start with a letter or digit and can contain a maximum of 63 characters, including letters, digits, hyphens (-), underscores (_), and periods (.).
                                                                                                                                                                            • Effect: Available options are NoSchedule, PreferNoSchedule, and NoExecute.
                                                                                                                                                                            
 
                                                                                                                                                                            
-
                                                                                                                                                                            For details, see Managing Node Taints.
                                                                                                                                                                            
-
                                                                                                                                                                             NOTE: 
                                                                                                                                                                            After a taint is modified, the inventory nodes in the node pool are updated synchronously.
                                                                                                                                                                            
+
                                                                                                                                                                            For details, see Managing Node Taints.
                                                                                                                                                                            
+
                                                                                                                                                                             NOTE: 
                                                                                                                                                                            After a taint is modified, the existing nodes in the node pool are updated synchronously.
                                                                                                                                                                            
 
                                                                                                                                                                            
 
                                                                                                                                                                            		
 
                                                                                                                                                                            Edit Key pair
                                                                                                                                                                            
+
                                                                                                                                                                            Edit key pair
                                                                                                                                                                            
 
                                                                                                                                                                            Only node pools that use key pairs for login support key pair editing. You can select another key pair.
                                                                                                                                                                            
-
                                                                                                                                                                             NOTE: 
                                                                                                                                                                            The edited key pair automatically takes effect when a node is added. For existing nodes, you need to manually reset the nodes for the key pair to take effect.
                                                                                                                                                                            
+
                                                                                                                                                                            Only node pools that use key pairs for login support key pair editing. You can select another key pair.
                                                                                                                                                                            
+
                                                                                                                                                                             NOTE: 
                                                                                                                                                                            The edited key pair automatically takes effect on newly added nodes. For existing nodes, manually reset the nodes for the modification to take effect.
                                                                                                                                                                            
 
                                                                                                                                                                            
                                                                                                                                                                             		
 
                                                                                                                                                                            
 
                                                                                                                                                                            
 
                                                                                                                                                                            
-
                                                                                                                                                                          4. When the configuration is complete, click OK.
                                                                                                                                                                            After the node pool parameters are updated, go to the Nodes page to check whether the node to which the node pool belongs is updated. You can reset the node to synchronize the configuration updates for the node pool.
                                                                                                                                                                            
+
                                                                                                                                                                          5. After the configuration, click OK.
                                                                                                                                                                            After the node pool parameters are updated, go to the Nodes page to check whether the node to which the node pool belongs is updated. You can reset the node to synchronize the configuration updates for the node pool.
                                                                                                                                                                            
 
                                                                                                                                                                            6. 
 
 
diff --git a/docs/cce/umn/cce_10_0654.html b/docs/cce/umn/cce_10_0654.html
index 9c8a6730d..18857c68a 100644
--- a/docs/cce/umn/cce_10_0654.html
+++ b/docs/cce/umn/cce_10_0654.html
@@ -1,14 +1,14 @@
 
 
 
                                                                                                                                                                            Synchronizing Node Pools
                                                                                                                                                                            
-
                                                                                                                                                                            After the configuration of a node pool is updated, some configurations cannot be automatically synchronized for existing nodes. You can manually synchronize configurations for these nodes.
                                                                                                                                                                            
-
                                                                                                                                                                             
                                                                                                                                                                            • Do not delete or reset nodes during batch synchronization. Otherwise, the synchronization of node pool configuration may fail.
                                                                                                                                                                            • This operation involves resetting nodes. Workload services running on the nodes may be interrupted due to single-instance deployment or insufficient schedulable resources. Evaluate the upgrade risks and perform the upgrade during off-peak hours. You can also specify a disruption budget for your application) to ensure the availability of key services during the upgrade.
                                                                                                                                                                            • During configuration synchronization for existing nodes, the system disk and data disk will be cleared. Back up important data before the synchronization.
                                                                                                                                                                            • Only some node pool parameters can be synchronized by resetting nodes. The constraints are as follows:
                                                                                                                                                                              • When editing the resource tags of the node pool. The modified configuration takes effect only for new nodes. To synchronize the configuration to the existing nodes, you need to manually reset the existing nodes.
                                                                                                                                                                              • Updates of kubernetes labels and taints are automatically synchronized to existing nodes. You do not need to reset nodes.
                                                                                                                                                                              
+
                                                                                                                                                                              After the configuration of a node pool is updated, some configurations cannot be automatically synchronized for existing nodes. You can manually synchronize configurations for these nodes.
                                                                                                                                                                              
+
                                                                                                                                                                               
                                                                                                                                                                              • Do not delete or reset nodes during batch synchronization. Otherwise, the synchronization of node pool configuration may fail.
                                                                                                                                                                              • This operation involves resetting nodes. Workloads running on a node may be interrupted due to standalone deployment or insufficient schedulable resources. Evaluate the upgrade risks and perform the upgrade during off-peak hours. Alternatively, specify a disruption budget for your key applications to ensure the availability of these applications during the upgrade.
                                                                                                                                                                              • During configuration synchronization for existing nodes, the nodes will be reset, and the system disks and data disks will be cleared. Back up important data before the synchronization.
                                                                                                                                                                              • Only some node pool parameters can be synchronized by resetting nodes. The constraints are as follows:
                                                                                                                                                                                • When editing the resource tags of the node pool. The modified configuration takes effect only for new nodes. To synchronize the configuration to the existing nodes, manually reset the existing nodes.
                                                                                                                                                                                • Updates of kubernetes labels and taints are automatically synchronized to existing nodes. You do not need to reset nodes.
                                                                                                                                                                                
 
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              Synchronizing a Single Node
                                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                                              2. Access the cluster console, choose Nodes in the navigation pane, and click the Node Pools tab on the right.
                                                                                                                                                                              3. upgrade is displayed in the Node Pool column of the existing nodes in the node pool.
                                                                                                                                                                              4. Click update. In the dialog box that is displayed, confirm whether to reset the node immediately.
                                                                                                                                                                              
+
                                                                                                                                                                              Synchronizing a Single Node
                                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Nodes tab on the right.
                                                                                                                                                                              3. Find upgrade in the Node Pool column of the existing nodes in the node pool.
                                                                                                                                                                              4. Click update. In the dialog box that is displayed, confirm whether to reset the node immediately.
                                                                                                                                                                              
 
                                                                                                                                                                              
-
                                                                                                                                                                              Batch Synchronization
                                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                                              2. Click the cluster name and access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                                              3. Choose More > Synchronize in the Operation column of the target node pool.
                                                                                                                                                                              4. In the Batch Synchronization window, set the synchronization parameters.
                                                                                                                                                                                • Synchronization Policy: Node Reset is supported.
                                                                                                                                                                                • Max. Nodes for Batch Synchronize: Nodes will be unavailable during synchronization in Node Reset mode. Set this parameter properly to prevent pod scheduling failures caused by too many unavailable nodes in the cluster.
                                                                                                                                                                                
-
                                                                                                                                                                              5. In the node list, select the nodes to be synchronized and click OK to start the synchronization.
                                                                                                                                                                              
+
                                                                                                                                                                              Batch Synchronization
                                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                                              3. Choose More > Synchronize in the Operation column of the target node pool.
                                                                                                                                                                              4. In the Batch synchronization window, configure parameters.
                                                                                                                                                                                • OS: shows the image of the target version. You do not need to configure this parameter.
                                                                                                                                                                                • Synchronization Policy: Node Reset is supported.
                                                                                                                                                                                • Max. Nodes for Batch Synchronize: maximum number of nodes that will be unavailable during node synchronization. Nodes will be unavailable during synchronization by resetting the nodes. Properly configure this parameter to prevent pod scheduling failures caused by too many unavailable nodes in the cluster.
                                                                                                                                                                                • Node List: Select the nodes requiring the synchronization of node pool configurations.
                                                                                                                                                                                
+
                                                                                                                                                                              5. Click OK.
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0655.html b/docs/cce/umn/cce_10_0655.html
index a70a8950f..fe9504e88 100644
--- a/docs/cce/umn/cce_10_0655.html
+++ b/docs/cce/umn/cce_10_0655.html
@@ -1,8 +1,8 @@
 
 
 
                                                                                                                                                                              Copying a Node Pool
                                                                                                                                                                              
-
                                                                                                                                                                              You can copy the configuration of an existing node pool to create a new node pool on the CCE console.
                                                                                                                                                                              
-
                                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                                              2. Click the cluster name and access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                                              3. Choose More > Copy next to a node pool name to copy the node pool.
                                                                                                                                                                              4. The configurations of the selected node pool are replicated to the Clone Node Pool page. You can edit the configurations as required. For details about configuration items, see Creating a Node Pool. After confirming the configuration, click Next: Confirm.
                                                                                                                                                                              5. On the Confirm page, confirm the node pool configuration and click Submit. Then, a new node pool is created based on the edited configuration.
                                                                                                                                                                              
+
                                                                                                                                                                              You can copy the configuration of an existing node pool to create a new node pool on the CCE console.
                                                                                                                                                                              
+
                                                                                                                                                                              1. Log in to the CCE console.
                                                                                                                                                                              2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                                              3. Choose More > Copy in the Operation column of the target node pool.
                                                                                                                                                                              4. The configurations of the selected node pool are replicated to the Clone Node Pool page. You can edit the configurations as required. For details about configuration items, see Creating a Node Pool. After confirming the configuration, click Next: Confirm.
                                                                                                                                                                              5. On the Confirm page, confirm the node pool configuration and click Submit. Then, a new node pool is created based on the edited configuration.
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              
 
                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_10_0656.html b/docs/cce/umn/cce_10_0656.html
index 2a284daf7..cfc0d36f5 100644
--- a/docs/cce/umn/cce_10_0656.html
+++ b/docs/cce/umn/cce_10_0656.html
@@ -1,8 +1,8 @@
 
 
 
                                                                                                                                                                              Migrating a Node
                                                                                                                                                                              
-
                                                                                                                                                                              Nodes in a node pool can be migrated. Currently, nodes in a node pool can be migrated only to the default node pool (defaultpool) in the same cluster.
                                                                                                                                                                              
-
                                                                                                                                                                              1. Log in to the CCE console and access the cluster console.
                                                                                                                                                                              2. In the navigation pane, choose Nodes and switch to the Node Pools tab page.
                                                                                                                                                                              3. Click View Node in the Operation column of the node pool to be migrated.
                                                                                                                                                                              4. Click More > Migrate in the Operation column of the target node to migrate the node.
                                                                                                                                                                              5. In the displayed Migrate Node window, confirm the information.
                                                                                                                                                                                 
                                                                                                                                                                                The migration has no impacts on the original resource tags, Kubernetes labels, and taints of the node.
                                                                                                                                                                                
+
                                                                                                                                                                                Nodes in a node pool can be migrated. Currently, nodes in a node pool can be migrated only to the default node pool (defaultpool) in the same cluster.
                                                                                                                                                                                
+
                                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                2. In the navigation pane, choose Nodes and switch to the Node Pools tab page.
                                                                                                                                                                                3. Click View Node in the Operation column of the node pool to be migrated.
                                                                                                                                                                                4. Click More > Migrate in the Operation column of the target node to migrate the node.
                                                                                                                                                                                5. In the displayed Migrate Node window, confirm the information.
                                                                                                                                                                                   
                                                                                                                                                                                  The migration has no impacts on the original resource tags, Kubernetes labels, and taints of the node.
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0657.html b/docs/cce/umn/cce_10_0657.html
index ed54344a5..2ab261092 100644
--- a/docs/cce/umn/cce_10_0657.html
+++ b/docs/cce/umn/cce_10_0657.html
@@ -1,10 +1,10 @@
 
 
 
                                                                                                                                                                                Deleting a Node Pool
                                                                                                                                                                                
-
                                                                                                                                                                                Deleting a node pool will delete nodes in the pool. Pods on these nodes will be automatically migrated to available nodes in other node pools.
                                                                                                                                                                                
-
                                                                                                                                                                                Precautions
                                                                                                                                                                                • Deleting a node pool will delete all nodes in the node pool. Back up data in a timely manner to prevent data loss.
                                                                                                                                                                                • Deleting a node will lead to pod migration, which may affect services. Perform this operation during off-peak hours. If pods in the node pool have a specific node selector and none of the other nodes in the cluster satisfies the node selector, the pods will become unschedulable.
                                                                                                                                                                                • When deleting a node pool, the system sets all nodes in the current node pool to the unschedulable state.
                                                                                                                                                                                
+
                                                                                                                                                                                Deleting a node pool will delete nodes in the pool. Pods on these nodes will be automatically migrated to available nodes in other node pools.
                                                                                                                                                                                
+
                                                                                                                                                                                Precautions
                                                                                                                                                                                • Deleting a node pool will delete all nodes in the node pool. Back up data in a timely manner to prevent data loss.
                                                                                                                                                                                • Deleting a node will lead to pod migration, which may affect services. Perform this operation during off-peak hours. If pods in the node pool have a specific node selector and none of the other nodes in the cluster satisfies the node selector, the pods will become unschedulable.
                                                                                                                                                                                • When deleting a node pool, the system sets all nodes in the current node pool to the unschedulable state.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Procedure
                                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                                2. Click the cluster name and access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                                                3. Choose More > Delete next to a node pool name to delete the node pool.
                                                                                                                                                                                4. Read the precautions in the Delete Node Pool dialog box.
                                                                                                                                                                                5. In the text box, click Yes to confirm that you want to continue the deletion.
                                                                                                                                                                                
+
                                                                                                                                                                                Procedure
                                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                                2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                                                3. Choose More > Delete in the Operation column of the target node pool.
                                                                                                                                                                                4. Read the precautions in the Delete Node Pool dialog box.
                                                                                                                                                                                5. In the text box, click Yes to confirm that you want to continue the deletion.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0660.html b/docs/cce/umn/cce_10_0660.html
index 9a5544b4a..ebb9d4016 100644
--- a/docs/cce/umn/cce_10_0660.html
+++ b/docs/cce/umn/cce_10_0660.html
@@ -1,20 +1,21 @@
 
 
-
                                                                                                                                                                                Upgrading the OS
                                                                                                                                                                                
-
                                                                                                                                                                                When CCE releases a new OS image, existing nodes cannot be automatically upgraded. You can manually upgrade them in batches.
                                                                                                                                                                                
-
                                                                                                                                                                                 
                                                                                                                                                                                • This operation will upgrade the OS by resetting the node. Workloads running on the node may be interrupted due to single-instance deployment or insufficient schedulable resources. Evaluate the upgrade risks and upgrade the OS during off-peak hours, you can also set the Pod Disruption Budget (PDB, that is disruption budget) policy for important applications to ensure their availability.
                                                                                                                                                                                • Nodes that use private images cannot be upgraded.
                                                                                                                                                                                
+
                                                                                                                                                                                Upgrading an OS
                                                                                                                                                                                
+
                                                                                                                                                                                When CCE releases a new OS image, existing nodes cannot be automatically upgraded. You can manually upgrade them in batches.
                                                                                                                                                                                
+
                                                                                                                                                                                 
                                                                                                                                                                                This section describes how to upgrade an OS by resetting the target node. Workloads running on a node may be interrupted due to standalone deployment or insufficient schedulable resources. Evaluate the upgrade risks and perform the upgrade during off-peak hours. Alternatively, specify a disruption budget for your key applications to ensure the availability of these applications during the upgrade.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Procedure
                                                                                                                                                                                Default node pool
                                                                                                                                                                                
-
                                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                                2. Click the cluster name and access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                                                3. Click Upgrade next to the default node pool
                                                                                                                                                                                4. In the displayed Operating system upgrade window, set upgrade parameters.
                                                                                                                                                                                  • Max. Unavailable Nodes: specifies the maximum number of unavailable nodes during node synchronization.
                                                                                                                                                                                  • Target Operating System: You do not need to set this parameter. It is used to display the image information of the target version.
                                                                                                                                                                                  • Node List: Select the nodes to be upgraded.
                                                                                                                                                                                  • Login Mode:
                                                                                                                                                                                    • Key Pair
                                                                                                                                                                                      Select the key pair used to log in to the node. You can select a shared key.
                                                                                                                                                                                      
-
                                                                                                                                                                                      A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
                                                                                                                                                                                      
+
                                                                                                                                                                                      Constraints
                                                                                                                                                                                      • Nodes running private images cannot be upgraded.
                                                                                                                                                                                      • Compatibility issues may occur when the node OS of an early version is upgraded. In this case, manually reset the node for the OS upgrade.
                                                                                                                                                                                      
+
                                                                                                                                                                                      
+
                                                                                                                                                                                      Procedure for Default Node Pools
                                                                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                                                                      2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                                                      3. Click Upgrade next to the default node pool.
                                                                                                                                                                                      4. In the displayed Operating System Upgrade window, configure parameters.
                                                                                                                                                                                        • Target Operating System: shows the image of the target version. You do not need to configure this parameter.
                                                                                                                                                                                        • Upgrade Policy: Node Reset is supported.
                                                                                                                                                                                        • Max. Nodes for Batch Upgrade: maximum number of nodes that will be unavailable during node upgrade. Nodes will be unavailable during upgrade by resetting the nodes. Properly configure this parameter to prevent pod scheduling failures caused by too many unavailable nodes in the cluster.
                                                                                                                                                                                        • View Node: Select the nodes to be upgraded.
                                                                                                                                                                                        • Login Mode:
                                                                                                                                                                                          • Key Pair
                                                                                                                                                                                            Select the key pair used to log in to the node. You can select a shared key.
                                                                                                                                                                                            
+
                                                                                                                                                                                            A key pair is used for identity authentication when you remotely log in to a node. If no key pair is available, click Create Key Pair.
                                                                                                                                                                                            
 
                                                                                                                                                                                          
-
                                                                                                                                                                                        • Pre-installation Command: Enter a maximum of 1,000 characters.
                                                                                                                                                                                          The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.
                                                                                                                                                                                          
-
                                                                                                                                                                                        • Post-installation Command: Enter a maximum of 1,000 characters.
                                                                                                                                                                                          The script will be executed after Kubernetes software is installed and will not affect the installation.
                                                                                                                                                                                          
+
                                                                                                                                                                                        • Pre-installation Command: Enter a maximum of 1,000 characters.
                                                                                                                                                                                          The script will be executed before Kubernetes software is installed. Note that if the script is incorrect, Kubernetes software may fail to be installed.
                                                                                                                                                                                          
+
                                                                                                                                                                                        • Post-installation Command: Enter a maximum of 1,000 characters.
                                                                                                                                                                                          The script will be executed after Kubernetes software is installed and will not affect the installation.
                                                                                                                                                                                          
 
                                                                                                                                                                                        
-
                                                                                                                                                                                      5. Click OK.
                                                                                                                                                                                      
-
                                                                                                                                                                                      Non-default node pool
                                                                                                                                                                                      
-
                                                                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                                                                      2. Click the cluster name and access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                                                      3. Choose More > Synchronize next to a node pool name.
                                                                                                                                                                                      4. In the displayed Batch synchronization dialog box, set upgrade parameters.
                                                                                                                                                                                        • Max. Unavailable Nodes: specifies the maximum number of unavailable nodes during node synchronization.
                                                                                                                                                                                        • Node List: This parameter cannot be set. By default, nodes that can be upgraded are selected.
                                                                                                                                                                                        
-
                                                                                                                                                                                      5. Click OK.
                                                                                                                                                                                      
+
                                                                                                                                                                                    • Click OK.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Procedure for Non-default Node Pools
                                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                                2. Click the cluster name to access the cluster console. Choose Nodes in the navigation pane and click the Node Pools tab on the right.
                                                                                                                                                                                3. Choose More > Synchronize in the Operation column of the target node pool.
                                                                                                                                                                                4. In the Batch synchronization window, configure parameters.
                                                                                                                                                                                  • OS: shows the image of the target version. You do not need to configure this parameter.
                                                                                                                                                                                  • Synchronization Policy: Node Reset is supported.
                                                                                                                                                                                  • Max. Nodes for Batch Synchronize: maximum number of nodes that will be unavailable during node synchronization. Nodes will be unavailable during synchronization by resetting the nodes. Properly configure this parameter to prevent pod scheduling failures caused by too many unavailable nodes in the cluster.
                                                                                                                                                                                  • Node List: Select the nodes requiring the synchronization of node pool configurations.
                                                                                                                                                                                  
+
                                                                                                                                                                                5. Click OK.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_10_0672.html b/docs/cce/umn/cce_10_0672.html
new file mode 100644
index 000000000..8871d5a29
--- /dev/null
+++ b/docs/cce/umn/cce_10_0672.html
@@ -0,0 +1,30 @@
+
+
+
                                                                                                                                                                                Management Nodes
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
diff --git a/docs/cce/umn/cce_10_0673.html b/docs/cce/umn/cce_10_0673.html
new file mode 100644
index 000000000..5f455cae3
--- /dev/null
+++ b/docs/cce/umn/cce_10_0673.html
@@ -0,0 +1,27 @@
+
+
+
+  
                                                                                                                                                                                Creating a Workload
                                                                                                                                                                                
+
+  
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
+
diff --git a/docs/cce/umn/cce_10_0674.html b/docs/cce/umn/cce_10_0674.html
new file mode 100644
index 000000000..2090a41f9
--- /dev/null
+++ b/docs/cce/umn/cce_10_0674.html
@@ -0,0 +1,23 @@
+
+
+
+  
                                                                                                                                                                                Scheduling
                                                                                                                                                                                
+
+  
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
+
diff --git a/docs/cce/umn/cce_10_0675.html b/docs/cce/umn/cce_10_0675.html
new file mode 100644
index 000000000..a11832f3a
--- /dev/null
+++ b/docs/cce/umn/cce_10_0675.html
@@ -0,0 +1,25 @@
+
+
+
+  
                                                                                                                                                                                Container Network Settings
                                                                                                                                                                                
+
+  
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
+
diff --git a/docs/cce/umn/cce_10_0677.html b/docs/cce/umn/cce_10_0677.html
new file mode 100644
index 000000000..78f297a16
--- /dev/null
+++ b/docs/cce/umn/cce_10_0677.html
@@ -0,0 +1,16 @@
+
+
+
                                                                                                                                                                                Container Tunnel Network Settings
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: Container Network Settings
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0678.html b/docs/cce/umn/cce_10_0678.html
new file mode 100644
index 000000000..9a123f2b9
--- /dev/null
+++ b/docs/cce/umn/cce_10_0678.html
@@ -0,0 +1,16 @@
+
+
+
                                                                                                                                                                                Cloud Native Network 2.0 Settings
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
diff --git a/docs/cce/umn/cce_10_0679.html b/docs/cce/umn/cce_10_0679.html
new file mode 100644
index 000000000..aee584ecd
--- /dev/null
+++ b/docs/cce/umn/cce_10_0679.html
@@ -0,0 +1,19 @@
+
+
+
+  
                                                                                                                                                                                Cluster Network Settings
                                                                                                                                                                                
+
+  
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
+
diff --git a/docs/cce/umn/cce_10_0680.html b/docs/cce/umn/cce_10_0680.html
new file mode 100644
index 000000000..24d3e93e6
--- /dev/null
+++ b/docs/cce/umn/cce_10_0680.html
@@ -0,0 +1,20 @@
+
+
+
                                                                                                                                                                                Adding a Container CIDR Block for a Cluster
                                                                                                                                                                                
+
                                                                                                                                                                                Scenario
                                                                                                                                                                                If the container CIDR block (container subnet in a CCE Turbo cluster) set during CCE cluster creation is insufficient, you can add a container CIDR block for the cluster.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Constraints
                                                                                                                                                                                • This function applies to CCE clusters and CCE Turbo clusters of v1.19 or later, but not to clusters using container tunnel networking.
                                                                                                                                                                                • The container CIDR block or container subnet cannot be deleted after being added. Exercise caution when performing this operation.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Adding a Container CIDR Block for a CCE Cluster
                                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                2. On the Cluster Information page, click Add Container CIDR Block in the Networking Configuration area.
                                                                                                                                                                                3. Configure the container CIDR block to be added. You can click  to add multiple container CIDR blocks at a time.
                                                                                                                                                                                   
                                                                                                                                                                                  New container CIDR blocks cannot conflict with service CIDR blocks, VPC CIDR blocks, and existing container CIDR blocks.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                4. Click OK.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Adding a Container Subnet for a CCE Turbo Cluster
                                                                                                                                                                                1. Log in to the CCE console and access the CCE Turbo cluster console.
                                                                                                                                                                                2. On the Cluster Information page, locate the Networking Configuration area and click Add Pod Subnet.
                                                                                                                                                                                3. Select a container subnet in the same VPC. You can add multiple container subnets at a time. If no other container subnet is available, go to the VPC console to create one.
                                                                                                                                                                                4. Click OK.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: Cluster Network Settings
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0681.html b/docs/cce/umn/cce_10_0681.html
new file mode 100644
index 000000000..2a9388f92
--- /dev/null
+++ b/docs/cce/umn/cce_10_0681.html
@@ -0,0 +1,697 @@
+
+
+
                                                                                                                                                                                Creating a LoadBalancer Service
                                                                                                                                                                                
+
                                                                                                                                                                                Scenario
                                                                                                                                                                                LoadBalancer Services can access workloads from the public network through ELB, which is more reliable than EIP-based access. The LoadBalancer access address is in the format of IP address of public network load balancer:Access port, for example, 10.117.117.117:80.
                                                                                                                                                                                
+
                                                                                                                                                                                In this access mode, requests are transmitted through an ELB load balancer to a node and then forwarded to the destination pod through the Service.
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 1 LoadBalancer
                                                                                                                                                                                
+
                                                                                                                                                                                When CCE Turbo clusters and dedicated load balancers are used, passthrough networking is supported to reduce service latency and ensure zero performance loss.
                                                                                                                                                                                
+
                                                                                                                                                                                External access requests are directly forwarded from a load balancer to pods. Internal access requests can be forwarded to a pod through a Service.
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 2 Passthrough networking
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Constraints
                                                                                                                                                                                • LoadBalancer Services allow workloads to be accessed from public networks through ELB. This access mode has the following restrictions:
                                                                                                                                                                                  • Automatically created load balancers should not be used by other resources. Otherwise, these load balancers cannot be completely deleted.
                                                                                                                                                                                  • Do not change the listener name for the load balancer in clusters of v1.15 and earlier. Otherwise, the load balancer cannot be accessed.
                                                                                                                                                                                  
+
                                                                                                                                                                                • After a Service is created, if the affinity setting is switched from the cluster level to the node level, the connection tracing table will not be cleared. You are advised not to modify the Service affinity setting after the Service is created. To modify it, create a Service again.
                                                                                                                                                                                • If the service affinity is set to the node level (that is, externalTrafficPolicy is set to Local), the cluster may fail to access the Service by using the ELB address. For details, see Why a Service Fail to Be Accessed from Within the Cluster.
                                                                                                                                                                                • CCE Turbo clusters support only cluster-level service affinity.
                                                                                                                                                                                • Dedicated ELB load balancers can be used only in clusters of v1.17 and later.
                                                                                                                                                                                • Dedicated load balancers must be of the network type (TCP/UDP) supporting private networks (with a private IP). If the Service needs to support HTTP, the specifications of dedicated load balancers must use HTTP/HTTPS (application load balancing) in addition to TCP/UDP (network load balancing).
                                                                                                                                                                                • In a CCE cluster, if the cluster-level affinity is configured for a LoadBalancer Service, requests are distributed to the node ports of each node using SNAT when entering the cluster. The number of node ports cannot exceed the number of available node ports on the node. If the service affinity is at the node level (Local), there is no such constraint. In a CCE Turbo cluster, this constraint applies to shared load balancers, but not dedicated ones. Use dedicated load balancers in CCE Turbo clusters.
                                                                                                                                                                                • When the cluster service forwarding (proxy) mode is IPVS, the node IP cannot be configured as the external IP of the Service. Otherwise, the node is unavailable.
                                                                                                                                                                                • In a cluster using the IPVS proxy mode, if the ingress and Service use the same ELB load balancer, the ingress cannot be accessed from the nodes and containers in the cluster because kube-proxy mounts the LoadBalancer Service address to the ipvs-0 bridge. This bridge intercepts the traffic of the load balancer connected to the ingress. You are advised to use different ELB load balancers for the ingress and Service.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Creating a LoadBalancer Service
                                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                2. Choose Networking in the navigation pane and click Create Service in the upper right corner.
                                                                                                                                                                                3. Configure parameters.
                                                                                                                                                                                  • Service Name: Specify a Service name, which can be the same as the workload name.
                                                                                                                                                                                  • Service Type: Select LoadBalancer.
                                                                                                                                                                                  • Namespace: Namespace to which the workload belongs.
                                                                                                                                                                                  • Service Affinity: For details, see externalTrafficPolicy (Service Affinity).
                                                                                                                                                                                    • Cluster level: The IP addresses and access ports of all nodes in a cluster can be used to access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                                                                                                                                    • Node level: Only the IP address and access port of the node where the workload is located can access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                                                                                                                                                    
+
                                                                                                                                                                                  • Selector: Add a label and click Add. A Service selects a pod based on the added label. You can also click Reference Workload Label to reference the label of an existing workload. In the dialog box that is displayed, select a workload and click OK.
                                                                                                                                                                                  • Load Balancer
                                                                                                                                                                                    Select the load balancer to interconnect. Only load balancers in the same VPC as the cluster are supported. If no load balancer is available, click Create Load Balancer to create one on the ELB console.
                                                                                                                                                                                    
+
                                                                                                                                                                                    The CCE console supports automatic creation of load balancers. Select Auto create from the drop-down list box and set the following parameters:
                                                                                                                                                                                    • Instance Name: Enter a load balancer name.
                                                                                                                                                                                    • Public Access: If enabled, an EIP with 5 Mbit/s bandwidth will be created. 
                                                                                                                                                                                    • Subnet, AZ, and Specifications (available only for dedicated load balancers): Configure the subnet AZ, and specifications. Currently, only dedicated load balancers of the network type (TCP/UDP) can be automatically created.
                                                                                                                                                                                    
+
                                                                                                                                                                                    
+
                                                                                                                                                                                    You can click Edit in the Set ELB area and configure load balancer parameters in the Set ELB dialog box.
                                                                                                                                                                                    
+
                                                                                                                                                                                    • Algorithm: Three algorithms are available: weighted round robin, weighted least connections algorithm, or source IP hash.
                                                                                                                                                                                       
                                                                                                                                                                                      • Weighted round robin: Requests are forwarded to different servers based on their weights, which indicate server processing performance. Backend servers with higher weights receive proportionately more requests, whereas equal-weighted servers receive the same number of requests. This algorithm is often used for short connections, such as HTTP services.
                                                                                                                                                                                      • Weighted least connections: In addition to the weight assigned to each server, the number of connections processed by each backend server is also considered. Requests are forwarded to the server with the lowest connections-to-weight ratio. Building on least connections, the weighted least connections algorithm assigns a weight to each server based on their processing capability. This algorithm is often used for persistent connections, such as database connections.
                                                                                                                                                                                      • Source IP hash: The source IP address of each request is calculated using the hash algorithm to obtain a unique hash key, and all backend servers are numbered. The generated key allocates the client to a particular server. This enables requests from different clients to be distributed in load balancing mode and ensures that requests from the same client are forwarded to the same server. This algorithm applies to TCP connections without cookies.
                                                                                                                                                                                      
+
                                                                                                                                                                                      
+
                                                                                                                                                                                    • Type: This function is disabled by default. You can select Source IP address. Source IP address-based sticky session means that access requests from the same IP address are forwarded to the same backend server.
                                                                                                                                                                                       
                                                                                                                                                                                      When the distribution policy uses the source IP address algorithm, sticky session cannot be set.
                                                                                                                                                                                      
+
                                                                                                                                                                                      
+
                                                                                                                                                                                    
+
                                                                                                                                                                                  • Health Check: Configure health check for the load balancer.
                                                                                                                                                                                    • Global health check: applies only to ports using the same protocol. You are advised to select Custom health check.
                                                                                                                                                                                    • Custom health check: applies to ports using different protocols. For details about the YAML definition for custom health check, see Configuring Health Check for Multiple Ports.
                                                                                                                                                                                    
+
+
                                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                    Table 1 Health check parameters
                                                                                                                                                                                    Parameter
                                                                                                                                                                                    
+
                                                                                                                                                                                    Description
                                                                                                                                                                                    
+
                                                                                                                                                                                    Protocol
                                                                                                                                                                                    
+
                                                                                                                                                                                    When the protocol of Port is set to TCP, the TCP and HTTP are supported. When the protocol of Port is set to UDP, the UDP is supported.
                                                                                                                                                                                    
+
                                                                                                                                                                                    • Check Path (supported only by the HTTP): specifies the health check URL. The check path must start with a slash (/) and contain 1 to 80 characters.
                                                                                                                                                                                    
+
                                                                                                                                                                                    Port
                                                                                                                                                                                    
+
                                                                                                                                                                                    By default, the service port (Node Port and container port of the Service) is used for health check. You can also specify another port for health check. After the port is specified, a service port named cce-healthz will be added for the Service.
                                                                                                                                                                                    
+
                                                                                                                                                                                    • Node Port: If a shared load balancer is used or no ENI instance is associated, the node port is used as the health check port. If this parameter is not specified, a random port is used. The value ranges from 30000 to 32767.
                                                                                                                                                                                    • Container Port: When a dedicated load balancer is associated with an ENI instance, the container port is used for health check. The value ranges from 1 to 65535.
                                                                                                                                                                                    
+
                                                                                                                                                                                    Check Period (s)
                                                                                                                                                                                    
+
                                                                                                                                                                                    Specifies the maximum interval between health checks. The value ranges from 1 to 50.
                                                                                                                                                                                    
+
                                                                                                                                                                                    Timeout (s)
                                                                                                                                                                                    
+
                                                                                                                                                                                    Specifies the maximum timeout duration for each health check. The value ranges from 1 to 50.
                                                                                                                                                                                    
+
                                                                                                                                                                                    Max. Retries
                                                                                                                                                                                    
+
                                                                                                                                                                                    Specifies the maximum number of health check retries. The value ranges from 1 to 10.
                                                                                                                                                                                    
+
                                                                                                                                                                                    
+
                                                                                                                                                                                    
+
                                                                                                                                                                                  • Port
                                                                                                                                                                                    • Protocol: protocol used by the Service.
                                                                                                                                                                                    • Service Port: port used by the Service. The port number ranges from 1 to 65535.
                                                                                                                                                                                    • Container Port: port on which the workload listens. For example, Nginx uses port 80 by default.
                                                                                                                                                                                    • Health Check: If Health Check is set to Custom health check, you can configure health check for ports using different protocols. For details, see Table 1.
                                                                                                                                                                                    
+
                                                                                                                                                                                     
                                                                                                                                                                                    When a LoadBalancer Service is created, a random node port number (NodePort) is automatically generated.
                                                                                                                                                                                    
+
                                                                                                                                                                                    
+
                                                                                                                                                                                  • Annotation: The LoadBalancer Service has some advanced CCE functions, which are implemented by annotations. For details, see Using Annotations to Configure Load Balancing.
                                                                                                                                                                                  
+
                                                                                                                                                                                4. Click OK.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Using kubectl to Create a Service (Using an Existing Load Balancer)
                                                                                                                                                                                You can set the Service when creating a workload using kubectl. This section uses an Nginx workload as an example to describe how to add a LoadBalancer Service using kubectl.
                                                                                                                                                                                
+
                                                                                                                                                                                1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                2. Create the files named nginx-deployment.yaml and nginx-elb-svc.yaml and edit them.
                                                                                                                                                                                  The file names are user-defined. nginx-deployment.yaml and nginx-elb-svc.yaml are merely example file names.
                                                                                                                                                                                  
+
                                                                                                                                                                                  vi nginx-deployment.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                  apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - image: nginx 
+        name: nginx
+      imagePullSecrets:
+      - name: default-secret
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  vi nginx-elb-svc.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                   
                                                                                                                                                                                  Before enabling sticky session, ensure that the following conditions are met:
                                                                                                                                                                                  
+
                                                                                                                                                                                  • The workload protocol is TCP.
                                                                                                                                                                                  • Anti-affinity has been configured between pods of the workload. That is, all pods of the workload are deployed on different nodes. For details, see Scheduling Policy (Affinity/Anti-affinity).
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  apiVersion: v1 
+kind: Service 
+metadata: 
+  name: nginx
+  annotations:
+    kubernetes.io/elb.id: <your_elb_id>                         # ELB ID. Replace it with the actual value.
+    kubernetes.io/elb.class: union                   # Load balancer type
+    kubernetes.io/elb.lb-algorithm: ROUND_ROBIN                   # Load balancer algorithm
+    kubernetes.io/elb.session-affinity-mode: SOURCE_IP          # The sticky session type is source IP address.
+    kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration (min)
+    kubernetes.io/elb.health-check-flag: 'on'                   # Enable the ELB health check function.
+    kubernetes.io/elb.health-check-option: '{
+      "protocol":"TCP",
+      "delay":"5",
+      "timeout":"10",
+      "max_retries":"3"
+    }'
+spec:
+  selector: 
+     app: nginx
+  ports: 
+  - name: service0 
+    port: 80     # Port for accessing the Service, which is also the listener port on the load balancer.
+    protocol: TCP 
+    targetPort: 80  # Port used by a Service to access the target container. This port is closely related to the applications running in a container.
+    nodePort: 31128  # Port number of the node. If this parameter is not specified, a random port number ranging from 30000 to 32767 is generated.
+  type: LoadBalancer
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  The preceding example uses annotations to implement some advanced functions of load balancing, such as sticky session and health check. For details, see Table 2.
                                                                                                                                                                                  
+
                                                                                                                                                                                  In addition to the functions in this example, for more annotations and examples related to advanced functions, see Using Annotations to Configure Load Balancing.
                                                                                                                                                                                  
+
+
                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                  Table 2 annotations parameters
                                                                                                                                                                                  Parameter
                                                                                                                                                                                  
+
                                                                                                                                                                                  Mandatory
                                                                                                                                                                                  
+
                                                                                                                                                                                  Type
                                                                                                                                                                                  
+
                                                                                                                                                                                  Description
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubernetes.io/elb.id
                                                                                                                                                                                  
+
                                                                                                                                                                                  Yes
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  ID of an enhanced load balancer.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Mandatory when an existing load balancer is to be associated.
                                                                                                                                                                                  
+
                                                                                                                                                                                  How to obtain:
                                                                                                                                                                                  
+
                                                                                                                                                                                  On the management console, click Service List, and choose Networking > Elastic Load Balance. Click the name of the target load balancer. On the Summary tab page, find and copy the ID.
                                                                                                                                                                                  
+
                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                  The system preferentially connects to the load balancer based on the kubernetes.io/elb.id field. If this field is not specified, the spec.loadBalancerIP field is used (optional and available only in 1.23 and earlier versions).
                                                                                                                                                                                  
+
                                                                                                                                                                                  Do not use the spec.loadBalancerIP field to connect to the load balancer. This field will be discarded by Kubernetes. For details, see Deprecation.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubernetes.io/elb.class
                                                                                                                                                                                  
+
                                                                                                                                                                                  Yes
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Select a proper load balancer type.
                                                                                                                                                                                  
+
                                                                                                                                                                                  • union: shared load balancer
                                                                                                                                                                                  • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                                                                                                                                                                                  
+
                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                  If a LoadBalancer Service accesses an existing dedicated load balancer, the dedicated load balancer must support TCP/UDP networking.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubernetes.io/elb.lb-algorithm
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Specifies the load balancing algorithm of the backend server group. The default value is ROUND_ROBIN.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Options:
                                                                                                                                                                                  
+
                                                                                                                                                                                  • ROUND_ROBIN: weighted round robin algorithm
                                                                                                                                                                                  • LEAST_CONNECTIONS: weighted least connections algorithm
                                                                                                                                                                                  • SOURCE_IP: source IP hash algorithm
                                                                                                                                                                                  
+
                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                  If this parameter is set to SOURCE_IP, the weight setting (weight field) of backend servers bound to the backend server group is invalid, and sticky session cannot be enabled.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubernetes.io/elb.session-affinity-mode
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Source IP address-based sticky session is supported. That is, access requests from the same IP address are forwarded to the same backend server.
                                                                                                                                                                                  
+
                                                                                                                                                                                  • Disabling sticky session: Do not configure this parameter.
                                                                                                                                                                                  • Enabling sticky session: Set this parameter to SOURCE_IP, indicating that the sticky session is based on the source IP address.
                                                                                                                                                                                  
+
                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                  When kubernetes.io/elb.lb-algorithm is set to SOURCE_IP (source IP address algorithm), sticky session cannot be enabled.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubernetes.io/elb.session-affinity-option
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  Table 3 object
                                                                                                                                                                                  
+
                                                                                                                                                                                  Sticky session timeout.
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubernetes.io/elb.health-check-flag
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Whether to enable the ELB health check.
                                                                                                                                                                                  
+
                                                                                                                                                                                  • Enabling health check: Leave blank this parameter or set it to on.
                                                                                                                                                                                  • Disabling health check: Set this parameter to off.
                                                                                                                                                                                  
+
                                                                                                                                                                                  If this parameter is enabled, the kubernetes.io/elb.health-check-option field must also be specified at the same time.
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubernetes.io/elb.health-check-option
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  Table 4 object
                                                                                                                                                                                  
+
                                                                                                                                                                                  ELB health check configuration items.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
+
                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                  Table 3 Data structure of the elb.session-affinity-option field
                                                                                                                                                                                  Parameter
                                                                                                                                                                                  
+
                                                                                                                                                                                  Mandatory
                                                                                                                                                                                  
+
                                                                                                                                                                                  Type
                                                                                                                                                                                  
+
                                                                                                                                                                                  Description
                                                                                                                                                                                  
+
                                                                                                                                                                                  persistence_timeout
                                                                                                                                                                                  
+
                                                                                                                                                                                  Yes
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Sticky session timeout, in minutes. This parameter is valid only when elb.session-affinity-mode is set to SOURCE_IP.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Value range: 1 to 60. Default value: 60
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
+
                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                  Table 4 Data structure description of the elb.health-check-option field
                                                                                                                                                                                  Parameter
                                                                                                                                                                                  
+
                                                                                                                                                                                  Mandatory
                                                                                                                                                                                  
+
                                                                                                                                                                                  Type
                                                                                                                                                                                  
+
                                                                                                                                                                                  Description
                                                                                                                                                                                  
+
                                                                                                                                                                                  delay
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Initial waiting time (in seconds) for starting the health check.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Value range: 1 to 50. Default value: 5
                                                                                                                                                                                  
+
                                                                                                                                                                                  timeout
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Health check timeout, in seconds.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Value range: 1 to 50. Default value: 10
                                                                                                                                                                                  
+
                                                                                                                                                                                  max_retries
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Maximum number of health check retries.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Value range: 1 to 10. Default value: 3
                                                                                                                                                                                  
+
                                                                                                                                                                                  protocol
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Health check protocol.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Value options: TCP or HTTP
                                                                                                                                                                                  
+
                                                                                                                                                                                  path
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Default value: /
                                                                                                                                                                                  
+
                                                                                                                                                                                  The value can contain 1 to 10,000 characters.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                3. Create a workload.
                                                                                                                                                                                  kubectl create -f nginx-deployment.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                  If information similar to the following is displayed, the workload has been created.
                                                                                                                                                                                  
+
                                                                                                                                                                                  deployment/nginx created
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubectl get pod
                                                                                                                                                                                  
+
                                                                                                                                                                                  If information similar to the following is displayed, the workload is running.
                                                                                                                                                                                  
+
                                                                                                                                                                                  NAME                     READY     STATUS             RESTARTS   AGE
+nginx-2601814895-c1xhw   1/1       Running            0          6s
                                                                                                                                                                                  
+
                                                                                                                                                                                4. Create a Service.
                                                                                                                                                                                  kubectl create -f nginx-elb-svc.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                  If information similar to the following is displayed, the Service has been created.
                                                                                                                                                                                  
+
                                                                                                                                                                                  service/nginx created
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubectl get svc
                                                                                                                                                                                  
+
                                                                                                                                                                                  If information similar to the following is displayed, the access type has been set, and the workload is accessible.
                                                                                                                                                                                  
+
                                                                                                                                                                                  NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
+kubernetes   ClusterIP      10.247.0.1       <none>        443/TCP        3d
+nginx        LoadBalancer   10.247.130.196   10.78.42.242   80:31540/TCP   51s
                                                                                                                                                                                  
+
                                                                                                                                                                                5. Enter the URL in the address box of the browser, for example, 10.78.42.242:80. 10.78.42.242 indicates the IP address of the load balancer, and 80 indicates the access port displayed on the CCE console.
                                                                                                                                                                                  The Nginx is accessible.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Figure 3 Accessing Nginx through the LoadBalancer Service
                                                                                                                                                                                  
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Using kubectl to Create a Service (Automatically Creating a Load Balancer)
                                                                                                                                                                                You can set the Service when creating a workload using kubectl. This section uses an Nginx workload as an example to describe how to add a LoadBalancer Service using kubectl.
                                                                                                                                                                                
+
                                                                                                                                                                                1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                2. Create the files named nginx-deployment.yaml and nginx-elb-svc.yaml and edit them.
                                                                                                                                                                                  The file names are user-defined. nginx-deployment.yaml and nginx-elb-svc.yaml are merely example file names.
                                                                                                                                                                                  
+
                                                                                                                                                                                  vi nginx-deployment.yaml
                                                                                                                                                                                  apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - image: nginx 
+        name: nginx
+      imagePullSecrets:
+      - name: default-secret
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  vi nginx-elb-svc.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                   
                                                                                                                                                                                  Before enabling sticky session, ensure that the following conditions are met:
                                                                                                                                                                                  
+
                                                                                                                                                                                  • The workload protocol is TCP.
                                                                                                                                                                                  • Anti-affinity has been configured between pods of the workload. That is, all pods of the workload are deployed on different nodes. For details, see Scheduling Policy (Affinity/Anti-affinity).
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  Example of a Service using a public network shared load balancer:
                                                                                                                                                                                  apiVersion: v1 
+kind: Service 
+metadata: 
+  annotations:   
+    kubernetes.io/elb.class: union
+    kubernetes.io/elb.autocreate: '{
+      "type": "public",
+      "bandwidth_name": "cce-bandwidth-1551163379627",
+      "bandwidth_chargemode": "bandwidth",
+      "bandwidth_size": 5,
+      "bandwidth_sharetype": "PER",
+      "eip_type": "5_bgp"
+    }'
+    kubernetes.io/elb.enterpriseID: '0'       # ID of the enterprise project to which the load balancer belongs
+    kubernetes.io/elb.lb-algorithm: ROUND_ROBIN                   # Load balancer algorithm
+    kubernetes.io/elb.session-affinity-mode: SOURCE_IP          # The sticky session type is source IP address.
+    kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration (min)
+    kubernetes.io/elb.health-check-flag: 'on'                   # Enable the ELB health check function.
+    kubernetes.io/elb.health-check-option: '{
+      "protocol":"TCP",
+      "delay":"5",
+      "timeout":"10",
+      "max_retries":"3"
+    }'
+  labels: 
+    app: nginx 
+  name: nginx 
+spec: 
+  ports: 
+  - name: service0 
+    port: 80
+    protocol: TCP 
+    targetPort: 80
+  selector: 
+    app: nginx 
+  type: LoadBalancer
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  Example Service using a public network dedicated load balancer (only for clusters of v1.17 and later):
                                                                                                                                                                                  apiVersion: v1
+kind: Service
+metadata:
+  name: nginx
+  labels:
+    app: nginx
+  namespace: default
+  annotations:
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.autocreate: '{
+      "type": "public",
+      "bandwidth_name": "cce-bandwidth-1626694478577",
+      "bandwidth_chargemode": "bandwidth",
+      "bandwidth_size": 5,
+      "bandwidth_sharetype": "PER",
+      "eip_type": "5_bgp",
+      "available_zone": [
+         ""
+      ],
+      "l4_flavor_name": "L4_flavor.elb.s1.small"
+    }'
+    kubernetes.io/elb.enterpriseID: '0'       # ID of the enterprise project to which the load balancer belongs
+    kubernetes.io/elb.lb-algorithm: ROUND_ROBIN                   # Load balancer algorithm
+    kubernetes.io/elb.session-affinity-mode: SOURCE_IP          # The sticky session type is source IP address.
+    kubernetes.io/elb.session-affinity-option: '{"persistence_timeout": "30"}'     # Stickiness duration (min)
+    kubernetes.io/elb.health-check-flag: 'on'                   # Enable the ELB health check function.
+    kubernetes.io/elb.health-check-option: '{
+      "protocol":"TCP",
+      "delay":"5",
+      "timeout":"10",
+      "max_retries":"3"
+    }'
+spec:
+  selector:
+    app: nginx
+  ports:
+  - name: cce-service-0
+    targetPort: 80
+    nodePort: 0
+    port: 80
+    protocol: TCP
+  type: LoadBalancer
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  The preceding example uses annotations to implement some advanced functions of load balancing, such as sticky session and health check. For details, see Table 5.
                                                                                                                                                                                  
+
                                                                                                                                                                                  In addition to the functions in this example, for more annotations and examples related to advanced functions, see Using Annotations to Configure Load Balancing.
                                                                                                                                                                                  
+
+
                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                  Table 5 annotations parameters
                                                                                                                                                                                  Parameter
                                                                                                                                                                                  
+
                                                                                                                                                                                  Mandatory
                                                                                                                                                                                  
+
                                                                                                                                                                                  Type
                                                                                                                                                                                  
+
                                                                                                                                                                                  Description
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubernetes.io/elb.class
                                                                                                                                                                                  
+
                                                                                                                                                                                  Yes
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Select a proper load balancer type.
                                                                                                                                                                                  
+
                                                                                                                                                                                  • union: shared load balancer
                                                                                                                                                                                  • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubernetes.io/elb.autocreate
                                                                                                                                                                                  
+
                                                                                                                                                                                  Yes
                                                                                                                                                                                  
+
                                                                                                                                                                                  elb.autocreate object
                                                                                                                                                                                  
+
                                                                                                                                                                                  Whether to automatically create a load balancer associated with the Service.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Example
                                                                                                                                                                                  
+
                                                                                                                                                                                  • If a public network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                                                                                    {"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}
                                                                                                                                                                                    
+
                                                                                                                                                                                  • If a private network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                                                                                    {"type":"inner","name":"A-location-d-test"}
                                                                                                                                                                                    
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubernetes.io/elb.subnet-id
                                                                                                                                                                                  
+
                                                                                                                                                                                  None
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                                                                                                                                                                                  
+
                                                                                                                                                                                  • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                                                                                                                                                                                  • Optional for clusters later than v1.11.7-r0.
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubernetes.io/elb.lb-algorithm
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Specifies the load balancing algorithm of the backend server group. The default value is ROUND_ROBIN.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Options:
                                                                                                                                                                                  
+
                                                                                                                                                                                  • ROUND_ROBIN: weighted round robin algorithm
                                                                                                                                                                                  • LEAST_CONNECTIONS: weighted least connections algorithm
                                                                                                                                                                                  • SOURCE_IP: source IP hash algorithm
                                                                                                                                                                                  
+
                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                  If this parameter is set to SOURCE_IP, the weight setting (weight field) of backend servers bound to the backend server group is invalid, and sticky session cannot be enabled.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubernetes.io/elb.session-affinity-mode
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Source IP address-based sticky session is supported. That is, access requests from the same IP address are forwarded to the same backend server.
                                                                                                                                                                                  
+
                                                                                                                                                                                  • Disabling sticky session: Do not configure this parameter.
                                                                                                                                                                                  • Enabling sticky session: Set this parameter to SOURCE_IP, indicating that the sticky session is based on the source IP address.
                                                                                                                                                                                  
+
                                                                                                                                                                                   NOTE: 
                                                                                                                                                                                  When kubernetes.io/elb.lb-algorithm is set to SOURCE_IP (source IP address algorithm), sticky session cannot be enabled.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubernetes.io/elb.session-affinity-option
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  Table 3 object
                                                                                                                                                                                  
+
                                                                                                                                                                                  Sticky session timeout.
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubernetes.io/elb.health-check-flag
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Whether to enable the ELB health check.
                                                                                                                                                                                  
+
                                                                                                                                                                                  • Enabling health check: Leave blank this parameter or set it to on.
                                                                                                                                                                                  • Disabling health check: Set this parameter to off.
                                                                                                                                                                                  
+
                                                                                                                                                                                  If this parameter is enabled, the kubernetes.io/elb.health-check-option field must also be specified at the same time.
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubernetes.io/elb.health-check-option
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  Table 4 object
                                                                                                                                                                                  
+
                                                                                                                                                                                  ELB health check configuration items.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
+
                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                  Table 6 Data structure of the elb.autocreate field
                                                                                                                                                                                  Parameter
                                                                                                                                                                                  
+
                                                                                                                                                                                  Mandatory
                                                                                                                                                                                  
+
                                                                                                                                                                                  Type
                                                                                                                                                                                  
+
                                                                                                                                                                                  Description
                                                                                                                                                                                  
+
                                                                                                                                                                                  name
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Name of the automatically created load balancer.
                                                                                                                                                                                  
+
                                                                                                                                                                                  The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Default: cce-lb+service.UID
                                                                                                                                                                                  
+
                                                                                                                                                                                  type
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Network type of the load balancer.
                                                                                                                                                                                  
+
                                                                                                                                                                                  • public: public network load balancer
                                                                                                                                                                                  • inner: private network load balancer
                                                                                                                                                                                  
+
                                                                                                                                                                                  Default: inner
                                                                                                                                                                                  
+
                                                                                                                                                                                  bandwidth_name
                                                                                                                                                                                  
+
                                                                                                                                                                                  Yes for public network load balancers
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                                                                                  
+
                                                                                                                                                                                  The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                                                                  
+
                                                                                                                                                                                  bandwidth_chargemode
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Bandwidth mode.
                                                                                                                                                                                  
+
                                                                                                                                                                                  • bandwidth: billed by bandwidth
                                                                                                                                                                                  • traffic: billed by traffic
                                                                                                                                                                                  
+
                                                                                                                                                                                  Default: bandwidth
                                                                                                                                                                                  
+
                                                                                                                                                                                  bandwidth_size
                                                                                                                                                                                  
+
                                                                                                                                                                                  Yes for public network load balancers
                                                                                                                                                                                  
+
                                                                                                                                                                                  Integer
                                                                                                                                                                                  
+
                                                                                                                                                                                  Bandwidth size. The default value is 1 to 2000 Mbit/s. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                                                                                  
+
                                                                                                                                                                                  The minimum increment for bandwidth adjustment varies depending on the bandwidth range.
                                                                                                                                                                                  • The minimum increment is 1 Mbit/s if the allowed bandwidth does not exceed 300 Mbit/s.
                                                                                                                                                                                  • The minimum increment is 50 Mbit/s if the allowed bandwidth ranges from 300 Mbit/s to 1000 Mbit/s.
                                                                                                                                                                                  • The minimum increment is 500 Mbit/s if the allowed bandwidth exceeds 1000 Mbit/s.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  bandwidth_sharetype
                                                                                                                                                                                  
+
                                                                                                                                                                                  Yes for public network load balancers
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Bandwidth sharing mode.
                                                                                                                                                                                  
+
                                                                                                                                                                                  • PER: dedicated bandwidth
                                                                                                                                                                                  
+
                                                                                                                                                                                  eip_type
                                                                                                                                                                                  
+
                                                                                                                                                                                  Yes for public network load balancers
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  EIP type.
                                                                                                                                                                                  
+
                                                                                                                                                                                  • 5_bgp: dynamic BGP
                                                                                                                                                                                  
+
                                                                                                                                                                                  The specific type varies with regions. For details, see the EIP console.
                                                                                                                                                                                  
+
                                                                                                                                                                                  available_zone
                                                                                                                                                                                  
+
                                                                                                                                                                                  Yes
                                                                                                                                                                                  
+
                                                                                                                                                                                  Array of strings
                                                                                                                                                                                  
+
                                                                                                                                                                                  AZ where the load balancer is located.
                                                                                                                                                                                  
+
                                                                                                                                                                                  This parameter is available only for dedicated load balancers.
                                                                                                                                                                                  
+
                                                                                                                                                                                  l4_flavor_name
                                                                                                                                                                                  
+
                                                                                                                                                                                  Yes
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Flavor name of the layer-4 load balancer.
                                                                                                                                                                                  
+
                                                                                                                                                                                  This parameter is available only for dedicated load balancers.
                                                                                                                                                                                  
+
                                                                                                                                                                                  l7_flavor_name
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  String
                                                                                                                                                                                  
+
                                                                                                                                                                                  Flavor name of the layer-7 load balancer.
                                                                                                                                                                                  
+
                                                                                                                                                                                  This parameter is available only for dedicated load balancers. The value of this parameter must be the same as that of l4_flavor_name, that is, both are elastic specifications or fixed specifications.
                                                                                                                                                                                  
+
                                                                                                                                                                                  elb_virsubnet_ids
                                                                                                                                                                                  
+
                                                                                                                                                                                  No
                                                                                                                                                                                  
+
                                                                                                                                                                                  Array of strings
                                                                                                                                                                                  
+
                                                                                                                                                                                  Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Therefore, you are not advised to use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                                                                                                  
+
                                                                                                                                                                                  This parameter is available only for dedicated load balancers.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Example:
                                                                                                                                                                                  
+
                                                                                                                                                                                  "elb_virsubnet_ids": [
+   "14567f27-8ae4-42b8-ae47-9f847a4690dd"
+ ]
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                3. Create a workload.
                                                                                                                                                                                  kubectl create -f nginx-deployment.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                  If information similar to the following is displayed, the workload is being created.
                                                                                                                                                                                  
+
                                                                                                                                                                                  deployment/nginx created
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubectl get pod
                                                                                                                                                                                  
+
                                                                                                                                                                                  If information similar to the following is displayed, the workload is running.
                                                                                                                                                                                  
+
                                                                                                                                                                                  NAME                     READY     STATUS             RESTARTS   AGE
+nginx-2601814895-c1xhw   1/1       Running            0          6s
                                                                                                                                                                                  
+
                                                                                                                                                                                4. Create a Service.
                                                                                                                                                                                  kubectl create -f nginx-elb-svc.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                  If information similar to the following is displayed, the Service has been created.
                                                                                                                                                                                  
+
                                                                                                                                                                                  service/nginx created
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubectl get svc
                                                                                                                                                                                  
+
                                                                                                                                                                                  If information similar to the following is displayed, the access type has been set, and the workload is accessible.
                                                                                                                                                                                  
+
                                                                                                                                                                                  NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
+kubernetes   ClusterIP      10.247.0.1       <none>        443/TCP        3d
+nginx        LoadBalancer   10.247.130.196   10.78.42.242   80:31540/TCP   51s
                                                                                                                                                                                  
+
                                                                                                                                                                                5. Enter the URL in the address box of the browser, for example, 10.XXX.XXX.XXX:80. 10.XXX.XXX.XXX indicates the IP address of the load balancer, and 80 indicates the access port displayed on the CCE console.
                                                                                                                                                                                  The Nginx is accessible.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Figure 4 Accessing Nginx through the LoadBalancer Service
                                                                                                                                                                                  
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: LoadBalancer
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0683.html b/docs/cce/umn/cce_10_0683.html
new file mode 100644
index 000000000..b23b92390
--- /dev/null
+++ b/docs/cce/umn/cce_10_0683.html
@@ -0,0 +1,63 @@
+
+
+
                                                                                                                                                                                Service Using HTTP
                                                                                                                                                                                
+
                                                                                                                                                                                Constraints
                                                                                                                                                                                • Only clusters of v1.19.16 or later support HTTP.
                                                                                                                                                                                • Do not connect the ingress and Service that uses HTTP to the same listener of the same load balancer. Otherwise, a port conflict occurs.
                                                                                                                                                                                • Layer-7 routing of ELB can be enabled for Services. Both shared and dedicated ELB load balancers can be interconnected.
                                                                                                                                                                                  Restrictions on dedicated ELB load balancers are as follows:
                                                                                                                                                                                  
+
                                                                                                                                                                                  • To interconnect with an existing dedicated load balancer, the load balancer flavor must support both the layer-4 and layer-7 routing. Otherwise, the load balancer will not work as expected.
                                                                                                                                                                                  • If you use an automatically created load balancer, you cannot use the CCE console to automatically create a layer-7 dedicated load balancer. Instead, you can use YAML to create a layer-7 dedicated load balancer, use both the layer-4 and layer-7 capabilities of the exclusive ELB instance (that is, specify the layer-4 and layer-7 flavors in the annotation of kubernetes.io/elb.autocreate).
                                                                                                                                                                                  
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Service Using HTTP
                                                                                                                                                                                The following annotations need to be added:
                                                                                                                                                                                
+
                                                                                                                                                                                • kubernetes.io/elb.protocol-port: "https:443,http:80"
                                                                                                                                                                                  The value of protocol-port must be the same as the port in the spec.ports field of the Service. The format is Protocol:Port. The port matches the one in the service.spec.ports field and is released as the corresponding protocol.
                                                                                                                                                                                  
+
                                                                                                                                                                                • kubernetes.io/elb.cert-id: "17e3b4f4bc40471c86741dc3aa211379"
                                                                                                                                                                                  cert-id indicates the certificate ID in ELB certificate management. When https is configured for protocol-port, the certificate of the ELB listener will be set to the cert-id certificate. When multiple HTTPS services are released, the same certificate is used.
                                                                                                                                                                                  
+
                                                                                                                                                                                
+
                                                                                                                                                                                The following is a configuration example. The two ports in spec.ports correspond to those in kubernetes.io/elb.protocol-port. Ports 443 and 80 are enabled for HTTPS and HTTP requests, respectively.
                                                                                                                                                                                
+
                                                                                                                                                                                apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    # When an ELB load balancer is automatically created, both layer-4 and layer-7 flavors need to be specified.
+    kubernetes.io/elb.autocreate: '
+      {
+          "type": "public",
+          "bandwidth_name": "cce-bandwidth-1634816602057",
+          "bandwidth_chargemode": "bandwidth",
+          "bandwidth_size": 5,
+          "bandwidth_sharetype": "PER",
+          "eip_type": "5_bgp",
+          "available_zone": [
+              ""
+          ],
+          "l7_flavor_name": "L7_flavor.elb.s2.small"
+      }'
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.protocol-port: "https:443,http:80"
+    kubernetes.io/elb.cert-id: "17e3b4f4bc40471c86741dc3aa211379"
+  labels:
+    app: nginx
+    name: test
+  name: test
+  namespace: default
+spec:
+  ports:
+  - name: cce-service-0
+    port: 443
+    protocol: TCP
+    targetPort: 80
+  - name: cce-service-1
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+    version: v1
+  sessionAffinity: None
+  type: LoadBalancer
                                                                                                                                                                                
+
                                                                                                                                                                                Use the preceding example configurations to create a Service. In the new ELB load balancer, you can see that the listeners on ports 443 and 80 are created.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: LoadBalancer
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0684.html b/docs/cce/umn/cce_10_0684.html
index fdd323a3a..30f95dbb3 100644
--- a/docs/cce/umn/cce_10_0684.html
+++ b/docs/cce/umn/cce_10_0684.html
@@ -1,122 +1,141 @@
 
 
 
                                                                                                                                                                                Configuring Health Check for Multiple Ports
                                                                                                                                                                                
-
                                                                                                                                                                                The annotation field related to the health check of the LoadBalancer Service is upgraded from Kubernetes.io/elb.health-check-option to Kubernetes.io/elb.health-check-options. Each Service port can be configured separately, and you can configure only some ports. If the port protocol does not need to be configured separately, the original annotation field is still available and does not need to be modified.
                                                                                                                                                                                
-
                                                                                                                                                                                Constraints
                                                                                                                                                                                • This feature takes effect only in the following versions:
                                                                                                                                                                                  • v1.19: v1.19.16-r5 or later
                                                                                                                                                                                  • v1.21: v1.21.8-r0 or later
                                                                                                                                                                                  • v1.23: v1.23.6-r0 or later
                                                                                                                                                                                  • v1.25: v1.25.2-r0 or later
                                                                                                                                                                                  
-
                                                                                                                                                                                • kubernetes.io/elb.health-check-option and kubernetes.io/elb.health-check-options cannot be configured at the same time.
                                                                                                                                                                                • The target_service_port field is mandatory and must be unique.
                                                                                                                                                                                • For a TCP port, the health check protocol can only be TCP or HTTP. For a UDP port, the health check protocol must be UDP.
                                                                                                                                                                                
+
                                                                                                                                                                                The annotation field related to the health check of the LoadBalancer Service is upgraded from Kubernetes.io/elb.health-check-option to Kubernetes.io/elb.health-check-options. Each Service port can be configured separately, and you can configure only some ports. If the port protocol does not need to be configured separately, the original annotation field is still available and does not need to be modified.
                                                                                                                                                                                
+
                                                                                                                                                                                Constraints
                                                                                                                                                                                • This feature takes effect only in the following versions:
                                                                                                                                                                                  • v1.19: v1.19.16-r5 or later
                                                                                                                                                                                  • v1.21: v1.21.8-r0 or later
                                                                                                                                                                                  • v1.23: v1.23.6-r0 or later
                                                                                                                                                                                  • v1.25: v1.25.2-r0 or later
                                                                                                                                                                                  
+
                                                                                                                                                                                • kubernetes.io/elb.health-check-option and kubernetes.io/elb.health-check-options cannot be configured at the same time.
                                                                                                                                                                                • The target_service_port field is mandatory and must be unique.
                                                                                                                                                                                • For a TCP port, the health check protocol can only be TCP or HTTP. For a UDP port, the health check protocol must be UDP.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Procedure
                                                                                                                                                                                The following is an example of using the kubernetes.io/elb.health-check-options annotation:
                                                                                                                                                                                apiVersion: v1
+
                                                                                                                                                                                Procedure
                                                                                                                                                                                The following is an example of using the kubernetes.io/elb.health-check-options annotation:
                                                                                                                                                                                apiVersion: v1
 kind: Service
 metadata:
   name: nginx
   namespace: default
-  labels: {}
+  labels: 
+    app: nginx
+    version: v1
   annotations:
-    kubernetes.io/elb.class: union
-    kubernetes.io/elb.id: 038ffbda-bd3a-48bb-8b8c-a8582601fd97
-    kubernetes.io/elb.lb-algorithm: ROUND_ROBIN
-    kubernetes.io/elb.health-check-flag: 'on'
-    kubernetes.io/elb.health-check-options: '{
-    "target_service_port": "TCP:80", // (Mandatory) Port for health check specified by spec.ports. The value consists of the protocol and port number, for example, TCP:80.
-    "monitor_port": "",        // (Optional) Re-specified port for health check. If this parameter is not specified, the service port is used by default. Ensure that the port is in the listening state on the node where the pod is located. Otherwise, the health check result will be affected.
-    "protocol":"TCP",
-    "delay":"5",
-    "timeout":"10",
-    "max_retries":"3",
-    "path":"/"
-    }'
+    kubernetes.io/elb.class: union         # Load balancer type
+    kubernetes.io/elb.id: <your_elb_id>    # ELB ID. Replace it with the actual value.
+    kubernetes.io/elb.lb-algorithm: ROUND_ROBIN  # Load balancer algorithm
+    kubernetes.io/elb.health-check-flag: 'on'    # Enable ELB health check.
+    kubernetes.io/elb.health-check-options: '[
+	{
+		"protocol": "TCP",
+		"delay": "5",
+		"timeout": "10",
+		"max_retries": "3",
+		"target_service_port": "TCP:1",
+		"monitor_port": "22"
+	},
+	{
+		"protocol": "HTTP",
+		"delay": "5",
+		"timeout": "10",
+		"max_retries": "3",
+		"path": "/",
+		"target_service_port": "TCP:2",
+		"monitor_port": "22"
+	}
+    ]'
 spec:
-  selector: {}
+  selector:
+    app: nginx
+    version: v1
   externalTrafficPolicy: Cluster
   ports:
     - name: cce-service-0
-      targetPort: 80
+      targetPort: 1
       nodePort: 0
-      port: 80
+      port: 1
+      protocol: TCP
+    - name: cce-service-1
+      targetPort: 2
+      nodePort: 0
+      port: 2
       protocol: TCP
   type: LoadBalancer
   loadBalancerIP: **.**.**.**
                                                                                                                                                                                
 
-
                                                                                                                                                                                
-
@@ -181,7 +181,7 @@
 
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Parent topic: Best Practice
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: Best Practice
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_bestpractice_0003.html b/docs/cce/umn/cce_bestpractice_0003.html
index 5785e5f64..622e35dd6 100644
--- a/docs/cce/umn/cce_bestpractice_0003.html
+++ b/docs/cce/umn/cce_bestpractice_0003.html
@@ -5,14 +5,14 @@
 
                                                                                                                                                                                No recoding or re-architecting is required. You only need to pack the entire application into a container image and deploy the container image on CCE.
                                                                                                                                                                                Introduction
                                                                                                                                                                                In this example, the enterprise management application is developed by enterprise A. This application is provided for third-party enterprises for use, and enterprise A is responsible for application maintenance.
                                                                                                                                                                                
 
                                                                                                                                                                                When a third-party enterprise needs to use this application, a suit of Tomcat application and MongoDB database must be deployed for the third-party enterprise. The MySQL database, used to store data of third-party enterprises, is provided by enterprise A.
                                                                                                                                                                                
-
                                                                                                                                                                                Figure 1 Application architecture
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 1 Application architecture
                                                                                                                                                                                
 
                                                                                                                                                                                As shown in Figure 1, the application is a standard Tomcat application, and its backend interconnects with MongoDB and MySQL databases. For this type of applications, there is no need to split the architecture. The entire application is built as an image, and the MongoDB database is deployed in the same image as the Tomcat application. In this way, the application can be deployed or upgraded through the image.
                                                                                                                                                                                
 
                                                                                                                                                                                • Interconnecting with the MongoDB database for storing user files.
                                                                                                                                                                                • Interconnecting with the MySQL database for storing third-party enterprise data. The MySQL database is an external cloud database.
                                                                                                                                                                                
 
                                                                                                                                                                                Benefits
                                                                                                                                                                                In this example, the application was deployed on a VM. During application deployment and upgrade, a series of problems is encountered, but application containerization has solved these problems.
                                                                                                                                                                                
 
                                                                                                                                                                                By using containers, you can easily pack application code, configurations, and dependencies and convert them into easy-to-use building blocks. This achieves the environmental consistency and version management, as well as improves the development and operation efficiency. Containers ensure quick, reliable, and consistent deployment of applications and prevent applications from being affected by deployment environment.
                                                                                                                                                                                
 
-
                                                                                                                                                                                Table 1 Data structure description of the elb.health-check-options field
                                                                                                                                                                                Parameter
                                                                                                                                                                                
+
                                                                                                                                                                                
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -127,7 +146,7 @@ spec:
 
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Parent topic: Services
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: LoadBalancer
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_10_0686.html b/docs/cce/umn/cce_10_0686.html
new file mode 100644
index 000000000..dd2040169
--- /dev/null
+++ b/docs/cce/umn/cce_10_0686.html
@@ -0,0 +1,33 @@
+
+
+
+  
                                                                                                                                                                                ELB Ingresses
                                                                                                                                                                                
+
+  
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
+
diff --git a/docs/cce/umn/cce_10_0687.html b/docs/cce/umn/cce_10_0687.html
new file mode 100644
index 000000000..a6a370740
--- /dev/null
+++ b/docs/cce/umn/cce_10_0687.html
@@ -0,0 +1,214 @@
+
+
+
                                                                                                                                                                                Configuring HTTPS Certificates for ELB Ingresses
                                                                                                                                                                                
+
                                                                                                                                                                                Ingress supports TLS certificate configuration and secures your Services with HTTPS.
                                                                                                                                                                                
+
                                                                                                                                                                                Currently, you can use the TLS secret certificate configured in the cluster and the ELB certificate.
                                                                                                                                                                                
+
                                                                                                                                                                                 
                                                                                                                                                                                If HTTPS is enabled for the same port of the same load balancer of multiple ingresses, you must select the same certificate.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Using a TLS Secret Certificate
                                                                                                                                                                                1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                2. Ingress supports two TLS secret types: kubernetes.io/tls and IngressTLS. IngressTLS is used as an example. For details, see Creating a Secret. For details about examples of the kubernetes.io/tls secret and its description, see TLS Secret.
                                                                                                                                                                                  Run the following command to create a YAML file named ingress-test-secret.yaml (the file name can be customized):
                                                                                                                                                                                  
+
                                                                                                                                                                                  vi ingress-test-secret.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                  The YAML file is configured as follows:
                                                                                                                                                                                  apiVersion: v1
+data:
+  tls.crt: LS0******tLS0tCg==
+  tls.key: LS0tL******0tLS0K
+kind: Secret
+metadata:
+  annotations:
+    description: test for ingressTLS secrets
+  name: ingress-test-secret
+  namespace: default
+type: IngressTLS
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                   
                                                                                                                                                                                  In the preceding information, tls.crt and tls.key are only examples. Replace them with the actual files. The values of tls.crt and tls.key are Base64-encoded.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                3. Create a secret.
                                                                                                                                                                                  kubectl create -f ingress-test-secret.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                  If information similar to the following is displayed, the secret is being created:
                                                                                                                                                                                  
+
                                                                                                                                                                                  secret/ingress-test-secret created
                                                                                                                                                                                  
+
                                                                                                                                                                                  View the created secret.
                                                                                                                                                                                  
+
                                                                                                                                                                                  kubectl get secrets
                                                                                                                                                                                  
+
                                                                                                                                                                                  If information similar to the following is displayed, the secret has been created:
                                                                                                                                                                                  
+
                                                                                                                                                                                  NAME                         TYPE                                  DATA      AGE
+ingress-test-secret          IngressTLS                            2         13s
                                                                                                                                                                                  
+
                                                                                                                                                                                4. Create a YAML file named ingress-test.yaml. The file name can be customized.
                                                                                                                                                                                  vi ingress-test.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                   
                                                                                                                                                                                  Default security policy (kubernetes.io/elb.tls-ciphers-policy) is supported only in clusters of v1.17.17 or later.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  The following uses the automatically created load balancer as an example. The YAML file is configured as follows:
                                                                                                                                                                                  
+
                                                                                                                                                                                  For clusters of v1.21 or earlier:
                                                                                                                                                                                  
+
                                                                                                                                                                                  apiVersion: networking.k8s.io/v1beta1
+kind: Ingress 
+metadata: 
+  name: ingress-test
+  annotations: 
+    kubernetes.io/elb.class: performance
+    kubernetes.io/ingress.class: cce
+    kubernetes.io/elb.port: '443'
+    kubernetes.io/elb.autocreate: 
+      '{
+          "type": "public",
+          "bandwidth_name": "cce-bandwidth-******",
+          "bandwidth_chargemode": "bandwidth",
+          "bandwidth_size": 5,
+          "bandwidth_sharetype": "PER",
+          "eip_type": "5_bgp",
+          "available_zone": [
+              "eu-de-01"
+          ],
+          "elb_virsubnet_ids":["b4bf8152-6c36-4c3b-9f74-2229f8e640c9"],
+          "l7_flavor_name": "L7_flavor.elb.s1.small"
+       }'
+    kubernetes.io/elb.tls-ciphers-policy: tls-1-2
+spec:
+  tls: 
+  - secretName: ingress-test-secret
+  rules: 
+  - host: foo.bar.com
+    http: 
+      paths: 
+      - path: '/'
+        backend: 
+          serviceName: <your_service_name>  # Replace it with the name of your target Service.
+          servicePort: 80
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                                                                                  
+
                                                                                                                                                                                  For clusters of v1.23 or later:
                                                                                                                                                                                  apiVersion: networking.k8s.io/v1
+kind: Ingress 
+metadata: 
+  name: ingress-test
+  annotations: 
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.port: '443'
+    kubernetes.io/elb.autocreate: 
+      '{
+          "type": "public",
+          "bandwidth_name": "cce-bandwidth-******",
+          "bandwidth_chargemode": "bandwidth",
+          "bandwidth_size": 5,
+          "bandwidth_sharetype": "PER",
+          "eip_type": "5_bgp",
+          "available_zone": [
+              "eu-de-01"
+          ],
+          "elb_virsubnet_ids":["b4bf8152-6c36-4c3b-9f74-2229f8e640c9"],
+          "l7_flavor_name": "L7_flavor.elb.s1.small"
+       }'
+    kubernetes.io/elb.tls-ciphers-policy: tls-1-2
+spec:
+  tls: 
+  - secretName: ingress-test-secret
+  rules: 
+  - host: foo.bar.com
+    http: 
+      paths: 
+      - path: '/'
+        backend: 
+          service:
+            name: <your_service_name>  # Replace it with the name of your target Service.
+            port: 
+              number: 8080             # Replace 8080 with the port number of your target Service.
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+        pathType: ImplementationSpecific
+  ingressClassName: cce 
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
+
                                                                                                                                                                                Table 1 Data structure description of the elb.health-check-options field
                                                                                                                                                                                Parameter
                                                                                                                                                                                
 
                                                                                                                                                                                Mandatory
                                                                                                                                                                                
+
                                                                                                                                                                                Mandatory
                                                                                                                                                                                
 
                                                                                                                                                                                Type
                                                                                                                                                                                
+
                                                                                                                                                                                Type
                                                                                                                                                                                
 
                                                                                                                                                                                Description
                                                                                                                                                                                
+
                                                                                                                                                                                Description
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
 
                                                                                                                                                                                target_service_port
                                                                                                                                                                                
+
                                                                                                                                                                                target_service_port
                                                                                                                                                                                
 
                                                                                                                                                                                Yes
                                                                                                                                                                                
+
                                                                                                                                                                                Yes
                                                                                                                                                                                
 
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
 
                                                                                                                                                                                Port for health check specified by spec.ports. The value consists of the protocol and port number, for example, TCP:80.
                                                                                                                                                                                
+
                                                                                                                                                                                Port for health check specified by spec.ports. The value consists of the protocol and port number, for example, TCP:80.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                monitor_port
                                                                                                                                                                                
+
                                                                                                                                                                                monitor_port
                                                                                                                                                                                
 
                                                                                                                                                                                No
                                                                                                                                                                                
+
                                                                                                                                                                                No
                                                                                                                                                                                
 
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
 
                                                                                                                                                                                Re-specified port for health check. If this parameter is not specified, the service port is used by default.
                                                                                                                                                                                
-
                                                                                                                                                                                 NOTE: 
                                                                                                                                                                                Ensure that the port is in the listening state on the node where the pod is located. Otherwise, the health check result will be affected.
                                                                                                                                                                                
+
                                                                                                                                                                                Re-specified port for health check. If this parameter is not specified, the service port is used by default.
                                                                                                                                                                                
+
                                                                                                                                                                                 NOTE: 
                                                                                                                                                                                Ensure that the port is in the listening state on the node where the pod is located. Otherwise, the health check result will be affected.
                                                                                                                                                                                
 
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                delay
                                                                                                                                                                                
+
                                                                                                                                                                                delay
                                                                                                                                                                                
 
                                                                                                                                                                                No
                                                                                                                                                                                
+
                                                                                                                                                                                No
                                                                                                                                                                                
 
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
 
                                                                                                                                                                                Initial waiting time (in seconds) for starting the health check.
                                                                                                                                                                                
-
                                                                                                                                                                                Value range: 1 to 50. Default value: 5
                                                                                                                                                                                
+
                                                                                                                                                                                Initial waiting time (in seconds) for starting the health check.
                                                                                                                                                                                
+
                                                                                                                                                                                Value range: 1 to 50. Default value: 5
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                timeout
                                                                                                                                                                                
+
                                                                                                                                                                                timeout
                                                                                                                                                                                
 
                                                                                                                                                                                No
                                                                                                                                                                                
+
                                                                                                                                                                                No
                                                                                                                                                                                
 
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
 
                                                                                                                                                                                Health check timeout, in seconds.
                                                                                                                                                                                
-
                                                                                                                                                                                Value range: 1 to 50. Default value: 10
                                                                                                                                                                                
+
                                                                                                                                                                                Health check timeout, in seconds.
                                                                                                                                                                                
+
                                                                                                                                                                                Value range: 1 to 50. Default value: 10
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                max_retries
                                                                                                                                                                                
+
                                                                                                                                                                                max_retries
                                                                                                                                                                                
 
                                                                                                                                                                                No
                                                                                                                                                                                
+
                                                                                                                                                                                No
                                                                                                                                                                                
 
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
 
                                                                                                                                                                                Maximum number of health check retries.
                                                                                                                                                                                
-
                                                                                                                                                                                Value range: 1 to 10. Default value: 3
                                                                                                                                                                                
+
                                                                                                                                                                                Maximum number of health check retries.
                                                                                                                                                                                
+
                                                                                                                                                                                Value range: 1 to 10. Default value: 3
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                protocol
                                                                                                                                                                                
+
                                                                                                                                                                                protocol
                                                                                                                                                                                
 
                                                                                                                                                                                No
                                                                                                                                                                                
+
                                                                                                                                                                                No
                                                                                                                                                                                
 
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
 
                                                                                                                                                                                Health check protocol.
                                                                                                                                                                                
-
                                                                                                                                                                                Default value: protocol of the associated Service
                                                                                                                                                                                
-
                                                                                                                                                                                Value options: TCP, UDP, or HTTP
                                                                                                                                                                                
+
                                                                                                                                                                                Health check protocol.
                                                                                                                                                                                
+
                                                                                                                                                                                Default value: protocol of the associated Service
                                                                                                                                                                                
+
                                                                                                                                                                                Value options: TCP, UDP, or HTTP
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                path
                                                                                                                                                                                
+
                                                                                                                                                                                path
                                                                                                                                                                                
 
                                                                                                                                                                                No
                                                                                                                                                                                
+
                                                                                                                                                                                No
                                                                                                                                                                                
 
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
 
                                                                                                                                                                                Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                                                                                                
-
                                                                                                                                                                                Default value: /
                                                                                                                                                                                
-
                                                                                                                                                                                The value can contain 1 to 10,000 characters.
                                                                                                                                                                                
+
                                                                                                                                                                                Health check URL. This parameter needs to be configured when the protocol is HTTP.
                                                                                                                                                                                
+
                                                                                                                                                                                Default value: /
                                                                                                                                                                                
+
                                                                                                                                                                                The value can contain 1 to 10,000 characters.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                
                                                                                                                                                                                 
 
                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                Table 1 Key parameters
                                                                                                                                                                                Parameter
                                                                                                                                                                                
+
                                                                                                                                                                                Mandatory
                                                                                                                                                                                
+
                                                                                                                                                                                Type
                                                                                                                                                                                
+
                                                                                                                                                                                Description
                                                                                                                                                                                
+
                                                                                                                                                                                kubernetes.io/elb.tls-ciphers-policy
                                                                                                                                                                                
+
                                                                                                                                                                                No
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                The default value is tls-1-2, which is the default security policy used by the listener and takes effect only when HTTPS is used.
                                                                                                                                                                                
+
                                                                                                                                                                                Options:
                                                                                                                                                                                
+
                                                                                                                                                                                • tls-1-0
                                                                                                                                                                                • tls-1-1
                                                                                                                                                                                • tls-1-2
                                                                                                                                                                                • tls-1-2-strict
                                                                                                                                                                                
+
                                                                                                                                                                                For details of cipher suites for each security policy, see Table 2.
                                                                                                                                                                                
+
                                                                                                                                                                                tls
                                                                                                                                                                                
+
                                                                                                                                                                                No
                                                                                                                                                                                
+
                                                                                                                                                                                Array of strings
                                                                                                                                                                                
+
                                                                                                                                                                                When HTTPS is used, this parameter must be added to specify the secret certificate.
                                                                                                                                                                                
+
                                                                                                                                                                                Multiple independent domain names and certificates can be added. For details, see Configuring the Server Name Indication (SNI) for ELB Ingresses.
                                                                                                                                                                                
+
                                                                                                                                                                                secretName
                                                                                                                                                                                
+
                                                                                                                                                                                No
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                This parameter is mandatory if HTTPS is used. Set this parameter to the name of the created secret.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                Table 2 tls_ciphers_policy parameter description
                                                                                                                                                                                Security Policy
                                                                                                                                                                                
+
                                                                                                                                                                                TLS Version
                                                                                                                                                                                
+
                                                                                                                                                                                Cipher Suite
                                                                                                                                                                                
+
                                                                                                                                                                                tls-1-0
                                                                                                                                                                                
+
                                                                                                                                                                                TLS 1.2
                                                                                                                                                                                
+
                                                                                                                                                                                TLS 1.1
                                                                                                                                                                                
+
                                                                                                                                                                                TLS 1.0
                                                                                                                                                                                
+
                                                                                                                                                                                ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-SHA:AES256-SHA
                                                                                                                                                                                
+
                                                                                                                                                                                tls-1-1
                                                                                                                                                                                
+
                                                                                                                                                                                TLS 1.2
                                                                                                                                                                                
+
                                                                                                                                                                                TLS 1.1
                                                                                                                                                                                
+
                                                                                                                                                                                tls-1-2
                                                                                                                                                                                
+
                                                                                                                                                                                TLS 1.2
                                                                                                                                                                                
+
                                                                                                                                                                                tls-1-2-strict
                                                                                                                                                                                
+
                                                                                                                                                                                TLS 1.2
                                                                                                                                                                                
+
                                                                                                                                                                                ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                              6. Create an ingress.
                                                                                                                                                                                kubectl create -f ingress-test.yaml
                                                                                                                                                                                
+
                                                                                                                                                                                If information similar to the following is displayed, the ingress has been created.
                                                                                                                                                                                
+
                                                                                                                                                                                ingress/ingress-test created
                                                                                                                                                                                
+
                                                                                                                                                                                View the created ingress.
                                                                                                                                                                                
+
                                                                                                                                                                                kubectl get ingress
                                                                                                                                                                                
+
                                                                                                                                                                                If information similar to the following is displayed, the ingress has been created and the workload is accessible.
                                                                                                                                                                                
+
                                                                                                                                                                                NAME             HOSTS     ADDRESS          PORTS   AGE
+ingress-test     *         121.**.**.**     80      10s
                                                                                                                                                                                
+
                                                                                                                                                                              7. Enter https://121.**.**.**:443 in the address box of the browser to access the workload (for example, Nginx workload).
                                                                                                                                                                                121.**.**.** indicates the IP address of the unified load balancer.
                                                                                                                                                                                
+
                                                                                                                                                                                8. 
+
+
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: ELB Ingresses
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0688.html b/docs/cce/umn/cce_10_0688.html
new file mode 100644
index 000000000..d0a0f6b43
--- /dev/null
+++ b/docs/cce/umn/cce_10_0688.html
@@ -0,0 +1,104 @@
+
+
+
                                                                                                                                                                                Configuring the Server Name Indication (SNI) for ELB Ingresses
                                                                                                                                                                                
+
                                                                                                                                                                                SNI allows multiple TLS-based access domain names to be provided for external systems using the same IP address and port number. Different domain names can use different security certificates.
                                                                                                                                                                                 
                                                                                                                                                                                • This function is supported only in clusters of v1.15.11 and later.
                                                                                                                                                                                • The SNI option is available only when HTTPS is used.
                                                                                                                                                                                
+
                                                                                                                                                                                • Only one domain name can be specified for each SNI certificate. Wildcard-domain certificates are supported.
                                                                                                                                                                                • Security policy (kubernetes.io/elb.tls-ciphers-policy) is supported only in clusters of v1.17.11 or later.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                You can enable SNI when the preceding conditions are met. The following uses the automatic creation of a load balancer as an example. In this example, sni-test-secret-1 and sni-test-secret-2 are SNI certificates. The domain names specified by the certificates must be the same as those in the certificates.
                                                                                                                                                                                
+
                                                                                                                                                                                For clusters of v1.21 or earlier:
                                                                                                                                                                                apiVersion: networking.k8s.io/v1beta1
+kind: Ingress 
+metadata: 
+  name: ingress-test
+  annotations: 
+    kubernetes.io/elb.class: performance
+    kubernetes.io/ingress.class: cce
+    kubernetes.io/elb.port: '443'
+    kubernetes.io/elb.autocreate: 
+      '{
+          "type": "public",
+          "bandwidth_name": "cce-bandwidth-******",
+          "bandwidth_chargemode": "bandwidth",
+          "bandwidth_size": 5,
+          "bandwidth_sharetype": "PER",
+          "eip_type": "5_bgp",
+          "available_zone": [
+              "eu-de-01"
+          ],
+          "elb_virsubnet_ids":["b4bf8152-6c36-4c3b-9f74-2229f8e640c9"],
+          "l7_flavor_name": "L7_flavor.elb.s1.small"
+       }'
+    kubernetes.io/elb.tls-ciphers-policy: tls-1-2
+spec:
+  tls: 
+  - secretName: ingress-test-secret
+  - hosts:
+      - example.top  # Domain name specified when a certificate is issued
+    secretName: sni-test-secret-1  
+  - hosts:
+      - example.com  # Domain name specified when a certificate is issued
+    secretName: sni-test-secret-2
+  rules: 
+  - host: example.com
+    http: 
+      paths: 
+      - path: '/'
+        backend: 
+          serviceName: <your_service_name>  # Replace it with the name of your target Service.
+          servicePort: 80
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                For clusters of v1.23 or later:
                                                                                                                                                                                apiVersion: networking.k8s.io/v1
+kind: Ingress 
+metadata: 
+  name: ingress-test
+  annotations: 
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.port: '443'
+    kubernetes.io/elb.autocreate: 
+      '{
+          "type": "public",
+          "bandwidth_name": "cce-bandwidth-******",
+          "bandwidth_chargemode": "bandwidth",
+          "bandwidth_size": 5,
+          "bandwidth_sharetype": "PER",
+          "eip_type": "5_bgp",
+          "available_zone": [
+              "eu-de-01"
+          ],
+          "elb_virsubnet_ids":["b4bf8152-6c36-4c3b-9f74-2229f8e640c9"],
+          "l7_flavor_name": "L7_flavor.elb.s1.small"
+       }'
+    kubernetes.io/elb.tls-ciphers-policy: tls-1-2
+spec:
+  tls: 
+  - secretName: ingress-test-secret
+  - hosts:
+      - example.top  # Domain name specified when a certificate is issued
+    secretName: sni-test-secret-1  
+  - hosts:
+      - example.com  # Domain name specified when a certificate is issued
+    secretName: sni-test-secret-2
+  rules: 
+  - host: example.com
+    http: 
+      paths: 
+      - path: '/'
+        backend: 
+          service:
+            name: <your_service_name>  # Replace it with the name of your target Service.
+            port: 
+              number: 8080             # Replace 8080 with the port number of your target Service.
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+        pathType: ImplementationSpecific
+  ingressClassName: cce 
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: ELB Ingresses
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0689.html b/docs/cce/umn/cce_10_0689.html
new file mode 100644
index 000000000..c793ea7d1
--- /dev/null
+++ b/docs/cce/umn/cce_10_0689.html
@@ -0,0 +1,40 @@
+
+
+
                                                                                                                                                                                ELB Ingresses Routing to Multiple Services
                                                                                                                                                                                
+
                                                                                                                                                                                Ingresses can route to multiple backend Services based on different matching policies. The spec field in the YAML file is set as below. You can access www.example.com/foo, www.example.com/bar, and foo.example.com/ to route to three different backend Services.
                                                                                                                                                                                
+
                                                                                                                                                                                 
                                                                                                                                                                                The URL registered in an ingress forwarding policy must be the same as the URL used to access the backend Service. Otherwise, a 404 error will be returned.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                ...
+spec:
+  rules: 
+  - host: 'www.example.com'
+    http: 
+      paths: 
+      - path: '/foo'
+        backend: 
+          serviceName: <your_service_name>  # Replace it with the name of your target Service.
+          servicePort: 80
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+      - path: '/bar'
+        backend:
+          serviceName: <your_service_name>  # Replace it with the name of your target Service.
+          servicePort: 80
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+  - host: 'foo.example.com'
+    http:
+      paths:
+      - path: '/'
+        backend:
+          serviceName: <your_service_name>  # Replace it with the name of your target Service.
+          servicePort: 80
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: ELB Ingresses
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0691.html b/docs/cce/umn/cce_10_0691.html
new file mode 100644
index 000000000..4e8b96681
--- /dev/null
+++ b/docs/cce/umn/cce_10_0691.html
@@ -0,0 +1,44 @@
+
+
+
                                                                                                                                                                                Interconnecting ELB Ingresses with HTTPS Backend Services
                                                                                                                                                                                
+
                                                                                                                                                                                Ingress can interconnect with backend services of different protocols. By default, the backend proxy channel of an ingress is an HTTP channel. To create an HTTPS channel, add the following configuration to the annotations field:
                                                                                                                                                                                
+
                                                                                                                                                                                kubernetes.io/elb.pool-protocol: https
                                                                                                                                                                                
+
                                                                                                                                                                                Constraints
                                                                                                                                                                                • This feature only applies to clusters of v1.23.8, v1.25.3, and later.
                                                                                                                                                                                • Ingress can interconnect with HTTPS backend services only when dedicated load balancers are used.
                                                                                                                                                                                • When interconnecting with HTTPS backend services, set Client Protocol of ingress to HTTPS.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Interconnecting with HTTPS Backend Services
                                                                                                                                                                                An ingress configuration example:
                                                                                                                                                                                
+
                                                                                                                                                                                apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-test
+  namespace: default
+  annotations:
+    kubernetes.io/elb.port: '443'
+    kubernetes.io/elb.id: <your_elb_id>    # In this example, an existing dedicated load balancer is used. Replace its ID with the ID of your dedicated load balancer.
+    kubernetes.io/elb.class: performance
+    kubernetes.io/elb.pool-protocol: https  # Interconnected HTTPS backend service
+    kubernetes.io/elb.tls-ciphers-policy: tls-1-2
+spec:
+  tls: 
+    - secretName: ingress-test-secret
+  rules:
+    - host: ''
+      http:
+        paths:
+          - path: '/'
+            backend:
+              service:
+                name: <your_service_name>  # Replace it with the name of your target Service.
+                port:
+                  number: 80
+            property:
+              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+            pathType: ImplementationSpecific
+  ingressClassName: cce
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: ELB Ingresses
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0694.html b/docs/cce/umn/cce_10_0694.html
new file mode 100644
index 000000000..95db70ac0
--- /dev/null
+++ b/docs/cce/umn/cce_10_0694.html
@@ -0,0 +1,91 @@
+
+
+
                                                                                                                                                                                ELB Ingresses Using HTTP/2
                                                                                                                                                                                
+
                                                                                                                                                                                Ingresses can use HTTP/2 to expose Services. Connections from the load balancer to your application use HTTP/1.X by default. If your application is capable of receiving HTTP2 requests, you can add the following field to the ingress annotation to enable the use of HTTP/2:
                                                                                                                                                                                
+
                                                                                                                                                                                kubernetes.io/elb.http2-enable: 'true'
                                                                                                                                                                                
+
                                                                                                                                                                                The following shows the YAML file for associating with an existing load balancer:
                                                                                                                                                                                
+
                                                                                                                                                                                For clusters of v1.21 or earlier:
                                                                                                                                                                                
+
                                                                                                                                                                                apiVersion: networking.k8s.io/v1beta1
+kind: Ingress 
+metadata: 
+  name: ingress-test
+  annotations: 
+    kubernetes.io/elb.id: <your_elb_id>  # Replace it with the ID of your existing load balancer.
+    kubernetes.io/elb.ip: <your_elb_ip>  # Replace it with the IP of your existing load balancer.
+    kubernetes.io/elb.port: '443'
+    kubernetes.io/ingress.class: cce
+    kubernetes.io/elb.http2-enable: 'true' # Enable HTTP/2.
+spec:
+  tls:
+  - secretName: ingress-test-secret
+  rules: 
+  - host: ''
+    http: 
+      paths: 
+      - path: '/'
+        backend: 
+          serviceName: <your_service_name>  # Replace it with the name of your target Service.
+          servicePort: 80                   # Replace it with the port number of your target Service.
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
                                                                                                                                                                                
+
                                                                                                                                                                                For clusters of v1.23 or later:
                                                                                                                                                                                apiVersion: networking.k8s.io/v1
+kind: Ingress 
+metadata: 
+  name: ingress-test
+  annotations: 
+    kubernetes.io/elb.id: <your_elb_id>  # Replace it with the ID of your existing load balancer.
+    kubernetes.io/elb.ip: <your_elb_ip>  # Replace it with the IP of your existing load balancer.
+    kubernetes.io/elb.port: '443'
+    kubernetes.io/elb.http2-enable: 'true' # Enable HTTP/2.
+spec:
+  tls: 
+  - secretName: ingress-test-secret
+  rules: 
+  - host: ''
+    http: 
+      paths: 
+      - path: '/'
+        backend: 
+          service:
+            name: <your_service_name>  # Replace it with the name of your target Service.
+            port: 
+              number: 8080             # Replace 8080 with the port number of your target Service.
+        property:
+          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
+        pathType: ImplementationSpecific
+  ingressClassName: cce 
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Table 6 HTTP/2 parameters
                                                                                                                                                                                
+
+
                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                Parameter
                                                                                                                                                                                
+
                                                                                                                                                                                Mandatory
                                                                                                                                                                                
+
                                                                                                                                                                                Type
                                                                                                                                                                                
+
                                                                                                                                                                                Description
                                                                                                                                                                                
+
                                                                                                                                                                                kubernetes.io/elb.http2-enable
                                                                                                                                                                                
+
                                                                                                                                                                                No
                                                                                                                                                                                
+
                                                                                                                                                                                Bool
                                                                                                                                                                                
+
                                                                                                                                                                                Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP 1.X to forward requests to the backend server. This parameter is supported in clusters of v1.19.16-r0, v1.21.3-r0, and later versions.
                                                                                                                                                                                
+
                                                                                                                                                                                Options:
                                                                                                                                                                                
+
                                                                                                                                                                                • true: enabled
                                                                                                                                                                                • false: disabled (default value)
                                                                                                                                                                                
+
                                                                                                                                                                                Note: HTTP/2 can be enabled or disabled only when the listener uses HTTPS. This parameter is invalid when the listener protocol is HTTP, and defaults to false.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: ELB Ingresses
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0695.html b/docs/cce/umn/cce_10_0695.html
new file mode 100644
index 000000000..6003aea26
--- /dev/null
+++ b/docs/cce/umn/cce_10_0695.html
@@ -0,0 +1,297 @@
+
+
+
                                                                                                                                                                                Configuring ELB Ingresses Using Annotations
                                                                                                                                                                                
+
                                                                                                                                                                                By adding annotations to a YAML file, you can implement more advanced ingress functions. This section describes the annotations that can be used when you create an ingress of the ELB type.
                                                                                                                                                                                
+
+
                                                                                                                                                                                Interconnecting with ELB
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                Table 1 Annotations for interconnecting with ELB
                                                                                                                                                                                Parameter
                                                                                                                                                                                
+
                                                                                                                                                                                Type
                                                                                                                                                                                
+
                                                                                                                                                                                Description
                                                                                                                                                                                
+
                                                                                                                                                                                Supported Cluster Version
                                                                                                                                                                                
+
                                                                                                                                                                                kubernetes.io/elb.class
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                Select a proper load balancer type.
                                                                                                                                                                                
+
                                                                                                                                                                                The value can be:
                                                                                                                                                                                
+
                                                                                                                                                                                • union: shared load balancer
                                                                                                                                                                                • performance: dedicated load balancer, which can be used only in clusters of v1.17 and later.
                                                                                                                                                                                
+
                                                                                                                                                                                v1.9 or later
                                                                                                                                                                                
+
                                                                                                                                                                                kubernetes.io/ingress.class
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                • cce: The self-developed ELB ingress is used.
                                                                                                                                                                                
+
                                                                                                                                                                                This parameter is mandatory when an ingress is created by calling the API.
                                                                                                                                                                                
+
                                                                                                                                                                                For clusters of v1.23 or later, use the parameter ingressClassName. For details, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                                                
+
                                                                                                                                                                                Only clusters of v1.21 or earlier
                                                                                                                                                                                
+
                                                                                                                                                                                kubernetes.io/elb.port
                                                                                                                                                                                
+
                                                                                                                                                                                Integer
                                                                                                                                                                                
+
                                                                                                                                                                                This parameter indicates the external port registered with the address of the LoadBalancer Service.
                                                                                                                                                                                
+
                                                                                                                                                                                Supported range: 1 to 65535
                                                                                                                                                                                
+
                                                                                                                                                                                 NOTE: 
                                                                                                                                                                                Some ports are high-risk ports and are blocked by default, for example, port 21.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                v1.9 or later
                                                                                                                                                                                
+
                                                                                                                                                                                kubernetes.io/elb.id
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                Mandatory when an existing load balancer is to be interconnected.
                                                                                                                                                                                
+
                                                                                                                                                                                ID of a load balancer.
                                                                                                                                                                                
+
                                                                                                                                                                                How to obtain:
                                                                                                                                                                                
+
                                                                                                                                                                                On the management console, click Service List, and choose Networking > Elastic Load Balance. Click the name of the target load balancer. On the Summary tab page, find and copy the ID.
                                                                                                                                                                                
+
                                                                                                                                                                                v1.9 or later
                                                                                                                                                                                
+
                                                                                                                                                                                kubernetes.io/elb.ip
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                Mandatory when an existing load balancer is to be interconnected.
                                                                                                                                                                                
+
                                                                                                                                                                                This parameter indicates the service address of a load balancer. The value can be the public IP address of a public network load balancer or the private IP address of a private network load balancer.
                                                                                                                                                                                
+
                                                                                                                                                                                v1.9 or later
                                                                                                                                                                                
+
                                                                                                                                                                                kubernetes.io/elb.autocreate
                                                                                                                                                                                
+
                                                                                                                                                                                Table 4 Object
                                                                                                                                                                                
+
                                                                                                                                                                                Mandatory when load balancers are automatically created.
                                                                                                                                                                                
+
                                                                                                                                                                                Example
                                                                                                                                                                                
+
                                                                                                                                                                                • If a public network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                                                                                  '{"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"bandwidth","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
                                                                                                                                                                                  
+
                                                                                                                                                                                • If a private network load balancer will be automatically created, set this parameter to the following value:
                                                                                                                                                                                  {"type":"inner","name":"A-location-d-test"}
                                                                                                                                                                                  
+
                                                                                                                                                                                
+
                                                                                                                                                                                v1.9 or later
                                                                                                                                                                                
+
                                                                                                                                                                                kubernetes.io/elb.subnet-id
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                Optional when load balancers are automatically created.
                                                                                                                                                                                
+
                                                                                                                                                                                ID of the subnet where the cluster is located. The value can contain 1 to 100 characters.
                                                                                                                                                                                
+
                                                                                                                                                                                • Mandatory when a cluster of v1.11.7-r0 or earlier is to be automatically created.
                                                                                                                                                                                • Optional for clusters later than v1.11.7-r0.
                                                                                                                                                                                
+
                                                                                                                                                                                Mandatory for clusters earlier than v1.11.7-r0
                                                                                                                                                                                
+
                                                                                                                                                                                Discarded in clusters later than v1.11.7-r0
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                To use the preceding annotations, perform the following steps:
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Using HTTP/2
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                Table 2 Annotations of using HTTP/2
                                                                                                                                                                                Parameter
                                                                                                                                                                                
+
                                                                                                                                                                                Type
                                                                                                                                                                                
+
                                                                                                                                                                                Description
                                                                                                                                                                                
+
                                                                                                                                                                                Supported Cluster Version
                                                                                                                                                                                
+
                                                                                                                                                                                kubernetes.io/elb.http2-enable
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                Whether HTTP/2 is enabled. Request forwarding using HTTP/2 improves the access performance between your application and the load balancer. However, the load balancer still uses HTTP 1.X to forward requests to the backend server. This parameter is supported in clusters of v1.19.16-r0, v1.21.3-r0, and later.
                                                                                                                                                                                
+
                                                                                                                                                                                Options:
                                                                                                                                                                                
+
                                                                                                                                                                                • true: enabled
                                                                                                                                                                                • false: disabled (default value)
                                                                                                                                                                                
+
                                                                                                                                                                                Note: HTTP/2 can be enabled or disabled only when the listener uses HTTPS. This parameter is invalid and defaults to false when the listener protocol is HTTP.
                                                                                                                                                                                
+
                                                                                                                                                                                v1.19.16-r0, v1.21.3-r0, or later
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                For details about the application scenarios, see ELB Ingresses Using HTTP/2.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Interconnecting with HTTPS Backend Services
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                Table 3 Annotations for interconnecting with HTTPS backend services
                                                                                                                                                                                Parameter
                                                                                                                                                                                
+
                                                                                                                                                                                Type
                                                                                                                                                                                
+
                                                                                                                                                                                Description
                                                                                                                                                                                
+
                                                                                                                                                                                Supported Cluster Version
                                                                                                                                                                                
+
                                                                                                                                                                                kubernetes.io/elb.pool-protocol
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                To interconnect with HTTPS backend services, set this parameter to https.
                                                                                                                                                                                
+
                                                                                                                                                                                v1.23.8, v1.25.3, or later
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                For details about the application scenarios, see Interconnecting ELB Ingresses with HTTPS Backend Services.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Data Structure
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                Table 4 Data structure of the elb.autocreate field
                                                                                                                                                                                Parameter
                                                                                                                                                                                
+
                                                                                                                                                                                Mandatory
                                                                                                                                                                                
+
                                                                                                                                                                                Type
                                                                                                                                                                                
+
                                                                                                                                                                                Description
                                                                                                                                                                                
+
                                                                                                                                                                                name
                                                                                                                                                                                
+
                                                                                                                                                                                No
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                Name of the automatically created load balancer.
                                                                                                                                                                                
+
                                                                                                                                                                                The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                                                                
+
                                                                                                                                                                                Default: cce-lb+service.UID
                                                                                                                                                                                
+
                                                                                                                                                                                type
                                                                                                                                                                                
+
                                                                                                                                                                                No
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                Network type of the load balancer.
                                                                                                                                                                                
+
                                                                                                                                                                                • public: public network load balancer
                                                                                                                                                                                • inner: private network load balancer
                                                                                                                                                                                
+
                                                                                                                                                                                Default: inner
                                                                                                                                                                                
+
                                                                                                                                                                                bandwidth_name
                                                                                                                                                                                
+
                                                                                                                                                                                Yes for public network load balancers
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                                                                                
+
                                                                                                                                                                                The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.
                                                                                                                                                                                
+
                                                                                                                                                                                bandwidth_chargemode
                                                                                                                                                                                
+
                                                                                                                                                                                No
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                Bandwidth mode.
                                                                                                                                                                                
+
                                                                                                                                                                                • bandwidth: billed by bandwidth
                                                                                                                                                                                • traffic: billed by traffic
                                                                                                                                                                                
+
                                                                                                                                                                                Default: bandwidth
                                                                                                                                                                                
+
                                                                                                                                                                                bandwidth_size
                                                                                                                                                                                
+
                                                                                                                                                                                Yes for public network load balancers
                                                                                                                                                                                
+
                                                                                                                                                                                Integer
                                                                                                                                                                                
+
                                                                                                                                                                                Bandwidth size. The default value is 1 to 2000 Mbit/s. Configure this parameter based on the bandwidth range allowed in your region.
                                                                                                                                                                                
+
                                                                                                                                                                                The minimum increment for bandwidth adjustment varies depending on the bandwidth range.
                                                                                                                                                                                • The minimum increment is 1 Mbit/s if the allowed bandwidth does not exceed 300 Mbit/s.
                                                                                                                                                                                • The minimum increment is 50 Mbit/s if the allowed bandwidth ranges from 300 Mbit/s to 1000 Mbit/s.
                                                                                                                                                                                • The minimum increment is 500 Mbit/s if the allowed bandwidth exceeds 1000 Mbit/s.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                bandwidth_sharetype
                                                                                                                                                                                
+
                                                                                                                                                                                Yes for public network load balancers
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                Bandwidth sharing mode.
                                                                                                                                                                                
+
                                                                                                                                                                                • PER: dedicated bandwidth
                                                                                                                                                                                
+
                                                                                                                                                                                eip_type
                                                                                                                                                                                
+
                                                                                                                                                                                Yes for public network load balancers
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                EIP type.
                                                                                                                                                                                
+
                                                                                                                                                                                • 5_bgp: dynamic BGP
                                                                                                                                                                                
+
                                                                                                                                                                                The specific type varies with regions. For details, see the EIP console.
                                                                                                                                                                                
+
                                                                                                                                                                                available_zone
                                                                                                                                                                                
+
                                                                                                                                                                                Yes
                                                                                                                                                                                
+
                                                                                                                                                                                Array of strings
                                                                                                                                                                                
+
                                                                                                                                                                                AZ where the load balancer is located.
                                                                                                                                                                                
+
                                                                                                                                                                                This parameter is available only for dedicated load balancers.
                                                                                                                                                                                
+
                                                                                                                                                                                l4_flavor_name
                                                                                                                                                                                
+
                                                                                                                                                                                Yes
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                Flavor name of the layer-4 load balancer.
                                                                                                                                                                                
+
                                                                                                                                                                                This parameter is available only for dedicated load balancers.
                                                                                                                                                                                
+
                                                                                                                                                                                l7_flavor_name
                                                                                                                                                                                
+
                                                                                                                                                                                No
                                                                                                                                                                                
+
                                                                                                                                                                                String
                                                                                                                                                                                
+
                                                                                                                                                                                Flavor name of the layer-7 load balancer.
                                                                                                                                                                                
+
                                                                                                                                                                                This parameter is available only for dedicated load balancers. The value of this parameter must be the same as that of l4_flavor_name, that is, both are elastic specifications or fixed specifications.
                                                                                                                                                                                
+
                                                                                                                                                                                elb_virsubnet_ids
                                                                                                                                                                                
+
                                                                                                                                                                                No
                                                                                                                                                                                
+
                                                                                                                                                                                Array of strings
                                                                                                                                                                                
+
                                                                                                                                                                                Subnet where the backend server of the load balancer is located. If this parameter is left blank, the default cluster subnet is used. Load balancers occupy different number of subnet IP addresses based on their specifications. Therefore, you are not advised to use the subnet CIDR blocks of other resources (such as clusters and nodes) as the load balancer CIDR block.
                                                                                                                                                                                
+
                                                                                                                                                                                This parameter is available only for dedicated load balancers.
                                                                                                                                                                                
+
                                                                                                                                                                                Example:
                                                                                                                                                                                
+
                                                                                                                                                                                "elb_virsubnet_ids": [
+   "14567f27-8ae4-42b8-ae47-9f847a4690dd"
+ ]
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: ELB Ingresses
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0702.html b/docs/cce/umn/cce_10_0702.html
new file mode 100644
index 000000000..c0f2521da
--- /dev/null
+++ b/docs/cce/umn/cce_10_0702.html
@@ -0,0 +1,96 @@
+
+
+
                                                                                                                                                                                Overview
                                                                                                                                                                                
+
                                                                                                                                                                                CCE supports different types of resource scheduling and task scheduling, improving application performance and overall cluster resource utilization. This section describes the main functions of CPU resource scheduling, GPU/NPU heterogeneous resource scheduling, and Volcano scheduling.
                                                                                                                                                                                
+
                                                                                                                                                                                CPU Scheduling
                                                                                                                                                                                CCE provides CPU policies to allocate complete physical CPU cores to applications, improving application performance and reducing application scheduling latency.
                                                                                                                                                                                
+
+
                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                Function
                                                                                                                                                                                
+
                                                                                                                                                                                Description
                                                                                                                                                                                
+
                                                                                                                                                                                Reference
                                                                                                                                                                                
+
                                                                                                                                                                                CPU policy
                                                                                                                                                                                
+
                                                                                                                                                                                When many CPU-intensive pods are running on a node, workloads may be migrated to different CPU cores. Many workloads are not sensitive to this migration and thus work fine without any intervention. For CPU-sensitive applications, you can use the CPU policy provided by Kubernetes to allocate dedicated cores to applications, improving application performance and reducing application scheduling latency.
                                                                                                                                                                                
+
                                                                                                                                                                                CPU Policy
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                GPU Scheduling
                                                                                                                                                                                CCE schedules heterogeneous GPU resources in clusters and allows GPUs to be used in containers.
                                                                                                                                                                                
+
+
                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                Function
                                                                                                                                                                                
+
                                                                                                                                                                                Description
                                                                                                                                                                                
+
                                                                                                                                                                                Reference
                                                                                                                                                                                
+
                                                                                                                                                                                Default GPU scheduling in Kubernetes
                                                                                                                                                                                
+
                                                                                                                                                                                This function allows you to specify the number of GPUs that a pod requests. The value can be less than 1 so that multiple pods can share a GPU.
                                                                                                                                                                                
+
                                                                                                                                                                                Default GPU Scheduling in Kubernetes
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Volcano Scheduling
                                                                                                                                                                                Volcano is a Kubernetes-based batch processing platform that supports machine learning, deep learning, bioinformatics, genomics, and other big data applications. It provides general-purpose, high-performance computing capabilities, such as job scheduling, heterogeneous chip management, and job running management.
                                                                                                                                                                                
+
+
                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                Function
                                                                                                                                                                                
+
                                                                                                                                                                                Description
                                                                                                                                                                                
+
                                                                                                                                                                                Reference
                                                                                                                                                                                
+
                                                                                                                                                                                NUMA affinity scheduling
                                                                                                                                                                                
+
                                                                                                                                                                                Volcano targets to lift the limitation to make scheduler NUMA topology aware so that:
                                                                                                                                                                                
+
                                                                                                                                                                                • Pods are not scheduled to the nodes that NUMA topology does not match.
                                                                                                                                                                                • Pods are scheduled to the best node for NUMA topology.
                                                                                                                                                                                
+
                                                                                                                                                                                NUMA Affinity Scheduling
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Cloud Native Hybrid Deployment
                                                                                                                                                                                The cloud native hybrid deployment solution focuses on the Volcano and Kubernetes ecosystems to help users improve resource utilization and efficiency and reduce costs.
                                                                                                                                                                                
+
+
                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                Function
                                                                                                                                                                                
+
                                                                                                                                                                                Description
                                                                                                                                                                                
+
                                                                                                                                                                                Reference
                                                                                                                                                                                
+
                                                                                                                                                                                Dynamic resource oversubscription
                                                                                                                                                                                
+
                                                                                                                                                                                Based on the types of online and offline jobs, Volcano scheduling is used to utilize the resources that are requested but not used in the cluster (that is, the difference between the number of requested resources and the number of used resources), implementing resource oversubscription and hybrid deployment and improving cluster resource utilization.
                                                                                                                                                                                
+
                                                                                                                                                                                Dynamic Resource Oversubscription
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: Scheduling
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0704.html b/docs/cce/umn/cce_10_0704.html
new file mode 100644
index 000000000..946a419b5
--- /dev/null
+++ b/docs/cce/umn/cce_10_0704.html
@@ -0,0 +1,25 @@
+
+
+
+  
                                                                                                                                                                                Node O&M
                                                                                                                                                                                
+
+  
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
+
diff --git a/docs/cce/umn/cce_10_0705.html b/docs/cce/umn/cce_10_0705.html
new file mode 100644
index 000000000..cefcdf7cc
--- /dev/null
+++ b/docs/cce/umn/cce_10_0705.html
@@ -0,0 +1,19 @@
+
+
+
+  
                                                                                                                                                                                Observability
                                                                                                                                                                                
+
+  
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
                                                                                                                                                                                
+
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0709.html b/docs/cce/umn/cce_10_0709.html
new file mode 100644
index 000000000..bd0ac1c0f
--- /dev/null
+++ b/docs/cce/umn/cce_10_0709.html
@@ -0,0 +1,19 @@
+
+
+
+  
                                                                                                                                                                                Cloud Native Hybrid Deployment
                                                                                                                                                                                
+
+  
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
                                                                                                                                                                                
+
+
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: Scheduling
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0720.html b/docs/cce/umn/cce_10_0720.html
new file mode 100644
index 000000000..7917afb82
--- /dev/null
+++ b/docs/cce/umn/cce_10_0720.html
@@ -0,0 +1,19 @@
+
+
+
+  
                                                                                                                                                                                GPU Scheduling
                                                                                                                                                                                
+
+  
                                                                                                                                                                                
+
                                                                                                                                                                                
+
+
                                                                                                                                                                                
+
+
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: Scheduling
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0725.html b/docs/cce/umn/cce_10_0725.html
new file mode 100644
index 000000000..2119fd755
--- /dev/null
+++ b/docs/cce/umn/cce_10_0725.html
@@ -0,0 +1,23 @@
+
+
+
                                                                                                                                                                                Importing an EV to a Storage Pool
                                                                                                                                                                                
+
                                                                                                                                                                                CCE allows you to use LVM to combine data volumes on nodes into a storage pool (VolumeGroup) and create LVs for containers to mount. Before creating a local EV, import the data disk of the node to the storage pool.
                                                                                                                                                                                
+
                                                                                                                                                                                Constraints
                                                                                                                                                                                • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the everest add-on version is 1.2.29 or later.
                                                                                                                                                                                
+
                                                                                                                                                                                • The first data disk (used by container runtime and the kubelet component) on a node cannot be imported as a storage pool.
                                                                                                                                                                                • Storage pools in striped mode do not support scale-out. After scale-out, fragmented space may be generated and the storage pool cannot be used.
                                                                                                                                                                                • Storage pools cannot be scaled in or deleted.
                                                                                                                                                                                • If disks in a storage pool on a node are deleted, the storage pool will malfunction.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Importing a Storage Pool
                                                                                                                                                                                Imported during node creation
                                                                                                                                                                                
+
                                                                                                                                                                                When creating a node, you can add a data disk to the node in Storage Settings and import the data disk to the storage pool as an EV. For details, see Creating a Node.
                                                                                                                                                                                
+
                                                                                                                                                                                Imported manually
                                                                                                                                                                                
+
                                                                                                                                                                                If no EV is imported during node creation, or the capacity of the current storage volume is insufficient, you can manually import a storage pool.
                                                                                                                                                                                
+
                                                                                                                                                                                1. Go to the ECS console and add a SCSI disk to the node. 
                                                                                                                                                                                2. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                3. In the navigation pane, choose Storage and switch to the Storage Pool tab.
                                                                                                                                                                                4. View the node to which the disk has been added and select Import as EV. You can select a write mode during the import.
                                                                                                                                                                                   
                                                                                                                                                                                  If the manually attached disk is not displayed in the storage pool, wait for 1 minute and refresh the list.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  • Linear: A linear logical volume integrates one or more physical volumes. Data is written to the next physical volume when the previous one is used up.
                                                                                                                                                                                  • Striped: A striped logical volume stripes data into blocks of the same size and stores them in multiple physical volumes in sequence, allowing data to be concurrently read and written. Select this option only when there are multiple volumes.
                                                                                                                                                                                  
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: Ephemeral Volumes (emptyDir)
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0726.html b/docs/cce/umn/cce_10_0726.html
new file mode 100644
index 000000000..6902f1422
--- /dev/null
+++ b/docs/cce/umn/cce_10_0726.html
@@ -0,0 +1,84 @@
+
+
+
                                                                                                                                                                                Using a Local EV
                                                                                                                                                                                
+
                                                                                                                                                                                Local Ephemeral Volumes (EVs) are stored in EV storage pools. Local EVs deliver better performance than the default storage medium of native emptyDir and support scale-out.
                                                                                                                                                                                
+
                                                                                                                                                                                Prerequisites
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Constraints
                                                                                                                                                                                • Local EVs are supported only when the cluster version is v1.21.2-r0 or later and the everest add-on version is 1.2.29 or later.
                                                                                                                                                                                • Do not manually delete the corresponding storage pool or detach data disks from the node. Otherwise, exceptions such as data loss may occur.
                                                                                                                                                                                • The /var/lib/kubelet/pods/ directory cannot be mounted to pods running on the node. Otherwise, the pods mounted with such volumes may fail to be deleted.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Using the Console to Mount a Local EV
                                                                                                                                                                                1. Log in to the CCE console and click the cluster name to access the cluster console.
                                                                                                                                                                                2. In the navigation pane on the left, click Workloads. In the right pane, click the Deployments tab.
                                                                                                                                                                                3. Click Create Workload in the upper right corner of the page. In the Container Settings area, click the Data Storage tab and click Add Volume > Local Ephemeral Volume (emptyDir).
                                                                                                                                                                                4. Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Workloads.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                  Table 1 Mounting a local EV
                                                                                                                                                                                  Parameter
                                                                                                                                                                                  
+
                                                                                                                                                                                  Description
                                                                                                                                                                                  
+
                                                                                                                                                                                  Capacity
                                                                                                                                                                                  
+
                                                                                                                                                                                  Capacity of the requested storage volume.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Mount Path
                                                                                                                                                                                  
+
                                                                                                                                                                                  Enter a mount path, for example, /tmp.
                                                                                                                                                                                  
+
                                                                                                                                                                                  This parameter indicates the container path to which a data volume will be mounted. Do not mount the volume to a system directory such as / or /var/run. Otherwise, containers will be malfunctional. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. Otherwise, the files will be replaced, causing container startup failures or workload creation failures.
                                                                                                                                                                                   NOTICE: 
                                                                                                                                                                                  If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container. Otherwise, high-risk files on the host may be damaged.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  Subpath
                                                                                                                                                                                  
+
                                                                                                                                                                                  Enter a subpath, for example, tmp, indicating that data in the mount path of the container will be stored in the tmp folder of the volume.
                                                                                                                                                                                  
+
                                                                                                                                                                                  A subpath is used to mount a local volume so that the same data volume is used in a single pod. If this parameter is left blank, the root path is used by default.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Permission
                                                                                                                                                                                  
+
                                                                                                                                                                                  • Read-only: You can only read the data in the mounted volumes.
                                                                                                                                                                                  • Read/Write: You can modify the data volumes mounted to the path. Newly written data is not migrated if the container is migrated, which may cause data loss.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                5. After the configuration, click Create Workload.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Using kubectl to Mount a Local EV
                                                                                                                                                                                1. Use kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
                                                                                                                                                                                2. Create a file named nginx-emptydir.yaml and edit it.
                                                                                                                                                                                  vi nginx-emptydir.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                  Content of the YAML file:
                                                                                                                                                                                  
+
                                                                                                                                                                                  apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-emptydir
+  namespace: default
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx-emptydir
+  template:
+    metadata:
+      labels:
+        app: nginx-emptydir
+    spec:
+      containers:
+        - name: container-1
+          image: nginx:latest
+          volumeMounts:
+            - name: vol-emptydir         # Volume name, which must be the same as the volume name in the volumes field.
+              mountPath: /tmp            # Path to which an EV is mounted.
+      imagePullSecrets:
+        - name: default-secret
+      volumes:
+        - name: vol-emptydir             # Volume name, which can be customized.
+          emptyDir:
+            medium: LocalVolume          # If the disk medium of emptyDir is set to LocalVolume, the local EV is used.
+            sizeLimit: 1Gi               # Volume capacity.
                                                                                                                                                                                  
+
                                                                                                                                                                                3. Create a workload.
                                                                                                                                                                                  kubectl apply -f nginx-emptydir.yaml
                                                                                                                                                                                  
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: Ephemeral Volumes (emptyDir)
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_10_0728.html b/docs/cce/umn/cce_10_0728.html
new file mode 100644
index 000000000..591a826e8
--- /dev/null
+++ b/docs/cce/umn/cce_10_0728.html
@@ -0,0 +1,96 @@
+
+
+
                                                                                                                                                                                Taints and Tolerations
                                                                                                                                                                                
+
                                                                                                                                                                                Tolerations allow the scheduler to schedule pods to nodes with target taints. Tolerances work with node taints. Each node allows one or more taints. If no tolerance is configured for a pod, the scheduler will schedule the pod based on node taint policies to prevent the pod from being scheduled to an inappropriate node.
                                                                                                                                                                                
+
                                                                                                                                                                                The following table shows how taint policies and tolerations affect pod running.
                                                                                                                                                                                
+
+
                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                Taint Policy
                                                                                                                                                                                
+
                                                                                                                                                                                No Taint Toleration Configured
                                                                                                                                                                                
+
                                                                                                                                                                                Taint Toleration Configured
                                                                                                                                                                                
+
                                                                                                                                                                                NoExecute
                                                                                                                                                                                
+
                                                                                                                                                                                • Pods running on the node will be evicted immediately.
                                                                                                                                                                                • Inactive pods will not scheduled to the node.
                                                                                                                                                                                
+
                                                                                                                                                                                • If the tolerance time window tolerationSeconds is not specified, pods can run on this node all the time.
                                                                                                                                                                                • If the tolerance time window tolerationSeconds is specified, pods still run on the node with taints within the time window. After the time expires, the pods will be evicted.
                                                                                                                                                                                
+
                                                                                                                                                                                PreferNoSchedule
                                                                                                                                                                                
+
                                                                                                                                                                                • Pods running on the node will not be evicted.
                                                                                                                                                                                • Inactive pods will not scheduled to the node to the best extend.
                                                                                                                                                                                
+
                                                                                                                                                                                Pods can run on this node all the time.
                                                                                                                                                                                
+
                                                                                                                                                                                NoSchedule
                                                                                                                                                                                
+
                                                                                                                                                                                • Pods running on the node will not be evicted.
                                                                                                                                                                                • Inactive pods will not scheduled to the node.
                                                                                                                                                                                
+
                                                                                                                                                                                Pods can run on this node all the time.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Configuring Tolerance Policies on the Console
                                                                                                                                                                                1. Log in to the CCE console.
                                                                                                                                                                                2. When creating a workload, click Toleration in the Advanced Settings area.
                                                                                                                                                                                3. Add a taint tolerance policy.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                  Table 1 Parameters for configuring a taint tolerance policy
                                                                                                                                                                                  Parameter
                                                                                                                                                                                  
+
                                                                                                                                                                                  Description
                                                                                                                                                                                  
+
                                                                                                                                                                                  Taint key
                                                                                                                                                                                  
+
                                                                                                                                                                                  Key of a node taint
                                                                                                                                                                                  
+
                                                                                                                                                                                  Operator
                                                                                                                                                                                  
+
                                                                                                                                                                                  • Equal: Exact match for the specified taint key (mandatory) and taint value. If the taint value is left blank, all taints with the key the same as the specified taint key will be matched.
                                                                                                                                                                                  • Exists: matches only the nodes with the specified taint key. In this case, the taint value cannot be specified. If the taint key is left blank, all taints will be tolerated.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Taint value
                                                                                                                                                                                  
+
                                                                                                                                                                                  Taint value specified if the operator is set to Equal.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Taint Policy
                                                                                                                                                                                  
+
                                                                                                                                                                                  • All: All taint policies are matched.
                                                                                                                                                                                  • NoSchedule: Only the NoSchedule taint is matched.
                                                                                                                                                                                  • PreferNoSchedule: Only the PreferNoSchedule taint is matched.
                                                                                                                                                                                  • NoExecute: Only the NoExecute taint is matched.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Toleration Time Window
                                                                                                                                                                                  
+
                                                                                                                                                                                  tolerationSeconds, which is configurable only when Taint Policy is set to NoExecute.
                                                                                                                                                                                  
+
                                                                                                                                                                                  Within the tolerance time window, pods still run on the node with taints. After the time expires, the pods will be evicted.
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                  
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Default Tolerance Policy
                                                                                                                                                                                Kubernetes automatically adds tolerances for the node.kubernetes.io/not-ready and node.kubernetes.io/unreachable taints to pods, and sets the tolerance time window (tolerationSeconds) to 300s. These default tolerance policies indicate that when either of the preceding taint is added to the node where pods are running, the pods can still run on the node for 5 minutes.
                                                                                                                                                                                
+
                                                                                                                                                                                 
                                                                                                                                                                                When a DaemonSet pod is created, no tolerance time window will be specified for the tolerances automatically added for the preceding taints. When either of the preceding taints is added to the node where the DaemonSet pod is running, the DaemonSet pod will never be evicted.
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                tolerations:
+  - key: node.kubernetes.io/not-ready
+    operator: Exists
+    effect: NoExecute
+    tolerationSeconds: 300
+  - key: node.kubernetes.io/unreachable
+    operator: Exists
+    effect: NoExecute
+    tolerationSeconds: 300
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                Parent topic: Configuring a Container
                                                                                                                                                                                
+
                                                                                                                                                                                
+
                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_bestpractice.html b/docs/cce/umn/cce_bestpractice_0000.html
similarity index 91%
rename from docs/cce/umn/cce_bestpractice.html
rename to docs/cce/umn/cce_bestpractice_0000.html
index 860353991..733d91866 100644
--- a/docs/cce/umn/cce_bestpractice.html
+++ b/docs/cce/umn/cce_bestpractice_0000.html
@@ -1,9 +1,9 @@
-
+
 
 
   
                                                                                                                                                                                Best Practice
                                                                                                                                                                                
 
-  
                                                                                                                                                                                
+  
                                                                                                                                                                                
 
                                                                                                                                                                                
 
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bestpractice_00002.html b/docs/cce/umn/cce_bestpractice_00002.html
index 3f04189c2..612f4c34c 100644
--- a/docs/cce/umn/cce_bestpractice_00002.html
+++ b/docs/cce/umn/cce_bestpractice_00002.html
@@ -10,7 +10,7 @@
 
                                                                                                                                                                                Solution
                                                                                                                                                                                
 
                                                                                                                                                                                Set a higher upper limit for the workload.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Example
                                                                                                                                                                                A pod will be created and allocated memory that exceeds the limit. As shown in the following configuration file of the pod, the pod requests 50 MB memory and the memory limit is set to 100 MB.
                                                                                                                                                                                
+
                                                                                                                                                                                Example
                                                                                                                                                                                A pod will be created and allocated memory that exceeds the limit. As shown in the following configuration file of the pod, the pod requests 50 MiB memory and the memory limit is set to 100 MiB.
                                                                                                                                                                                
 
                                                                                                                                                                                Example YAML file (memory-request-limit-2.yaml):
                                                                                                                                                                                
 
                                                                                                                                                                                apiVersion: v1
 kind: Pod
@@ -33,7 +33,7 @@ spec:
     - -mem-alloc-sleep
     - 1s
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                The args parameters indicate that the container attempts to request 250 MB memory, which exceeds the pod's upper limit (100 MB).
                                                                                                                                                                                
+
                                                                                                                                                                                The args parameters indicate that the container attempts to request 250 MiB memory, which exceeds the pod's upper limit (100 MiB).
                                                                                                                                                                                
 
                                                                                                                                                                                Creating a pod:
                                                                                                                                                                                
 
                                                                                                                                                                                kubectl create -f https://k8s.io/docs/tasks/configure-pod-container/memory-request-limit-2.yaml --namespace=mem-example 
                                                                                                                                                                                
 
                                                                                                                                                                                Viewing the details about the pod:
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bestpractice_00004.html b/docs/cce/umn/cce_bestpractice_00004.html
index 2449c71c6..a5dfe7f97 100644
--- a/docs/cce/umn/cce_bestpractice_00004.html
+++ b/docs/cce/umn/cce_bestpractice_00004.html
@@ -3,10 +3,10 @@
 
                                                                                                                                                                                Planning CIDR Blocks for a Cluster
                                                                                                                                                                                
 
                                                                                                                                                                                Before creating a cluster on CCE, determine the number of VPCs, number of subnets, container CIDR blocks, and Services for access based on service requirements.
                                                                                                                                                                                
 
                                                                                                                                                                                This topic describes the addresses in a CCE cluster in a VPC and how to plan CIDR blocks.
                                                                                                                                                                                
-
                                                                                                                                                                                Notes and Constraints
                                                                                                                                                                                To access a CCE cluster through a VPN, ensure that the VPN does not conflict with the VPC CIDR block where the cluster resides and the container CIDR block.
                                                                                                                                                                                
+
                                                                                                                                                                                Constraints
                                                                                                                                                                                To access a CCE cluster through a VPN, ensure that the VPN does not conflict with the VPC CIDR block where the cluster resides and the container CIDR block.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Basic Concepts
                                                                                                                                                                                • VPC CIDR Block
                                                                                                                                                                                  Virtual Private Cloud (VPC) enables you to provision logically isolated, configurable, and manageable virtual networks for cloud servers, cloud containers, and cloud databases. You have complete control over your virtual network, including selecting your own CIDR block, creating subnets, and configuring security groups. You can also assign EIPs and allocate bandwidth in your VPC for secure and easy access to your business system.
                                                                                                                                                                                  
-
                                                                                                                                                                                • Subnet CIDR Block
                                                                                                                                                                                  A subnet is a network that manages ECS network planes. It supports IP address management and DNS. The IP addresses of all ECSs in a subnet belong to the subnet.
                                                                                                                                                                                  Figure 1 VPC CIDR block architecture
                                                                                                                                                                                  
+
                                                                                                                                                                                • Subnet CIDR Block
                                                                                                                                                                                  A subnet is a network that manages ECS network planes. It supports IP address management and DNS. The IP addresses of all ECSs in a subnet belong to the subnet.
                                                                                                                                                                                  Figure 1 VPC CIDR block architecture
                                                                                                                                                                                  
 
                                                                                                                                                                                  
 
                                                                                                                                                                                  By default, ECSs in all subnets of the same VPC can communicate with one another, while ECSs in different VPCs cannot communicate with each other.
                                                                                                                                                                                  
 
                                                                                                                                                                                  You can create a peering connection on VPC to enable ECSs in different VPCs to communicate with each other.
                                                                                                                                                                                  
@@ -17,40 +17,40 @@
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Single-VPC Single-Cluster Scenarios
                                                                                                                                                                                CCE Clusters: include clusters in VPC network model and container tunnel network model. Figure 2 shows the CIDR block planning of a cluster.
                                                                                                                                                                                • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                                • Subnet CIDR Block: specifies the subnet CIDR block where the node in the cluster resides. The subnet CIDR block is included in the VPC CIDR block. Different nodes in the same cluster can be allocated to different subnet CIDR blocks.
                                                                                                                                                                                • Container CIDR Block: cannot overlap with the subnet CIDR block.
                                                                                                                                                                                • Service CIDR Block: cannot overlap with the subnet CIDR block or the container CIDR block.
                                                                                                                                                                                
-
                                                                                                                                                                                Figure 2 Network CIDR block planning in single-VPC single-cluster scenarios (CCE cluster)
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 2 Network CIDR block planning in single-VPC single-cluster scenarios (CCE cluster)
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Figure 3 shows the CIDR block planning for a CCE Turbo cluster (Cloud Native Network 2.0).
                                                                                                                                                                                • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                                • Subnet CIDR Block: specifies the subnet CIDR block where the node in the cluster resides. The subnet CIDR block is included in the VPC CIDR block. Different nodes in the same cluster can be allocated to different subnet CIDR blocks.
                                                                                                                                                                                • Container Subnet CIDR Block: The container subnet is included in the VPC CIDR block and can overlap with the subnet CIDR block or even be the same as the subnet CIDR block. Note that the container subnet size determines the maximum number of containers in the cluster because IP addresses in the VPC are directly allocated to containers. After a cluster is created, you can only add container subnets but cannot delete them. You are advised to set a larger IP address segment for the container subnet to prevent insufficient container IP addresses.
                                                                                                                                                                                • Service CIDR Block: cannot overlap with the subnet CIDR block or the container CIDR block.
                                                                                                                                                                                
-
                                                                                                                                                                                Figure 3 Network CIDR block planning in single-VPC single-cluster scenarios (CCE Turbo cluster)
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 3 shows the CIDR block planning for a CCE Turbo cluster (Cloud Native Network 2.0).
                                                                                                                                                                                • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                                • Subnet CIDR Block: specifies the subnet CIDR block where the node in the cluster resides. The subnet CIDR block is included in the VPC CIDR block. Different nodes in the same cluster can be allocated to different subnet CIDR blocks.
                                                                                                                                                                                • Container Subnet CIDR Block: The container subnet is included in the VPC CIDR block and can overlap with the subnet CIDR block or even be the same as the subnet CIDR block. Note that the container subnet size determines the maximum number of containers in the cluster because IP addresses in the VPC are directly allocated to containers. After a cluster is created, you can only add container subnets but cannot delete them. Set a larger IP address segment for the container subnet to prevent insufficient container IP addresses.
                                                                                                                                                                                • Service CIDR Block: cannot overlap with the subnet CIDR block or the container CIDR block.
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 3 Network CIDR block planning in single-VPC single-cluster scenarios (CCE Turbo Clusters)
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Single-VPC Multi-Cluster Scenarios
                                                                                                                                                                                VPC network model
                                                                                                                                                                                
 
                                                                                                                                                                                Pod packets are forwarded through VPC routes. CCE automatically configures a routing table on the VPC routes to each container CIDR block. The network scale is limited by the VPC route table. Figure 4 shows the CIDR block planning of the cluster.
                                                                                                                                                                                • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                                • Subnet CIDR Block: The subnet CIDR block in each cluster cannot overlap with the container CIDR block.
                                                                                                                                                                                • Container CIDR Block: If multiple VPC network model clusters exist in a single VPC, the container CIDR blocks of all clusters cannot overlap because the clusters use the same routing table. In this case, CCE clusters are partially interconnected. A pod of a cluster can directly access the pods of another cluster, but cannot access the Services of the cluster.
                                                                                                                                                                                • Service CIDR Block: can be used only in clusters. Therefore, the Service CIDR blocks of different clusters can overlap, but cannot overlap with the subnet CIDR block and container CIDR block of the cluster.
                                                                                                                                                                                
-
                                                                                                                                                                                Figure 4 VPC network - multi-cluster scenario
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 4 VPC network - multi-cluster scenario
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Tunnel Network
                                                                                                                                                                                
+
                                                                                                                                                                                Tunnel network model
                                                                                                                                                                                
 
                                                                                                                                                                                Though at some cost of performance, the tunnel encapsulation enables higher interoperability and compatibility with advanced features (such as network policy-based isolation), meeting the requirements of most applications. Figure 5 shows the CIDR block planning of the cluster.
                                                                                                                                                                                • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. The size of this CIDR block affects the maximum number of nodes that can be created in the cluster.
                                                                                                                                                                                • Subnet CIDR Block: The subnet CIDR block in each cluster cannot overlap with the container CIDR block.
                                                                                                                                                                                • Container CIDR Block: The container CIDR blocks of all clusters can overlap. In this case, pods in different clusters cannot be directly accessed using IP addresses. It is recommended that ELB be used for the cross-cluster access between containers.
                                                                                                                                                                                • Service CIDR Block: can be used only in clusters. Therefore, the Service CIDR blocks of different clusters can overlap, but cannot overlap with the subnet CIDR block and container CIDR block of the cluster.
                                                                                                                                                                                
-
                                                                                                                                                                                Figure 5 Tunnel network - multi-cluster scenario
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 5 Tunnel network - multi-cluster scenario
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Cloud Native Network 2.0 Model (CCE Turbo cluster)
                                                                                                                                                                                
+
                                                                                                                                                                                Cloud Native Network 2.0 Model (CCE Turbo Clusters)
                                                                                                                                                                                
 
                                                                                                                                                                                In this mode, container IP addresses are allocated from the VPC CIDR block. ELB passthrough networking is supported to direct access requests to containers. Security groups and multiple types of VPC networks can be bound to deliver high performance.
                                                                                                                                                                                • VPC CIDR Block: specifies the VPC CIDR block where the cluster resides. In a CCE Turbo cluster, the CIDR block size affects the total number of nodes and containers that can be created in the cluster.
                                                                                                                                                                                • Subnet CIDR Block: There is no special restriction on the subnet CIDR blocks in CCE Turbo clusters.
                                                                                                                                                                                • Container Subnet: The CIDR block of the container subnet is included in the VPC CIDR block. Container subnets in different clusters can overlap with each other or overlap with the subnet CIDR block. However, you are advised to stagger the container CIDR blocks of different clusters and ensure that the container subnet CIDR blocks have sufficient IP addresses. In this case, pods in different clusters can directly access each other through IP addresses.
                                                                                                                                                                                • Service CIDR Block: can be used only in clusters. Therefore, the Service CIDR blocks of different clusters can overlap, but cannot overlap with the subnet CIDR block and container subnet CIDR block of the cluster.
                                                                                                                                                                                
-
                                                                                                                                                                                Figure 6 Cloud Native Network 2.0 - multi-cluster scenario
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 6 Cloud Native Network 2.0 - multi-cluster scenario
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Coexistence of Clusters in Multi-Network
                                                                                                                                                                                
 
                                                                                                                                                                                When a VPC contains clusters created with different network models, comply with the following rules when creating a cluster:
                                                                                                                                                                                
 
                                                                                                                                                                                • VPC CIDR Block: In this scenario, all clusters are located in the same VPC CIDR block. Ensure that there are sufficient available IP addresses in the VPC.
                                                                                                                                                                                • Subnet CIDR Block: Ensure that the subnet CIDR block does not overlap with the container CIDR block. Even in some scenarios (for example, coexistence with CCE Turbo clusters), the subnet CIDR block can overlap with the container (subnet) CIDR block. However, this is not recommended.
                                                                                                                                                                                • Container CIDR Block: Ensure that the container CIDR blocks of clusters in VPC network model do not overlap.
                                                                                                                                                                                • Service CIDR Block: The Service CIDR blocks of all clusters can overlap, but cannot overlap with the subnet CIDR block and container CIDR block of the cluster.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Cross-VPC Cluster Interconnection
                                                                                                                                                                                When two VPC networks are interconnected, you can configure the packets to be sent to the peer VPC in the route table.
                                                                                                                                                                                
-
                                                                                                                                                                                In the VPC network model, after creating a peering connection, you need to add routes for the peering connection to enable communication between the two VPCs.
                                                                                                                                                                                
-
                                                                                                                                                                                Figure 7 VPC network - VPC interconnection scenario
                                                                                                                                                                                
+
                                                                                                                                                                                In the VPC network model, after creating a peering connection, add routes for the peering connection to enable communication between the two VPCs.
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 7 VPC network - VPC interconnection scenario
                                                                                                                                                                                
 
                                                                                                                                                                                When creating a VPC peering connection between containers across VPCs, pay attention to the following points:
                                                                                                                                                                                
-
                                                                                                                                                                                • The VPC to which the clusters belong must not overlap. In each cluster, the subnet CIDR block cannot overlap with the container CIDR block.
                                                                                                                                                                                • The container CIDR blocks of clusters at both ends cannot overlap, but the Service CIDR blocks can.
                                                                                                                                                                                • You need to add not only the peer VPC CIDR block but also the peer container CIDR block to the VPC routing tables at both ends. Note that this operation must be performed in the VPC route tables of the clusters.
                                                                                                                                                                                
-
                                                                                                                                                                                In the tunnel network model, after creating a peering connection, you need to add routes for the peering connection to enable communication between the two VPCs.
                                                                                                                                                                                
-
                                                                                                                                                                                Figure 8 Tunnel network - VPC interconnection scenario
                                                                                                                                                                                
+
                                                                                                                                                                                • The VPC to which the clusters belong must not overlap. In each cluster, the subnet CIDR block cannot overlap with the container CIDR block.
                                                                                                                                                                                • The container CIDR blocks of clusters at both ends cannot overlap, but the Service CIDR blocks can.
                                                                                                                                                                                • Add not only the peer VPC CIDR block but also the peer container CIDR block to the VPC routing tables at both ends. Note that this operation must be performed in the VPC route tables of the clusters.
                                                                                                                                                                                
+
                                                                                                                                                                                In the Tunnel network model, after creating a peering connection, add routes for the peering connection to enable communication between the two VPCs.
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 8 Tunnel network - VPC interconnection scenario
                                                                                                                                                                                
 
                                                                                                                                                                                Pay attention to the following:
                                                                                                                                                                                
 
                                                                                                                                                                                • The VPCs of the clusters must not overlap.
                                                                                                                                                                                • The container CIDR blocks of all clusters can overlap, so do the Service CIDR blocks.
                                                                                                                                                                                • Add the peer subnet CIDR block to the route table of the VPC peering connection.
                                                                                                                                                                                
 
                                                                                                                                                                                In Cloud Native Network 2.0 mode, after creating a VPC peering connection, you only need to add routes for the VPC peering connection to enable communication between the two VPCs. Ensure that the VPCs of the clusters do not overlap.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                VPC-IDC Scenarios
                                                                                                                                                                                Similar to the VPC interconnection scenario, some CIDR blocks in the VPC are routed to the IDC. The pod IP addresses of CCE clusters cannot overlap with the addresses within these CIDR blocks. To access the pod IP addresses in the cluster in the IDC, you need to configure the route table to the private line VBR on the IDC.
                                                                                                                                                                                
+
                                                                                                                                                                                VPC-IDC Scenarios
                                                                                                                                                                                Similar to the VPC interconnection scenario, some CIDR blocks in the VPC are routed to the IDC. The pod IP addresses of CCE clusters cannot overlap with the addresses within these CIDR blocks. To access the pod IP addresses in the cluster in the IDC, configure the route table to the private line VBR on the IDC.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bestpractice_00006.html b/docs/cce/umn/cce_bestpractice_00006.html
index bc5213406..0284fc7f1 100644
--- a/docs/cce/umn/cce_bestpractice_00006.html
+++ b/docs/cce/umn/cce_bestpractice_00006.html
@@ -53,7 +53,7 @@
 
                                                                                                                                                                                
 
                                                                                                                                                                                Workload
                                                                                                                                                                                
 
                                                                                                                                                                                When creating a workload, you need to set the CPU and memory limits to improve service robustness.
                                                                                                                                                                                
+
                                                                                                                                                                                When creating a workload, set the CPU and memory limits to improve service robustness.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Deployment
                                                                                                                                                                                
                                                                                                                                                                                 		
 
 
 
                                                                                                                                                                                Table 1 Comparison between the two deployment modes
                                                                                                                                                                                Item
                                                                                                                                                                                
+
                                                                                                                                                                                
@@ -32,7 +32,7 @@
 
                                                                                                                                                                                Table 1 Comparison between the two deployment modes
                                                                                                                                                                                Category
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Before: Application Deployment on VM
                                                                                                                                                                                
 
                                                                                                                                                                                Upgrade
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Low upgrade efficiency.
                                                                                                                                                                                
-
                                                                                                                                                                                During version upgrades, you need to log in to VMs one by one and manually configure the upgrades, which is inefficient and error-prone.
                                                                                                                                                                                
+
                                                                                                                                                                                During version upgrades, log in to VMs one by one and manually configure the upgrades, which is inefficient and error-prone.
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Per-second level upgrade.
                                                                                                                                                                                
 
                                                                                                                                                                                Version upgrades can be completed within seconds by replacing the image tag. In addition, CCE provides rolling updates, ensuring zero service downtime during upgrades.
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bestpractice_00035.html b/docs/cce/umn/cce_bestpractice_00035.html
index d8f061776..6b25a4549 100644
--- a/docs/cce/umn/cce_bestpractice_00035.html
+++ b/docs/cce/umn/cce_bestpractice_00035.html
@@ -3,30 +3,41 @@
 
                                                                                                                                                                                Obtaining the Client Source IP Address for a Container
                                                                                                                                                                                
 
                                                                                                                                                                                Background
                                                                                                                                                                                There may be different types of proxy servers between a client and a container server. How can a container obtain the real source IP address of the client? This section describes several scenarios you may encounter.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                Principles
                                                                                                                                                                                
+
                                                                                                                                                                                Principles
                                                                                                                                                                                
 
                                                                                                                                                                                Layer-7 forwarding:
                                                                                                                                                                                
 
                                                                                                                                                                                Ingress: If this access mode is used, the client source IP address is saved in the X-Forwarded-For HTTP header field by default. No other configuration is required.
                                                                                                                                                                                
 
                                                                                                                                                                                • ELB ingress: A self-developed ingress to implement layer-7 network access between the internet and intranet (in the same VPC) based on ELB. If the backend Service type is NodePort, set Service Affinity to Node level.
                                                                                                                                                                                
 
                                                                                                                                                                                Layer-4 forwarding:
                                                                                                                                                                                
-
                                                                                                                                                                                • LoadBalancer: Use ELB to achieve load balancing. You can manually enable the Obtain Client IP Address option for TCP and UDP listeners of shared load balancers. By default, the Obtain Client IP Address option is enabled for TCP and UDP listeners of dedicated load balancers. You do not need to manually enable it.
                                                                                                                                                                                • NodePort: In this access mode, the container port is mapped to the node port. If cluster-level affinity is configured, access requests will be forwarded through the node and the client source IP address cannot be obtained. If node-level affinity is configured, access requests are not forwarded and the client source IP address can be obtained.
                                                                                                                                                                                
+
                                                                                                                                                                                • NodePort: In this access mode, the container port is mapped to the node port. If cluster-level affinity is configured, access requests will be forwarded through the node and the client source IP address cannot be obtained. If node-level affinity is configured, access requests are not forwarded and the client source IP address can be obtained.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                Ingress
                                                                                                                                                                                Configure the application server and obtain the IP address of a client from the HTTP header.
                                                                                                                                                                                
 
                                                                                                                                                                                The real IP address is placed in the X-Forwarded-For HTTP header field by the load balancer in the following format:
                                                                                                                                                                                
 
                                                                                                                                                                                X-Forwarded-For: IP address of the client,Proxy server 1-IP address,Proxy server 2-IP address,...
                                                                                                                                                                                
 
                                                                                                                                                                                If you use this method, the first IP address obtained is the IP address of the client.
                                                                                                                                                                                
-
                                                                                                                                                                                For details, see How Can I Obtain the IP Address of a Client?
                                                                                                                                                                                
 
                                                                                                                                                                                 
                                                                                                                                                                                • When adding an ingress, if the backend service is of the NodePort type, set Service Affinity to Node level, that is, set spec.externalTrafficPolicy to Local. For details, see NodePort.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                LoadBalancer
                                                                                                                                                                                For a LoadBalancer Service, different types of clusters obtain source IP addresses in different scenarios. In some scenarios, source IP addresses cannot be obtained currently.
                                                                                                                                                                                
-
                                                                                                                                                                                VPC and Container Tunnel Network Models
                                                                                                                                                                                
-
                                                                                                                                                                                To obtain source IP addresses, perform the following steps:
                                                                                                                                                                                
-
                                                                                                                                                                                1. When creating a LoadBalancer Service on the CCE console, set Service Affinity to Node level instead of Cluster level.
                                                                                                                                                                                  
-
                                                                                                                                                                                2. Go to the ELB console and enable the function of obtaining the client IP address of the listener corresponding to the load balancer. Transparent transmission of source IP addresses is enabled for dedicated load balancers by default. You do not need to manually enable this function.
                                                                                                                                                                                  1. Log in to the ELB console.
                                                                                                                                                                                  2. Click  in the upper left corner to select the desired region and project.
                                                                                                                                                                                  3. Click Service List. Under Networking, click Elastic Load Balance.
                                                                                                                                                                                  4. On the Load Balancers page, click the name of the load balancer.
                                                                                                                                                                                  5. Click Listeners.
                                                                                                                                                                                    • To add a listener, click Add Listener.
                                                                                                                                                                                    • To modify a listener, locate the listener and click the edit button on the right of its name.
                                                                                                                                                                                    
-
                                                                                                                                                                                  6. Enable Obtain Client IP Address.
                                                                                                                                                                                  
+
                                                                                                                                                                                  1. Take the Nginx workload as an example. Before configuring the source IP address, obtain the access logs. nginx-c99fd67bb-ghv4q indicates the pod name.
                                                                                                                                                                                    kubectl logs nginx-c99fd67bb-ghv4q
                                                                                                                                                                                    
+
                                                                                                                                                                                    Information similar to the following is displayed:
                                                                                                                                                                                    
+
                                                                                                                                                                                    ...
+10.0.0.7 - - [17/Aug/2023:01:30:11 +0000] "GET / HTTP/1.1" 200 19 "http://114.114.114.114:9421/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203" "100.125.**.**"
                                                                                                                                                                                    
+
                                                                                                                                                                                    100.125.**.** specifies the CIDR block of the load balancer, indicating that the traffic is forwarded through the load balancer.
                                                                                                                                                                                    
+
                                                                                                                                                                                  2. Go to the ELB console and enable the function of obtaining the client IP address of the listener corresponding to the load balancer. Transparent transmission of source IP addresses is enabled for dedicated load balancers by default. You do not need to manually enable this function.
                                                                                                                                                                                    1. Log in to the ELB console.
                                                                                                                                                                                    2. Click  in the upper left corner of the management console and select a region and a project.
                                                                                                                                                                                    3. Click Service List. Under Networking, click Elastic Load Balance.
                                                                                                                                                                                    4. On the Load Balancers page, click the name of the load balancer.
                                                                                                                                                                                    5. Switch to the Listeners tab and click Modify on the right of the target listener. If modification protection exists, disable the protection on the basic information page of the listener and try again.
                                                                                                                                                                                    6. Enable Obtain Client IP Address.
                                                                                                                                                                                    
+
                                                                                                                                                                                  3. (Perform this step only for nginx-ingress.) Edit the nginx-ingress add-on. In the nginx configuration parameter area, configure the configuration fields and information. (For details about the parameter range, see community document.) After the configuration is complete, update the add-on.
                                                                                                                                                                                    {
+    "enable-real-ip": "true",
+    "forwarded-for-header": "X-Forwarded-For",
+    "proxy-real-ip-cidr": "100.125.0.0/16",
+    "keep-alive-requests": "100"
+}
                                                                                                                                                                                    
+
                                                                                                                                                                                     
                                                                                                                                                                                    The proxy-real-ip-cidr parameter indicates the CIDR block of the proxy server.
                                                                                                                                                                                    
+
                                                                                                                                                                                    • For shared load balancers, add CIDR block 100.125.0.0/16 (reserved only for load balancers and therefore, there is no risk) and the high-defense CIDR block.
                                                                                                                                                                                    
+
                                                                                                                                                                                    • For dedicated load balancers, add the CIDR block of the VPC subnet where the ELB resides.
                                                                                                                                                                                    
+
                                                                                                                                                                                    For details, see How Can I Transfer the IP Address of a Client?
                                                                                                                                                                                    
+
                                                                                                                                                                                    
+
                                                                                                                                                                                  4. Access the workload again and view the new access log.
                                                                                                                                                                                    ...
+10.0.0.7 - - [17/Aug/2023:02:43:11 +0000] "GET / HTTP/1.1" 304 0 "http://114.114.114.114:9421/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203" "124.**.**.**"
                                                                                                                                                                                    
+
                                                                                                                                                                                    The source IP address of the client is obtained.
                                                                                                                                                                                    
 
                                                                                                                                                                                  
-
                                                                                                                                                                                  
-
                                                                                                                                                                                
 
                                                                                                                                                                                NodePort
                                                                                                                                                                                Set the service affinity of a NodePort Service to Node level instead of Cluster level. That is, set spec.externalTrafficPolicy of the Service to Local.
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bestpractice_0004.html b/docs/cce/umn/cce_bestpractice_0004.html
index 4f79707f1..b614f917a 100644
--- a/docs/cce/umn/cce_bestpractice_0004.html
+++ b/docs/cce/umn/cce_bestpractice_0004.html
@@ -2,7 +2,7 @@
 
 
                                                                                                                                                                                Containerization Process
                                                                                                                                                                                
 
                                                                                                                                                                                The following figure illustrates the process of containerizing an application.
                                                                                                                                                                                
-
                                                                                                                                                                                Figure 1 Process of containerizing an application
                                                                                                                                                                                
+
                                                                                                                                                                                Figure 1 Process of containerizing an application
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bestpractice_0005.html b/docs/cce/umn/cce_bestpractice_0005.html
index 99806a54a..30a5f0dfb 100644
--- a/docs/cce/umn/cce_bestpractice_0005.html
+++ b/docs/cce/umn/cce_bestpractice_0005.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                                                                                                Analyzing the Application
                                                                                                                                                                                
-
                                                                                                                                                                                Before containerizing an application, you need to analyze the running environment and dependencies of the application, and get familiar with the application deployment mode. For details, see Table 1.
                                                                                                                                                                                
+
                                                                                                                                                                                Before containerizing an application, analyze the running environment and dependencies of the application, and get familiar with the application deployment mode. For details, see Table 1.
                                                                                                                                                                                
 
-
                                                                                                                                                                                Table 1 Application environment
                                                                                                                                                                                Item
                                                                                                                                                                                
+
                                                                                                                                                                                
@@ -40,7 +40,7 @@
 
-
                                                                                                                                                                                Table 1 Application environment
                                                                                                                                                                                Category
                                                                                                                                                                                
                                                                                                                                                                                 		
 
                                                                                                                                                                                Sub-category
                                                                                                                                                                                
 
                                                                                                                                                                                
 
                                                                                                                                                                                External services with which the application needs to interconnect, such as databases and file systems.
                                                                                                                                                                                
 
                                                                                                                                                                                These configurations need to be manually configured each time you deploy an application on a VM. However, through containerized deployment, environment variables can be injected into a container, facilitating deployment.
                                                                                                                                                                                
-
                                                                                                                                                                                In this example, the application needs to interconnect with the MySQL database. You need to obtain the database configuration file. The server address, database name, database login username, and database login password are injected through environment variables.
                                                                                                                                                                                
+
                                                                                                                                                                                In this example, the application needs to interconnect with the MySQL database. Obtain the database configuration file. The server address, database name, database login username, and database login password are injected through environment variables.
                                                                                                                                                                                
 
                                                                                                                                                                                url=jdbc:mysql://Server address/Database name        #Database connection URL
 username=****                         #Username for logging in to the database
 password=****                         #Password for logging in to the database
                                                                                                                                                                                
@@ -48,7 +48,7 @@ password=****                         #Password for logging in to the database
 
                                                                                                                                                                                Application configurations
                                                                                                                                                                                
 
                                                                                                                                                                                You need to sort out the configuration parameters, such as configurations that need to be modified frequently and those remain unchanged during the running of the application.
                                                                                                                                                                                
+
                                                                                                                                                                                Sort out the configuration parameters, such as configurations that need to be modified frequently and those remain unchanged during the running of the application.
                                                                                                                                                                                
 
                                                                                                                                                                                In this example, no application configurations need to be extracted.
                                                                                                                                                                                
 
                                                                                                                                                                                 NOTE: 
                                                                                                                                                                                To avoid frequent image replacement, you are advised to classify configurations of the application.
                                                                                                                                                                                
 
                                                                                                                                                                                • For the configurations (such as peripheral interconnection information and log levels) that are frequently changed, you are advised to configure them as environment variables.
                                                                                                                                                                                • For the configurations that remain unchanged, directly write them into images.
                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bestpractice_0006.html b/docs/cce/umn/cce_bestpractice_0006.html
index 460892e02..64703d235 100644
--- a/docs/cce/umn/cce_bestpractice_0006.html
+++ b/docs/cce/umn/cce_bestpractice_0006.html
@@ -1,13 +1,13 @@
 
 
 
                                                                                                                                                                                Preparing the Application Runtime
                                                                                                                                                                                
-
                                                                                                                                                                                After application analysis, you have gained the understanding of the OS and runtime required for running the application. You need to make the following preparations:
                                                                                                                                                                                
-
                                                                                                                                                                                • Installing Docker: During application containerization, you need to build a container image. To do so, you have to prepare a PC and install Docker on it.
                                                                                                                                                                                • Obtaining the base image tag: Determine the base image based on the OS on which the application runs. In this example, the application runs on CentOS 7.1 and the base image can be obtained from an open-source image repository.
                                                                                                                                                                                • Obtaining the runtime: Obtain the runtime of the application and the MongoDB database with which the application interconnects.
                                                                                                                                                                                
+
                                                                                                                                                                                After application analysis, you have gained the understanding of the OS and runtime required for running the application. Make the following preparations:
                                                                                                                                                                                
+
                                                                                                                                                                                • Installing Docker: During application containerization, build a container image. To do so, you have to prepare a PC and install Docker on it.
                                                                                                                                                                                • Obtaining the base image tag: Determine the base image based on the OS on which the application runs. In this example, the application runs on CentOS 7.1 and the base image can be obtained from an open-source image repository.
                                                                                                                                                                                • Obtaining the runtime: Obtain the runtime of the application and the MongoDB database with which the application interconnects.
                                                                                                                                                                                
 
                                                                                                                                                                                Installing Docker
                                                                                                                                                                                Docker is compatible with almost all operating systems. Select a Docker version that best suits your needs.
                                                                                                                                                                                
 
                                                                                                                                                                                 
                                                                                                                                                                                SWR uses Docker 1.11.2 or later to upload images. 
                                                                                                                                                                                
 
                                                                                                                                                                                You are advised to install Docker and build images as user root. Obtain the password of user root of the host where Docker is to be installed in advance.
                                                                                                                                                                                
 
                                                                                                                                                                                
-
                                                                                                                                                                                1. Log in as user root to the device on which Docker is about to be installed.
                                                                                                                                                                                2. Run the following commands to quickly install Docker on the device running Linux: 
                                                                                                                                                                                  curl -fsSL get.docker.com -o get-docker.sh
                                                                                                                                                                                  
+
                                                                                                                                                                                  1. Log in as user root to the device on which Docker is about to be installed.
                                                                                                                                                                                  2. Quickly install Docker on the device running Linux. You can also manually install Docker. For details, see Docker Engine installation.
                                                                                                                                                                                    curl -fsSL get.docker.com -o get-docker.sh
                                                                                                                                                                                    
 
                                                                                                                                                                                    sh get-docker.sh
                                                                                                                                                                                    
 
                                                                                                                                                                                  3. Run the following command to query the Docker version:
                                                                                                                                                                                    docker version
                                                                                                                                                                                    Client:
 Version: 17.12.0-ce
@@ -20,14 +20,14 @@ API Version:1.35
 
                                                                                                                                                                                    Obtaining the Base Image Tag
                                                                                                                                                                                    Determine the base image based on the OS on which the application runs. In this example, the application runs on CentOS 7.1 and the base image can be obtained from an open-source image repository.
                                                                                                                                                                                    
 
                                                                                                                                                                                     
                                                                                                                                                                                    Search for the image tag based on the OS on which the application runs.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
-
                                                                                                                                                                                    1. Visit the Docker website.
                                                                                                                                                                                    2. Search for CentOS. The image corresponding to CentOS 7.1 is centos7.1.1503. You need to use this image name when compiling the Dockerfile.
                                                                                                                                                                                      Figure 1 Obtaining the CentOS version
                                                                                                                                                                                      
+
                                                                                                                                                                                      1. Visit the Docker website.
                                                                                                                                                                                      2. Search for CentOS. The image corresponding to CentOS 7.1 is centos7.1.1503. Use this image name when editing the Dockerfile.
                                                                                                                                                                                        Figure 1 Obtaining the CentOS version
                                                                                                                                                                                        
 
                                                                                                                                                                                      
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    Obtaining the Runtime
                                                                                                                                                                                    In this example, the web application of the Tomcat type is used. This application requires the runtime of Tomcat 7.0, and Tomcat requires JDK 1.8. In addition, the application must interconnect with the MongoDB database in advance.
                                                                                                                                                                                    
 
                                                                                                                                                                                     
                                                                                                                                                                                    Download the environment required by the application.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    1. Download Tomcat, JDK, and MongoDB installation packages of the specific versions.
                                                                                                                                                                                      1. Download JDK 1.8.
                                                                                                                                                                                        Download address: https://www.oracle.com/java/technologies/jdk8-downloads.html.
                                                                                                                                                                                        
-
                                                                                                                                                                                      2. Download Tomcat 7.0 from http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.82/bin/apache-tomcat-7.0.82.tar.gz.
                                                                                                                                                                                      3. Download MongoDB 3.2 from https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-3.2.9.tgz.
                                                                                                                                                                                      
+
                                                                                                                                                                                    2. Download Tomcat 7.0 from http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.82/bin/apache-tomcat-7.0.82.tar.gz.
                                                                                                                                                                                    3. Download MongoDB 3.2 from https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-rhel70-3.2.9.tgz.
                                                                                                                                                                                    
 
                                                                                                                                                                                  4. Log in as user root to the device running Docker.
                                                                                                                                                                                  5. Run the following commands to create the directory where the application is to be stored: For example, set the directory to apptest.
                                                                                                                                                                                    mkdir apptest
                                                                                                                                                                                    
 
                                                                                                                                                                                    cd apptest
                                                                                                                                                                                    
 
                                                                                                                                                                                  6. Use Xshell to save the downloaded dependency files to the apptest directory.
                                                                                                                                                                                  7. Run the following commands to decompress the dependency files:
                                                                                                                                                                                    tar -zxf apache-tomcat-7.0.82.tar.gz
                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_bestpractice_0007.html b/docs/cce/umn/cce_bestpractice_0007.html
index 59cf1e3c3..1fb586b83 100644
--- a/docs/cce/umn/cce_bestpractice_0007.html
+++ b/docs/cce/umn/cce_bestpractice_0007.html
@@ -1,13 +1,13 @@
 
 
 
                                                                                                                                                                                    Compiling a Startup Script
                                                                                                                                                                                    
-
                                                                                                                                                                                    During application containerization, you need to prepare a startup script. The method of compiling this script is the same as that of compiling a shell script. The startup script is used to:
                                                                                                                                                                                    
+
                                                                                                                                                                                    During application containerization, prepare a startup script. The method of compiling this script is the same as that of compiling a shell script. The startup script is used to:
                                                                                                                                                                                    
 
                                                                                                                                                                                    • Start up the software on which the application depends.
                                                                                                                                                                                    • Set the configurations that need to be changed as the environment variables.
                                                                                                                                                                                    
-
                                                                                                                                                                                     
                                                                                                                                                                                    Startup scripts vary according to applications. You need to compile the script based on your service requirements.
                                                                                                                                                                                    
+
                                                                                                                                                                                     
                                                                                                                                                                                    Startup scripts vary according to applications. Edit the script based on your service requirements.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    Procedure
                                                                                                                                                                                    1. Log in as user root to the device running Docker.
                                                                                                                                                                                    2. Run the following commands to create the directory where the application is to be stored:
                                                                                                                                                                                      mkdir apptest
                                                                                                                                                                                      
 
                                                                                                                                                                                      cd apptest
                                                                                                                                                                                      
-
                                                                                                                                                                                    3. Compile a script file. The name and content of the script file vary according to applications. You need to compile the script file based on your application. The following example is only for your reference. 
                                                                                                                                                                                      vi start_tomcat_and_mongo.sh
                                                                                                                                                                                      #!/bin/bash
+
                                                                                                                                                                                    4. Compile a script file. The name and content of the script file vary according to applications. Edit the script file based on your application. The following example is only for your reference. 
                                                                                                                                                                                      vi start_tomcat_and_mongo.sh
                                                                                                                                                                                      #!/bin/bash
 # Load system environment variables.
 source  /etc/profile
 # Start MongoDB. The data is stored in /usr/local/mongodb/data.
diff --git a/docs/cce/umn/cce_bestpractice_0008.html b/docs/cce/umn/cce_bestpractice_0008.html
index 2e998828a..f52b407ea 100644
--- a/docs/cce/umn/cce_bestpractice_0008.html
+++ b/docs/cce/umn/cce_bestpractice_0008.html
@@ -6,8 +6,8 @@
 
                                                                                                                                                                                      This section describes how to compile a Dockerfile file.
                                                                                                                                                                                      
 
                                                                                                                                                                                       
                                                                                                                                                                                      Dockerfiles vary according to applications. Dockerfiles need to be compiled based on actual service requirements.
                                                                                                                                                                                      
 
                                                                                                                                                                                      
-
                                                                                                                                                                                      Procedure
                                                                                                                                                                                      1. Log in as the root user to the device running Docker.
                                                                                                                                                                                      2. Write a Dockerfile.
                                                                                                                                                                                        vi Dockerfile
                                                                                                                                                                                        
-
                                                                                                                                                                                        The following provides an example Dockerfile:
                                                                                                                                                                                        
+
                                                                                                                                                                                        Procedure
                                                                                                                                                                                        1. Log in as the root user to the device running Docker.
                                                                                                                                                                                        2. Compile a Dockerfile.
                                                                                                                                                                                          vi Dockerfile
                                                                                                                                                                                          
+
                                                                                                                                                                                          The content is as follows:
                                                                                                                                                                                          
 
                                                                                                                                                                                          # Centos:7.1.1503 is used as the base image.
 FROM centos:7.1.1503                     
 # Create a folder to store data and dependency files. You are advised to write multiple commands into one line to reduce the image size.
@@ -36,7 +36,7 @@ RUN chown root:root -R /root \               start_tomcat_and_mongo.sh are automatically run. The file can be one or more commands, or a script.
 ENTRYPOINT ["/root/start_tomcat_and_mongo.sh"]    
                                                                                                                                                                                          
 
                                                                                                                                                                                          In the preceding information:
                                                                                                                                                                                          
-
                                                                                                                                                                                          • FROM statement: indicates that centos:7.1.1503 is used as the base image.
                                                                                                                                                                                          • Run statement: indicates that a shell command is executed in the container.
                                                                                                                                                                                          • Copy statement: indicates that files in the local computer are copied to the container.
                                                                                                                                                                                          • ENTRYPOINT statement: indicates the commands that are run after the container is started.
                                                                                                                                                                                          
+
                                                                                                                                                                                          • FROM statement: indicates that centos:7.1.1503 is used as the base image.
                                                                                                                                                                                          • Run statement: indicates that a shell command is executed in the container.
                                                                                                                                                                                          • Copy statement: indicates that files in the local computer are copied to the container.
                                                                                                                                                                                          • ENTRYPOINT statement: indicates the commands that are run after the container is started.
                                                                                                                                                                                          
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        
 
                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_0009.html b/docs/cce/umn/cce_bestpractice_0009.html
index bc25d0047..5853e36d0 100644
--- a/docs/cce/umn/cce_bestpractice_0009.html
+++ b/docs/cce/umn/cce_bestpractice_0009.html
@@ -11,9 +11,9 @@
 
                                                                                                                                                                                      Procedure
                                                                                                                                                                                      1. Log in as the root user to the device running Docker.
                                                                                                                                                                                      2. Enter the apptest directory.
                                                                                                                                                                                        cd apptest
                                                                                                                                                                                        
 
                                                                                                                                                                                        ll
                                                                                                                                                                                        
 
                                                                                                                                                                                        Ensure that files used to build the image are stored in the same directory.
                                                                                                                                                                                        
-
                                                                                                                                                                                        
+
                                                                                                                                                                                        
 
                                                                                                                                                                                      3. Build an image.
                                                                                                                                                                                        docker build -t apptest .
                                                                                                                                                                                        
-
                                                                                                                                                                                      4. Upload the image to the SWR service. For details, see Uploading an Image Through the Client.
                                                                                                                                                                                      
+
                                                                                                                                                                                    5. Upload the image to SWR. For details, see Uploading an Image Through the Client.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    
 
                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_bestpractice_0010.html b/docs/cce/umn/cce_bestpractice_0010.html
index 06aecdbeb..5edb24969 100644
--- a/docs/cce/umn/cce_bestpractice_0010.html
+++ b/docs/cce/umn/cce_bestpractice_0010.html
@@ -12,7 +12,7 @@
 
                                                                                                                                                                                    Procedure
                                                                                                                                                                                    1. Prepare the environment as described in Table 1.
                                                                                                                                                                                      
 
                                                                                                                                                                                      
-
@@ -32,7 +32,7 @@
 
@@ -41,7 +41,7 @@
 
                                                                                                                                                                                    2. Create a cluster and a node.
                                                                                                                                                                                      1. Log in to the CCE console. Choose Clusters. On the displayed page, select the type of the cluster to be created and click Create.
                                                                                                                                                                                        Configure cluster parameters and select the VPC created in 1. 
                                                                                                                                                                                        
 
                                                                                                                                                                                      2. Buy a node and select the key pair created in 1 as the login mode. 
                                                                                                                                                                                      
-
                                                                                                                                                                                    3. Deploy a workload on CCE.
                                                                                                                                                                                      1. Log in to the CCE console, click the created cluster, choose Workloads in the navigation pane, and click Create Workload in the upper right corner.
                                                                                                                                                                                      2. Set the following parameters, and retain the default settings for other parameters:
                                                                                                                                                                                        • Workload Name: Set it to apptest.
                                                                                                                                                                                        • Pods: Set it to 1.
                                                                                                                                                                                        
+
                                                                                                                                                                                      3. Deploy a workload on CCE.
                                                                                                                                                                                        1. Log in to the CCE console, click the created cluster, choose Workloads in the navigation pane, and click Create Workload in the upper right corner.
                                                                                                                                                                                        2. Configure the following parameters, and retain the default settings for other parameters:
                                                                                                                                                                                          • Workload Name: Set it to apptest.
                                                                                                                                                                                          • Pods: Set it to 1.
                                                                                                                                                                                          
 
                                                                                                                                                                                        3. In the Container Settings area, select the image uploaded in Building and Uploading an Image.
                                                                                                                                                                                        4. In the Container Settings area, choose Environment Variables and add environment variables for interconnecting with the MySQL database. The environment variables are set in the startup script.
                                                                                                                                                                                           
                                                                                                                                                                                          In this example, interconnection with the MySQL database is implemented through configuring the environment variables. Determine whether to use environment variables based on your service requirements.
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
@@ -77,7 +77,7 @@
 
                                                                                                                                                                                        5. In the Container Settings area, choose Data Storage and configure cloud storage for persistent data storage.
                                                                                                                                                                                           
                                                                                                                                                                                          In this example, the MongoDB database is used and persistent data storage is also needed, so you need to configure cloud storage. Determine whether to use cloud storage based on your service requirements.
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          The mounted path must be the same as the MongoDB storage path in the Docker startup script. For details, see the startup script. In this example, the path is /usr/local/mongodb/data.
                                                                                                                                                                                          
-
                                                                                                                                                                                        6. In the Service Settings area, click  to add a service, configure workload access parameters, and click OK.
                                                                                                                                                                                           
                                                                                                                                                                                          In this example, the application will be accessible from public networks by using an elastic IP address.
                                                                                                                                                                                          
+
                                                                                                                                                                                        7. In the Service Settings area, click  to add a service, configure workload access parameters, and click OK.
                                                                                                                                                                                           
                                                                                                                                                                                          In this example, the application will be accessible from public networks by using an elastic IP address.
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          • Service Name: name of the application that can be accessed externally. In this example, this parameter is set to apptest.
                                                                                                                                                                                          • Service Type: In this example, select NodePort.
                                                                                                                                                                                          • Service Affinity
                                                                                                                                                                                            • Cluster-level: The IP addresses and access ports of all nodes in a cluster can be used to access the workload associated with the Service. Service access will cause performance loss due to route redirection, and the source IP address of the client cannot be obtained.
                                                                                                                                                                                            • Node-level: Only the IP address and access port of the node where the workload is located can be used to access the workload associated with the Service. Service access will not cause performance loss due to route redirection, and the source IP address of the client can be obtained.
                                                                                                                                                                                            
 
                                                                                                                                                                                          • Port
                                                                                                                                                                                            • Protocol: Set it to TCP.
                                                                                                                                                                                            • Service Port: port for accessing the Service.
                                                                                                                                                                                            • Container Port: port that the application will listen on the container. In this example, this parameter is set to 8080.
                                                                                                                                                                                            • Node Port: Set it to Auto. The system automatically opens a real port on all nodes in the current cluster and then maps the port number to the container port.
                                                                                                                                                                                            
@@ -88,7 +88,7 @@
 
 
                                                                                                                                                                                            Verifying a Workload
                                                                                                                                                                                            After a workload is created, you can access the workload to check whether the deployment is successful.
                                                                                                                                                                                            
 
                                                                                                                                                                                            In the preceding configuration, the NodePort mode is selected to access the workload by using IP address:Port number. If the access is successful, the workload is successfully deployed.
                                                                                                                                                                                            
-
                                                                                                                                                                                            You can obtain the access mode from the Access Mode tab page on the workload details page.
                                                                                                                                                                                            
+
                                                                                                                                                                                            You can obtain the access mode from the Access Mode tab on the workload details page.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
 
                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_bestpractice_00162.html b/docs/cce/umn/cce_bestpractice_00162.html
index 218d2f776..0cce9a02f 100644
--- a/docs/cce/umn/cce_bestpractice_00162.html
+++ b/docs/cce/umn/cce_bestpractice_00162.html
@@ -4,9 +4,9 @@
 
                                                                                                                                                                                            CCE uses proprietary, high-performance container networking add-ons to support the tunnel network, Cloud Native Network 2.0, and VPC network models.
                                                                                                                                                                                            
 
                                                                                                                                                                                             
                                                                                                                                                                                            After a cluster is created, the network model cannot be changed. Exercise caution when selecting a network model.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            • Tunnel network: The container network is an overlay tunnel network on top of a VPC network and uses the VXLAN technology. This network model is applicable when there is no high requirements on performance. VXLAN encapsulates Ethernet packets as UDP packets for tunnel transmission. Though at some cost of performance, the tunnel encapsulation enables higher interoperability and compatibility with advanced features (such as network policy-based isolation), meeting the requirements of most applications.
                                                                                                                                                                                              Figure 1 Container tunnel network
                                                                                                                                                                                              
-
                                                                                                                                                                                            • VPC network: The container network uses VPC routing to integrate with the underlying network. This network model is applicable to performance-intensive scenarios. The maximum number of nodes allowed in a cluster depends on the route quota in a VPC network. Each node is assigned a CIDR block of a fixed size. VPC networks are free from tunnel encapsulation overhead and outperform container tunnel networks. In addition, as VPC routing includes routes to node IP addresses and container network segment, container pods in the cluster can be directly accessed from outside the cluster.
                                                                                                                                                                                              Figure 2 VPC network
                                                                                                                                                                                              
-
                                                                                                                                                                                            • Cloud Native Network 2.0: The container network deeply integrates the elastic network interface (ENI) capability of VPC, uses the VPC CIDR block to allocate container addresses, and supports passthrough networking to containers through a load balancer.
                                                                                                                                                                                              Figure 3 Cloud Native Network 2.0
                                                                                                                                                                                              
+
                                                                                                                                                                                              • Tunnel network: The container network is an overlay tunnel network on top of a VPC network and uses the VXLAN technology. This network model is applicable when there is no high requirements on performance. VXLAN encapsulates Ethernet packets as UDP packets for tunnel transmission. Though at some cost of performance, the tunnel encapsulation enables higher interoperability and compatibility with advanced features (such as network policy-based isolation), meeting the requirements of most applications.
                                                                                                                                                                                                Figure 1 Container tunnel network
                                                                                                                                                                                                
+
                                                                                                                                                                                              • VPC network: The container network uses VPC routing to integrate with the underlying network. This network model is applicable to performance-intensive scenarios. The maximum number of nodes allowed in a cluster depends on the route quota in a VPC network. Each node is assigned a CIDR block of a fixed size. VPC networks are free from tunnel encapsulation overhead and outperform container tunnel networks. In addition, as VPC routing includes routes to node IP addresses and container network segment, container pods in the cluster can be directly accessed from outside the cluster.
                                                                                                                                                                                                Figure 2 VPC network
                                                                                                                                                                                                
+
                                                                                                                                                                                              • Cloud Native Network 2.0: The container network deeply integrates the elastic network interface (ENI) capability of VPC, uses the VPC CIDR block to allocate container addresses, and supports passthrough networking to containers through a load balancer.
                                                                                                                                                                                                Figure 3 Cloud Native Network 2.0
                                                                                                                                                                                                
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              The following table lists the differences between the network models.
                                                                                                                                                                                              
 
@@ -84,7 +84,7 @@
 
                                                                                                                                                                                      4. 
-
diff --git a/docs/cce/umn/cce_bestpractice_00190.html b/docs/cce/umn/cce_bestpractice_00190.html
deleted file mode 100644
index 583c1c89b..000000000
--- a/docs/cce/umn/cce_bestpractice_00190.html
+++ /dev/null
@@ -1,88 +0,0 @@
-
-
-
                                                                                                                                                                                      Adding a Second Data Disk to a Node in a CCE Cluster
                                                                                                                                                                                      
-
                                                                                                                                                                                      You can use the pre-installation script feature to configure CCE cluster nodes (ECSs). 
                                                                                                                                                                                      
-
                                                                                                                                                                                       
                                                                                                                                                                                      • When creating a node in a cluster of v1.13.10 or later, if a data disk is not managed by LVM, follow instructions in this section to format the data disk before adding the disk. Otherwise, the data disk will still be managed by LVM.
                                                                                                                                                                                      • When creating a node in a cluster earlier than v1.13.10, you must format the data disks that are not managed by LVM. Otherwise, either these data disks or the first data disk will be managed by LVM.
                                                                                                                                                                                      
-
                                                                                                                                                                                      
-
                                                                                                                                                                                      Before using this feature, write a script that can format data disks and save it to your OBS bucket. This script must be executed by user root.
                                                                                                                                                                                      
-
                                                                                                                                                                                      Input Parameters
                                                                                                                                                                                      
-
                                                                                                                                                                                      1. Set the script name to formatdisk.sh, save the script to your OBS bucket, and obtain the address of the script in OBS.
                                                                                                                                                                                      2. You need to specify the size of the Docker data disk (the data disk managed by LVM is called the Docker data disk). The size of the Docker disk must be different from that of the second disk. For example, the Docker data disk is 100 GB and the new disk is 110 GB.
                                                                                                                                                                                      3. Set the mount path of the second data disk, for example, /data/code.
                                                                                                                                                                                      
-
                                                                                                                                                                                      Run the following command in the pre-installation script to format the disk:
                                                                                                                                                                                      
-
                                                                                                                                                                                      cd /tmp;curl -k -X GET OBS bucket address /formatdisk.sh -1 -O;fdisk -l;sleep 30;bash -x formatdisk.sh 100 /data/code;fdisk -l
                                                                                                                                                                                      
-
                                                                                                                                                                                      Example script (formatdisk.sh):
                                                                                                                                                                                      
-
                                                                                                                                                                                      dockerdisksize=$1
-mountdir=$2
-systemdisksize=40
-i=0
-while [ 20 -gt $i ]; do 
-    echo $i; 
-    if [ $(lsblk -o KNAME,TYPE | grep disk | grep -v nvme | awk '{print $1}' | awk '{ print "/dev/"$1}' |wc -l) -ge 3 ]; then 
-        break 
-    else 
-        sleep 5 
-    fi; 
-    i=$[i+1] 
-done 
-all_devices=$(lsblk -o KNAME,TYPE | grep disk | grep -v nvme | awk '{print $1}' | awk '{ print "/dev/"$1}')
-for device in ${all_devices[@]}; do
-    isRawDisk=$(lsblk -n $device 2>/dev/null | grep disk | wc -l)
-    if [[ ${isRawDisk} > 0 ]]; then
-        # is it partitioned ?
-        match=$(lsblk -n $device 2>/dev/null | grep -v disk | wc -l)
-        if [[ ${match} > 0 ]]; then
-            # already partited
-            [[ -n "${DOCKER_BLOCK_DEVICES}" ]] && echo "Raw disk ${device} has been partition, will skip this device"
-            continue
-        fi
-    else
-        isPart=$(lsblk -n $device 2>/dev/null | grep part | wc -l)
-        if [[ ${isPart} -ne 1 ]]; then
-            # not parted
-            [[ -n "${DOCKER_BLOCK_DEVICES}" ]] && echo "Disk ${device} has not been partition, will skip this device"
-            continue
-        fi
-        # is used ?
-        match=$(lsblk -n $device 2>/dev/null | grep -v part | wc -l)
-        if [[ ${match} > 0 ]]; then
-            # already used
-            [[ -n "${DOCKER_BLOCK_DEVICES}" ]] && echo "Disk ${device} has been used, will skip this device"
-            continue
-        fi
-        isMount=$(lsblk -n -o MOUNTPOINT $device 2>/dev/null)
-        if [[ -n ${isMount} ]]; then
-            # already used
-            [[ -n "${DOCKER_BLOCK_DEVICES}" ]] && echo "Disk ${device} has been used, will skip this device"
-            continue
-        fi
-        isLvm=$(sfdisk -lqL 2>>/dev/null | grep $device | grep "8e.*Linux LVM")
-        if [[ ! -n ${isLvm} ]]; then
-            # part system type is not Linux LVM
-            [[ -n "${DOCKER_BLOCK_DEVICES}" ]] && echo "Disk ${device} system type is not Linux LVM, will skip this device"
-            continue
-        fi
-    fi
-    block_devices_size=$(lsblk -n -o SIZE $device 2>/dev/null | awk '{ print $1}')
-    if [[ ${block_devices_size}"x" != "${dockerdisksize}Gx" ]] && [[ ${block_devices_size}"x" != "${systemdisksize}Gx" ]]; then
-echo "n
-p
-1
-
-
-w
-" | fdisk $device
-        mkfs -t ext4 ${device}1
-        mkdir -p $mountdir
-	uuid=$(blkid ${device}1 |awk '{print $2}')
-	echo "${uuid}  $mountdir ext4  noatime  0 0" | tee -a /etc/fstab >/dev/null
-        mount $mountdir
-    fi
-done
                                                                                                                                                                                      
-
                                                                                                                                                                                       
                                                                                                                                                                                      If the preceding example cannot be executed, use the dos2unix tool to convert the format.
                                                                                                                                                                                      
-
                                                                                                                                                                                      
-
                                                                                                                                                                                      
-
                                                                                                                                                                                      
-
                                                                                                                                                                                      
-
                                                                                                                                                                                      Parent topic: Cluster
                                                                                                                                                                                      
-
                                                                                                                                                                                      
-
                                                                                                                                                                                      
-
diff --git a/docs/cce/umn/cce_bestpractice_00198.html b/docs/cce/umn/cce_bestpractice_00198.html
index f4932c5fc..86f33fca9 100644
--- a/docs/cce/umn/cce_bestpractice_00198.html
+++ b/docs/cce/umn/cce_bestpractice_00198.html
@@ -1,11 +1,58 @@
 
 
-
                                                                                                                                                                                      Expanding Node Disk Capacity
                                                                                                                                                                                      
-
                                                                                                                                                                                      System Disk
                                                                                                                                                                                      EulerOS 2.9 is used as the sample OS. Originally, system disk /dev/vda has 50 GB and one partition (/dev/vda1), and then 50 GB is added to the disk. In this example, the additional 50 GB is allocated to the existing /dev/vda1 partition.
                                                                                                                                                                                      
-
                                                                                                                                                                                      1. Expand the capacity of the system disk on the EVS console.
                                                                                                                                                                                      2. Log in to the node and run the growpart command to check whether growpart has been installed.
                                                                                                                                                                                        If the tool operation guide is displayed, the tool has been installed. Otherwise, run the following command to install it:
                                                                                                                                                                                        
+
                                                                                                                                                                                        Expanding the Storage Space
                                                                                                                                                                                        
+
                                                                                                                                                                                        The storage classes that can be expanded for CCE nodes are as follows:
                                                                                                                                                                                        
+
+
                                                                                                                                                                                      Table 1 Preparing the environment
                                                                                                                                                                                      No.
                                                                                                                                                                                      
 
                                                                                                                                                                                      Item
                                                                                                                                                                                      
+
                                                                                                                                                                                      Category
                                                                                                                                                                                      
                                                                                                                                                                                       		
 
                                                                                                                                                                                      Procedure
                                                                                                                                                                                      
 
                                                                                                                                                                                      Creating a key pair
                                                                                                                                                                                      
                                                                                                                                                                                       		
 
                                                                                                                                                                                      Create a key pair before you create a containerized application. Key pairs are used for identity authentication during remote login to a node. If you have a key pair already, skip this task. 
                                                                                                                                                                                      
-
                                                                                                                                                                                      1. Log in to the management console.
                                                                                                                                                                                      2. In the service list, choose Data Encryption Workshop under Security & Compliance.
                                                                                                                                                                                      3. In the navigation pane, choose Key Pair Service. On the Private Key Pairs tab page, click Create Key Pair.
                                                                                                                                                                                      4. Enter a key pair name, select I agree to have the private key managed on the cloud and I have read and agree to the Key Pair Service Disclaimer, and click OK.
                                                                                                                                                                                      5. In the dialog box displayed, click OK.
                                                                                                                                                                                        View and save the key pair. For security purposes, a key pair can be downloaded only once. Keep it secure to ensure successful login. 
                                                                                                                                                                                        
+
                                                                                                                                                                                        1. Log in to the management console.
                                                                                                                                                                                        2. In the service list, choose Data Encryption Workshop under Security & Compliance.
                                                                                                                                                                                        3. In the navigation pane, choose Key Pair Service. On the Private Key Pairs tab, click Create Key Pair.
                                                                                                                                                                                        4. Enter a key pair name, select I agree to have the private key managed on the cloud and I have read and agree to the Key Pair Service Disclaimer, and click OK.
                                                                                                                                                                                        5. In the dialog box displayed, click OK.
                                                                                                                                                                                          View and save the key pair. For security purposes, a key pair can be downloaded only once. Keep it secure to ensure successful login. 
                                                                                                                                                                                          
 
                                                                                                                                                                                        
 
                                                                                                                                                                                      		
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      A maximum of 2,000 nodes are supported.
                                                                                                                                                                                      
                                                                                                                                                                                       		
 
                                                                                                                                                                                      Scenario
                                                                                                                                                                                      
+
                                                                                                                                                                                      Application Scenarios
                                                                                                                                                                                      
                                                                                                                                                                                       		
 
                                                                                                                                                                                      • Common container services
                                                                                                                                                                                      • Scenarios that do not have high requirements on network latency and bandwidth
                                                                                                                                                                                      
 
                                                                                                                                                                                      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                      Table 1 Capacity expansion methods
                                                                                                                                                                                      Type
                                                                                                                                                                                      
+
                                                                                                                                                                                      Name
                                                                                                                                                                                      
+
                                                                                                                                                                                      Purpose
                                                                                                                                                                                      
+
                                                                                                                                                                                      Capacity Expansion Method
                                                                                                                                                                                      
+
                                                                                                                                                                                      Node disk
                                                                                                                                                                                      
+
                                                                                                                                                                                      System disk
                                                                                                                                                                                      
+
                                                                                                                                                                                      A disk attached to a node for installing the operating system
                                                                                                                                                                                      
+
                                                                                                                                                                                      Expanding System Disk Capacity
                                                                                                                                                                                      
+
                                                                                                                                                                                      Data disk
                                                                                                                                                                                      
+
                                                                                                                                                                                      A disk that must be attached to a node for the container engine and kubelet
                                                                                                                                                                                      
+                                                                                                                                                                                      		
+
                                                                                                                                                                                      Container storage
                                                                                                                                                                                      
+
                                                                                                                                                                                      Pod container space
                                                                                                                                                                                      
+
                                                                                                                                                                                      The base size of a container, which is, the upper limit of the disk space occupied by each pod (including the storage space occupied by container images)
                                                                                                                                                                                      
+
                                                                                                                                                                                      Expanding the Capacity of a Data Disk Used by Pod (basesize)
                                                                                                                                                                                      
+
                                                                                                                                                                                      PVC
                                                                                                                                                                                      
+
                                                                                                                                                                                      Storage resources mounted to the containers
                                                                                                                                                                                      
+
                                                                                                                                                                                      Expanding a PVC
                                                                                                                                                                                      
+
                                                                                                                                                                                      
+
                                                                                                                                                                                      
+
                                                                                                                                                                                      Expanding System Disk Capacity
                                                                                                                                                                                      EulerOS 2.9 is used as the sample OS. There is only one partition (/dev/vda1) with a capacity of 50 GiB in the system disk /dev/vda, and then 50 GiB is added to the system disk. In this example, the additional 50 GiB is allocated to the existing /dev/vda1 partition.
                                                                                                                                                                                      
+
                                                                                                                                                                                      1. Expand the capacity of the system disk on the EVS console.
                                                                                                                                                                                      2. Log in to the node and run the growpart command to check whether growpart has been installed.
                                                                                                                                                                                        If the tool operation guide is displayed, the growpart has been installed. Otherwise, run the following command to install growpart:
                                                                                                                                                                                        
 
                                                                                                                                                                                        yum install cloud-utils-growpart
                                                                                                                                                                                        
-
                                                                                                                                                                                      3. Run the following command to view the total capacity of the system disk /dev/vda:
                                                                                                                                                                                        fdisk -l
                                                                                                                                                                                        
-
                                                                                                                                                                                        The following information is displayed, indicating that the total capacity of system disk /dev/vda is 100 GiB:
                                                                                                                                                                                        
+
                                                                                                                                                                                      4. Run the following command to view the total capacity of the system disk /dev/vda:
                                                                                                                                                                                        fdisk -l
                                                                                                                                                                                        
+
                                                                                                                                                                                        If the following information is displayed, the total capacity of /dev/vda is 100 GiB.
                                                                                                                                                                                        
 
                                                                                                                                                                                        [root@test-48162 ~]# fdisk -l
 Disk /dev/vda: 100 GiB, 107374182400 bytes, 209715200 sectors
 Units: sectors of 1 * 512 = 512 bytes
@@ -31,8 +78,8 @@ Disk /dev/mapper/vgpaas-kubernetes: 10 GiB, 10733223936 bytes, 20963328 sectors
 Units: sectors of 1 * 512 = 512 bytes
 Sector size (logical/physical): 512 bytes / 512 bytes
 I/O size (minimum/optimal): 512 bytes / 512 bytes
                                                                                                                                                                                        
-
                                                                                                                                                                                      5. Run the following command to check the capacity of the system disk partition /dev/vda1:
                                                                                                                                                                                        df -TH
                                                                                                                                                                                        
-
                                                                                                                                                                                        The command output is as follows:
                                                                                                                                                                                        
+
                                                                                                                                                                                      6. Run the following command to check the capacity of the system disk partition /dev/vda1:
                                                                                                                                                                                        df -TH
                                                                                                                                                                                        
+
                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                        
 
                                                                                                                                                                                        [root@test-48162 ~]# df -TH
 Filesystem                    Type      Size  Used Avail Use% Mounted on
 devtmpfs                      devtmpfs  1.8G     0  1.8G   0% /dev
@@ -45,14 +92,14 @@ tmpfs                         tmpfs     1.8G   75M  1.8G   5% /tmp
 /dev/mapper/vgpaas-kubernetes ext4       11G   39M   10G   1% /mnt/paas/kubernetes/kubelet
 ...
                                                                                                                                                                                        
 
                                                                                                                                                                                      7. Run the following command to extend the partition using growpart:
                                                                                                                                                                                        growpart System disk Partition number
                                                                                                                                                                                        
-
                                                                                                                                                                                        Command example: (The system disk has only one partition /dev/vda1. Therefore, the partition number is 1.)
                                                                                                                                                                                        
+
                                                                                                                                                                                        The partition number is 1 because there is only one /dev/vda1 partition in the system disk, as shown in the following command:
                                                                                                                                                                                        
 
                                                                                                                                                                                        growpart /dev/vda 1
                                                                                                                                                                                        
-
                                                                                                                                                                                        The command output is as follows:
                                                                                                                                                                                        
+
                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                        
 
                                                                                                                                                                                        CHANGED: partition=1 start=2048 old: size=104855519 end=104857567 new: size=209713119 end=209715167
                                                                                                                                                                                        
 
                                                                                                                                                                                      8. Run the following command to extend the file system:
                                                                                                                                                                                        resize2fs Disk partition
                                                                                                                                                                                        
-
                                                                                                                                                                                        Example command:
                                                                                                                                                                                        
+
                                                                                                                                                                                        An example command is as follows:
                                                                                                                                                                                        
 
                                                                                                                                                                                        resize2fs /dev/vda1
                                                                                                                                                                                        
-
                                                                                                                                                                                        The command output is as follows:
                                                                                                                                                                                        
+
                                                                                                                                                                                        Information similar to the following is displayed:
                                                                                                                                                                                        
 
                                                                                                                                                                                        resize2fs 1.45.6 (20-Mar-2020)
 Filesystem at /dev/vda1 is mounted on /; on-line resizing required
 old_desc_blocks = 7, new_desc_blocks = 13
@@ -70,17 +117,18 @@ tmpfs                         tmpfs     1.8G   75M  1.8G   5% /tmp
 /dev/mapper/vgpaas-dockersys  ext4       95G  1.3G   89G   2% /var/lib/docker
 /dev/mapper/vgpaas-kubernetes ext4       11G   39M   10G   1% /mnt/paas/kubernetes/kubelet
 ...
                                                                                                                                                                                        
-
                                                                                                                                                                                      9. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data at the row containing the target node.
                                                                                                                                                                                      
+
                                                                                                                                                                                    4. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                    
 
                                                                                                                                                                                    
-
                                                                                                                                                                                    Node Data Disk (Dedicated for Docker)
                                                                                                                                                                                    1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                                                    2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data at the row containing the target node.
                                                                                                                                                                                    3. Log in to the target node.
                                                                                                                                                                                    4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                      A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                      
+
                                                                                                                                                                                      Expanding the Capacity of a Data Disk Used by Container Engines
                                                                                                                                                                                      CCE divides the data disk space for two parts by default. One part is used to store the Docker/containerd working directories, container images, and image metadata. The other is reserved for kubelet and emptyDir volumes. The available container engine space affects image pulls and container startup and running. This section uses Docker as an example to describe how to expand the container engine capacity.
                                                                                                                                                                                      
+
                                                                                                                                                                                      1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                                                      2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                      3. Log in to the target node.
                                                                                                                                                                                      4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                        A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                        
 
                                                                                                                                                                                        • Overlayfs: No independent thin pool is allocated. Image data is stored in the dockersys disk.
                                                                                                                                                                                          # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 sda                   8:0    0   50G  0 disk 
 └─sda1                8:1    0   50G  0 part /
 sdb                   8:16   0  200G  0 disk 
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/docker               # Space used by Docker.
-└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes.
                                                                                                                                                                                          
-
                                                                                                                                                                                          Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                          
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/docker               # Space used by the container engine
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
+
                                                                                                                                                                                          Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                          
 
                                                                                                                                                                                          pvresize /dev/sdb 
 lvextend -l+100%FREE -n vgpaas/dockersys
 resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                          
@@ -97,20 +145,41 @@ sdb                                   8:16   0  200G  0 disk
 │ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
 │   ...
 └─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
-
                                                                                                                                                                                          • Run the following commands on the node to add the new disk capacity to the thinpool disk:
                                                                                                                                                                                            pvresize /dev/sdb 
+
                                                                                                                                                                                            • Run the following commands on the node to add the new disk capacity to the thinpool disk:
                                                                                                                                                                                              pvresize /dev/sdb 
 lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                                              
-
                                                                                                                                                                                            • Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                              pvresize /dev/sdb 
+
                                                                                                                                                                                            • Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                              pvresize /dev/sdb 
 lvextend -l+100%FREE -n vgpaas/dockersys
 resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                              
 
                                                                                                                                                                                            
 
                                                                                                                                                                                          
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      
-
                                                                                                                                                                                      Node Data Disk (Kubernetes)
                                                                                                                                                                                      1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                                                      2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data at the row containing the target node.
                                                                                                                                                                                      3. Log in to the target node.
                                                                                                                                                                                      4. Run the following commands on the node to add the new disk capacity to the Kubernetes disk:
                                                                                                                                                                                        pvresize /dev/sdb
+
                                                                                                                                                                                        Expanding the Capacity of a Data Disk Used by kubelet
                                                                                                                                                                                        CCE divides the data disk space for container engines and pods. The container engine space stores the Docker/containerd working directories, container images, and image metadata. The other is reserved for kubelet and emptyDir volumes. To expand the kubelet space, perform the following steps:
                                                                                                                                                                                        
+
                                                                                                                                                                                        1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                                                        2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                        3. Log in to the target node.
                                                                                                                                                                                        4. Run the following commands on the node to add the new disk capacity to the Kubernetes disk:
                                                                                                                                                                                          pvresize /dev/sdb
 lvextend -l+100%FREE -n vgpaas/kubernetes
 resize2fs /dev/vgpaas/kubernetes
                                                                                                                                                                                          
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        
+
                                                                                                                                                                                        Expanding the Capacity of a Data Disk Used by Pod (basesize)
                                                                                                                                                                                        1. Log in to the CCE console and click the name of the target cluster in the cluster list.
                                                                                                                                                                                        2. Choose Nodes from the navigation pane.
                                                                                                                                                                                        3. Select the target node and choose More > Reset Node in the Operation column.
                                                                                                                                                                                           
                                                                                                                                                                                          Resetting a node may make the node-specific resources (such as local storage and workloads scheduled to this node) unavailable. Exercise caution when performing this operation to avoid impact on running services.
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                        4. Reconfigure node parameters.
                                                                                                                                                                                          If you need to adjust the container storage space, pay attention to the following configurations:
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          Storage Settings: Click Expand next to the data disk to set the following parameters:
                                                                                                                                                                                          • Allocate Disk Space: storage space used by the container engine to store the Docker/containerd working directory, container image data, and image metadata. Defaults to 90% of the data disk.
                                                                                                                                                                                          • Allocate Pod Basesize: CCE allows you to set an upper limit for the disk space occupied by each workload pod (including the space occupied by container images). This setting prevents the pods from taking all the disk space available, which may cause service exceptions. It is recommended that the value be less than or equal to 80% of the container engine space.
                                                                                                                                                                                             
                                                                                                                                                                                            • The capability of customizing pod basesize is related to the node OS and container storage rootfs.
                                                                                                                                                                                              • When the rootfs uses Device Mapper, the node supports custom pod basesize. The default storage space of a single container is 10 GiB.
                                                                                                                                                                                              • When the rootfs uses OverlayFS, most nodes do not support custom pod basesize. The storage space of a single container is not limited and defaults to the container engine space.
                                                                                                                                                                                                Only nodes running EulerOS 2.9 in clusters of 1.19.16, 1.21.3, 1.23.3, and later versions support custom pod basesize.
                                                                                                                                                                                                
+
                                                                                                                                                                                              
+
                                                                                                                                                                                            • In the case of using Docker on nodes running EulerOS 2.9, basesize will not take effect if CAP_SYS_RESOURCE or privileged is configured for a container.
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                        5. After the node is reset, log in to the node and run the following command to access the container and check whether the container storage capacity has been expanded.
                                                                                                                                                                                          docker exec -it container_id /bin/sh or kubectl exec -it container_id /bin/sh
                                                                                                                                                                                          
+
                                                                                                                                                                                          df -h
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                        
+
                                                                                                                                                                                        
+
                                                                                                                                                                                        Expanding a PVC
                                                                                                                                                                                        Cloud storage:
                                                                                                                                                                                        
+
                                                                                                                                                                                        • OBS and SFS: There is no storage restriction and capacity expansion is not required.
                                                                                                                                                                                        • EVS:
                                                                                                                                                                                          • You can expand the capacity of automatically created pay-per-use volumes on the console. The procedure is as follows:
                                                                                                                                                                                            1. Choose Storage in the navigation pane and click the PersistentVolumeClaims (PVCs) tab. Locate the row containing the target PVC and choose More > Scale-out in the Operation column.
                                                                                                                                                                                            2. Enter the capacity to be added and click OK.
                                                                                                                                                                                            
+
                                                                                                                                                                                          
+
                                                                                                                                                                                        • For SFS Turbo, expand the capacity on the SFS console and then change the capacity in the PVC.
                                                                                                                                                                                        
+
                                                                                                                                                                                        
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_00199.html b/docs/cce/umn/cce_bestpractice_00199.html
index a26ddc3bc..f6d6f9741 100644
--- a/docs/cce/umn/cce_bestpractice_00199.html
+++ b/docs/cce/umn/cce_bestpractice_00199.html
@@ -2,16 +2,15 @@
 
 
                                                                                                                                                                                      Mounting an Object Storage Bucket of a Third-Party Tenant
                                                                                                                                                                                      
 
                                                                                                                                                                                      This section describes how to mount OBS buckets and OBS parallel file systems (preferred) of third-party tenants.
                                                                                                                                                                                      
-
                                                                                                                                                                                      Scenario
                                                                                                                                                                                      The CCE cluster of a SaaS service provider needs to be mounted with the OBS bucket of a third-party tenant, as shown in Figure 1.
                                                                                                                                                                                      
-
                                                                                                                                                                                      Figure 1 Mounting an OBS bucket of a third-party tenant
                                                                                                                                                                                      
+
                                                                                                                                                                                      Application Scenarios
                                                                                                                                                                                      The CCE cluster of a SaaS service provider needs to be mounted with the OBS bucket of a third-party tenant, as shown in Figure 1.
                                                                                                                                                                                      
+
                                                                                                                                                                                      Figure 1 Mounting an OBS bucket of a third-party tenant
                                                                                                                                                                                      
 
                                                                                                                                                                                      1. The third-party tenant authorizes the SaaS service provider to access the OBS buckets or parallel file systems by setting the bucket policy and bucket ACL.
                                                                                                                                                                                      2. The SaaS service provider statically imports the OBS buckets and parallel file systems of the third-party tenant.
                                                                                                                                                                                      3. The SaaS service provider processes the service and writes the processing result (result file or result data) back to the OBS bucket of the third-party tenant.
                                                                                                                                                                                      
 
                                                                                                                                                                                      
-
                                                                                                                                                                                      Precautions
                                                                                                                                                                                      • Only parallel file systems and OBS buckets of third-party tenants in the same region can be mounted.
                                                                                                                                                                                      • Only clusters where the everest add-on of v1.1.11 or later has been installed (the cluster version must be v1.15 or later) can be mounted with OBS buckets of third-party tenants.
                                                                                                                                                                                      • The service platform of the SaaS service provider needs to manage the lifecycle of the third-party bucket PVs. When a PVC is deleted separately, the PV is not deleted. Instead, it will be retained. To do so, you need to call the native Kubernetes APIs to create and delete static PVs.
                                                                                                                                                                                      
+
                                                                                                                                                                                      Precautions
                                                                                                                                                                                      • Only parallel file systems and OBS buckets of third-party tenants in the same region can be mounted.
                                                                                                                                                                                      • Only clusters where the everest add-on of v1.1.11 or later has been installed (the cluster version must be v1.15 or later) can be mounted with OBS buckets of third-party tenants.
                                                                                                                                                                                      • The service platform of the SaaS service provider needs to manage the lifecycle of the third-party bucket PVs. When a PVC is deleted separately, the PV is not deleted. Instead, it will be retained. To do so, call the native Kubernetes APIs to create and delete static PVs.
                                                                                                                                                                                      
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      Authorizing the SaaS Service Provider to Access the OBS Buckets
                                                                                                                                                                                      The following uses an OBS bucket as an example to describe how to set a bucket policy and bucket ACL to authorize the SaaS service provider. The configuration for an OBS parallel file system is the same.
                                                                                                                                                                                      
-
                                                                                                                                                                                      1. Log in to the OBS console. In the navigation pane, choose Buckets.
                                                                                                                                                                                      2. In the bucket list, click a bucket name to access the Overview page.
                                                                                                                                                                                      1. In the navigation pane, choose Permissions > Bucket Policy. On the displayed page, click Create to create a bucket policy.
                                                                                                                                                                                        Set the parameters as shown in the following figure.
                                                                                                                                                                                        Figure 2 Creating a bucket policy
                                                                                                                                                                                        
-
                                                                                                                                                                                        • Policy Mode: Select Customized.
                                                                                                                                                                                        • Effect: Select Allow.
                                                                                                                                                                                        • Principal: Select Other account, and enter the account ID and user ID. The bucket policy takes effect for the specified users.
                                                                                                                                                                                        • Resources: Select the resources that can be operated.
                                                                                                                                                                                        • Actions: Select the actions that can be operated.
                                                                                                                                                                                        
-
                                                                                                                                                                                        
+
                                                                                                                                                                                        1. Log in to the OBS console.
                                                                                                                                                                                        2. In the bucket list, click a bucket name to access the Overview page.
                                                                                                                                                                                        1. In the navigation pane, choose Permissions > Bucket Policy. On the displayed page, click Create to create a bucket policy.
                                                                                                                                                                                          Figure 2 Creating a bucket policy
                                                                                                                                                                                          
+
                                                                                                                                                                                          • Policy Mode: Select Customized.
                                                                                                                                                                                          • Effect: Select Allow.
                                                                                                                                                                                          • Principal: Select Other account, and enter the account ID and user ID. The bucket policy takes effect for the specified users.
                                                                                                                                                                                          • Resources: Select the resources that can be operated.
                                                                                                                                                                                          • Actions: Select the actions that can be operated.
                                                                                                                                                                                          
 
                                                                                                                                                                                        2. In the navigation pane, choose Permissions > Bucket ACLs. In the right pane, click Add.Enter the account ID or account name of the authorized user, select Read and Write for Access to Bucket, select Read and Write for Access to ACL, and click OK.
                                                                                                                                                                                        
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      Statically Importing OBS Buckets and Parallel File Systems
                                                                                                                                                                                      • Static PV of an OBS bucket:
                                                                                                                                                                                        apiVersion: v1
@@ -29,15 +28,15 @@ spec:
   - default_acl=bucket-owner-full-control      #New OBS mounting parameters
   csi:
     driver: obs.csi.everest.io
-    fsType: obsfs
+    fsType: s3fs
     volumeAttributes:
       everest.io/obs-volume-type: STANDARD
-      everest.io/region:    eu-de     #Set it to the ID of the current region.
+      everest.io/region:   eu-de     #Set it to the ID of the current region.
       storage.kubernetes.io/csiProvisionerIdentity: everest-csi-provisioner
     volumeHandle: objbucket             #Replace the name with the actual bucket name of the third-party tenant.
   persistentVolumeReclaimPolicy: Retain    #This parameter must be set to Retain to ensure that the bucket will not be deleted when a PV is deleted.
   storageClassName: csi-obs-mountoption    #You can associate a new custom OBS storage class or the built-in csi-obs of the cluster.
                                                                                                                                                                                        
-
                                                                                                                                                                                        • mountOptions: This field contains the new OBS mounting parameters that allow the bucket owner to have full access to the data in the bucket. This field solves the problem that the bucket owner cannot read the data written into a mounted third-party bucket. If the object storage of a third-party tenant is mounted, default_acl must be set to bucket-owner-full-control. For details about other values of default_acl, see Bucket ACLs and Object ACLs.
                                                                                                                                                                                        • persistentVolumeReclaimPolicy: When the object storage of a third-party tenant is mounted, this field must be set to Retain. In this way, the OBS bucket will not be deleted when a PV is deleted. The service platform of the SaaS service provider needs to manage the lifecycle of the third-party bucket PVs. When a PVC is deleted separately, the PV is not deleted. Instead, it will be retained. To do so, you need to call the native Kubernetes APIs to create and delete static PVs.
                                                                                                                                                                                        • storageClassName: You can associate a new custom OBS storage class (click here) or the built-in csi-obs of the cluster.
                                                                                                                                                                                        
+
                                                                                                                                                                                        • mountOptions: This field contains the new OBS mounting parameters that allow the bucket owner to have full access to the data in the bucket. This field solves the problem that the bucket owner cannot read the data written into a mounted third-party bucket. If the object storage of a third-party tenant is mounted, default_acl must be set to bucket-owner-full-control. For details about other values of default_acl, see Bucket ACLs and Object ACLs.
                                                                                                                                                                                        • persistentVolumeReclaimPolicy: When the object storage of a third-party tenant is mounted, this field must be set to Retain. In this way, the OBS bucket will not be deleted when a PV is deleted. The service platform of the SaaS service provider needs to manage the lifecycle of the third-party bucket PVs. When a PVC is deleted separately, the PV is not deleted. Instead, it will be retained. To do so, call the native Kubernetes APIs to create and delete static PVs.
                                                                                                                                                                                        • storageClassName: You can associate a new custom OBS storage class (click here) or the built-in csi-obs of the cluster.
                                                                                                                                                                                        
 
                                                                                                                                                                                        PVC of a bound OBS bucket:
                                                                                                                                                                                        apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -79,7 +78,7 @@ spec:
     volumeHandle: obsfscheck               #Replace the name with the actual name of the parallel file system of the third-party tenant.
   persistentVolumeReclaimPolicy: Retain        #This parameter must be set to Retain to ensure that the bucket will not be deleted when a PV is deleted.
   storageClassName: csi-obs-mountoption       #You can associate a new custom OBS storage class or the built-in csi-obs of the cluster.
                                                                                                                                                                                        
-
                                                                                                                                                                                        • mountOptions: This field contains the new OBS mounting parameters that allow the bucket owner to have full access to the data in the bucket. This field solves the problem that the bucket owner cannot read the data written into a mounted third-party bucket. If the object storage of a third-party tenant is mounted, default_acl must be set to bucket-owner-full-control. For details about other values of default_acl, see Bucket ACLs and Object ACLs.
                                                                                                                                                                                        • persistentVolumeReclaimPolicy: When the object storage of a third-party tenant is mounted, this field must be set to Retain. In this way, the OBS bucket will not be deleted when a PV is deleted. The service platform of the SaaS service provider needs to manage the lifecycle of the third-party bucket PVs. When a PVC is deleted separately, the PV is not deleted. Instead, it will be retained. To do so, you need to call the native Kubernetes APIs to create and delete static PVs.
                                                                                                                                                                                        • storageClassName: You can associate a new custom OBS storage class (click here) or the built-in csi-obs of the cluster.
                                                                                                                                                                                        
+
                                                                                                                                                                                        • mountOptions: This field contains the new OBS mounting parameters that allow the bucket owner to have full access to the data in the bucket. This field solves the problem that the bucket owner cannot read the data written into a mounted third-party bucket. If the object storage of a third-party tenant is mounted, default_acl must be set to bucket-owner-full-control. For details about other values of default_acl, see Bucket ACLs and Object ACLs.
                                                                                                                                                                                        • persistentVolumeReclaimPolicy: When the object storage of a third-party tenant is mounted, this field must be set to Retain. In this way, the OBS bucket will not be deleted when a PV is deleted. The service platform of the SaaS service provider needs to manage the lifecycle of the third-party bucket PVs. When a PVC is deleted separately, the PV is not deleted. Instead, it will be retained. To do so, call the native Kubernetes APIs to create and delete static PVs.
                                                                                                                                                                                        • storageClassName: You can associate a new custom OBS storage class (click here) or the built-in csi-obs of the cluster.
                                                                                                                                                                                        
 
                                                                                                                                                                                        PVC of a bound OBS parallel file system:
                                                                                                                                                                                        apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -111,7 +110,7 @@ parameters:
 provisioner: everest-csi-provisioner
 reclaimPolicy: Retain
 volumeBindingMode: Immediate
                                                                                                                                                                                        
-
                                                                                                                                                                                        • csi.storage.k8s.io/fstype: File type. The value can be obsfs or s3fs. If the value is s3fs, an OBS bucket is created and mounted using s3fs. If the value is obsfs, an OBS parallel file system is created and mounted using obsfs.
                                                                                                                                                                                        • reclaimPolicy: Reclaim policy of a PV. The value will be set in PV.spec.persistentVolumeReclaimPolicy dynamically created based on the new PVC associated with the storage class. If the value is Delete, the external OBS bucket and the PV will be deleted when the PVC is deleted. If the value is Retain, the PV and external storage are retained when the PVC is deleted. In this case, you need to clear the PV separately. In the scenario where an imported third-party bucket is associated, the storage class is used only for associating static PVs (with this field set to Retain). Dynamic creation is not involved.
                                                                                                                                                                                        
+
                                                                                                                                                                                        • csi.storage.k8s.io/fstype: File type. The value can be obsfs or s3fs. If the value is s3fs, an OBS bucket is created and mounted using s3fs. If the value is obsfs, an OBS parallel file system is created and mounted using obsfs.
                                                                                                                                                                                        • reclaimPolicy: Reclaim policy of a PV. The value will be set in PV.spec.persistentVolumeReclaimPolicy dynamically created based on the new PVC associated with the storage class. If the value is Delete, the external OBS bucket and the PV will be deleted when the PVC is deleted. If the value is Retain, the PV and external storage are retained when the PVC is deleted. In this case, clear the PV separately. In the scenario where an imported third-party bucket is associated, the storage class is used only for associating static PVs (with this field set to Retain). Dynamic creation is not involved.
                                                                                                                                                                                        
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      
 
                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_bestpractice_00220.html b/docs/cce/umn/cce_bestpractice_00220.html
index cf89c1786..ca591495d 100644
--- a/docs/cce/umn/cce_bestpractice_00220.html
+++ b/docs/cce/umn/cce_bestpractice_00220.html
@@ -1,19 +1,19 @@
 
 
-
                                                                                                                                                                                      Implementing High Availability for Containers in CCE
                                                                                                                                                                                      
+
                                                                                                                                                                                      Implementing High Availability for Applications in CCE
                                                                                                                                                                                      
 
                                                                                                                                                                                      Basic Principles
                                                                                                                                                                                      To achieve high availability for your CCE containers, you can do as follows:
                                                                                                                                                                                      
-
                                                                                                                                                                                      1. Deploy three master nodes for the cluster.
                                                                                                                                                                                      2. When nodes are deployed across AZs, set custom scheduling policies based on site requirements to maximize resource utilization.
                                                                                                                                                                                      3. Create multiple node pools in different AZs and use them for node scaling.
                                                                                                                                                                                      4. Set the number of pods to be greater than 2 when creating a workload.
                                                                                                                                                                                      5. Set pod affinity rules to distribute pods to different AZs and nodes.
                                                                                                                                                                                      
+
                                                                                                                                                                                      1. Deploy three master nodes for the cluster.
                                                                                                                                                                                      2. Create nodes in different AZs. When nodes are deployed across AZs, you can customize scheduling policies based on your requirements to maximize resource utilization.
                                                                                                                                                                                      3. Create multiple node pools in different AZs and use them for node scaling.
                                                                                                                                                                                      4. Set the number of pods to be greater than 2 when creating a workload.
                                                                                                                                                                                      5. Set pod affinity rules to distribute pods to different AZs and nodes.
                                                                                                                                                                                      
 
                                                                                                                                                                                      
-
                                                                                                                                                                                      Procedure
                                                                                                                                                                                      Assume that there are four nodes in a cluster distributed in the following AZs:
                                                                                                                                                                                      
+
                                                                                                                                                                                      Procedure
                                                                                                                                                                                      Assume that there are four nodes in a cluster distributed in different AZs.
                                                                                                                                                                                      
 
                                                                                                                                                                                      $ kubectl get node -L topology.kubernetes.io/zone,kubernetes.io/hostname
 NAME            STATUS   ROLES    AGE   VERSION                      ZONE     HOSTNAME
 192.168.5.112   Ready    <none>   42m   v1.21.7-r0-CCE21.11.1.B007   zone01   192.168.5.112
 192.168.5.179   Ready    <none>   42m   v1.21.7-r0-CCE21.11.1.B007   zone01   192.168.5.179
 192.168.5.252   Ready    <none>   37m   v1.21.7-r0-CCE21.11.1.B007   zone02   192.168.5.252
 192.168.5.8     Ready    <none>   33h   v1.21.7-r0-CCE21.11.1.B007   zone03   192.168.5.8
                                                                                                                                                                                      
-
                                                                                                                                                                                      Create workloads according to the following two podAntiAffinity rules:
                                                                                                                                                                                      
-
                                                                                                                                                                                      • The first one is the pod anti-affinity in an AZ. Set the parameters as follows:
                                                                                                                                                                                        • weight: A larger weight value indicates a higher priority. In this example, set it to 50.
                                                                                                                                                                                        • topologyKey: a default or custom key for the node label that the system uses to denote a topology domain. A topology key determines the scope where the pod should be scheduled to. In this example, set this parameter to topology.kubernetes.io/zone, which is the label for identifying the AZ where the node is located.
                                                                                                                                                                                        • labelSelector: Select the label of the workload to realize the anti-affinity between this container and the workload.
                                                                                                                                                                                        
-
                                                                                                                                                                                      • The second one is the pod anti-affinity in the node host name. Set the parameters as follows:
                                                                                                                                                                                        • weight: Set it to 50.
                                                                                                                                                                                        • topologyKey: Set it to kubernetes.io/hostname.
                                                                                                                                                                                        • labelSelector: Select the label of the pod, which is anti-affinity with the pod.
                                                                                                                                                                                        
+
                                                                                                                                                                                        Create workloads according to the following podAntiAffinity rules:
                                                                                                                                                                                        
+
                                                                                                                                                                                        • Pod anti-affinity in an AZ. Configure the parameters as follows:
                                                                                                                                                                                          • weight: A larger weight value indicates a higher priority of scheduling. In this example, set it to 50.
                                                                                                                                                                                          • topologyKey: includes a default or custom key for the node label that the system uses to denote a topology domain. A topology key determines the scope where the pod should be scheduled to. In this example, set this parameter to topology.kubernetes.io/zone, which is the label for identifying the AZ where the node is located.
                                                                                                                                                                                          • labelSelector: Select the label of the workload to realize the anti-affinity between this container and the workload.
                                                                                                                                                                                          
+
                                                                                                                                                                                        • The second one is the pod anti-affinity in the node hostname. Configure the parameters as follows:
                                                                                                                                                                                          • weight: Set it to 50.
                                                                                                                                                                                          • topologyKey: Set it to kubernetes.io/hostname.
                                                                                                                                                                                          • labelSelector: Select the label of the pod, which is anti-affinity with the pod.
                                                                                                                                                                                          
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        kind: Deployment
 apiVersion: apps/v1
diff --git a/docs/cce/umn/cce_bestpractice_00221.html b/docs/cce/umn/cce_bestpractice_00221.html
index de1689695..313fb5ccb 100644
--- a/docs/cce/umn/cce_bestpractice_00221.html
+++ b/docs/cce/umn/cce_bestpractice_00221.html
@@ -1,16 +1,16 @@
 
 
 
                                                                                                                                                                                        Configuring kubeconfig for Fine-Grained Management on Cluster Resources
                                                                                                                                                                                        
-
                                                                                                                                                                                        Scenario
                                                                                                                                                                                        By default, the kubeconfig file provided by CCE for users has permissions bound to the cluster-admin role, which are equivalent to the permissions of user root. It is difficult to implement refined management on users with such permissions.
                                                                                                                                                                                        
+
                                                                                                                                                                                        Application Scenarios
                                                                                                                                                                                        By default, the kubeconfig file provided by CCE for users has permissions bound to the cluster-admin role, which are equivalent to the permissions of user root. It is difficult to implement refined management on users with such permissions.
                                                                                                                                                                                        
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        Purpose
                                                                                                                                                                                        Cluster resources are managed in a refined manner so that specific users have only certain permissions (such as adding, querying, and modifying resources).
                                                                                                                                                                                        
 
                                                                                                                                                                                        
-
                                                                                                                                                                                        Note
                                                                                                                                                                                        Ensure that kubectl is available on your host. If not, download it from here (corresponding to the cluster version or the latest version).
                                                                                                                                                                                        
+
                                                                                                                                                                                        Precautions
                                                                                                                                                                                        Ensure that kubectl is available on your host. If not, download it from here (corresponding to the cluster version or the latest version).
                                                                                                                                                                                        
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        Configuration Method
                                                                                                                                                                                         
                                                                                                                                                                                        In the following example, only pods and Deployments in the test space can be viewed and added, and they cannot be deleted.
                                                                                                                                                                                        
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        1. Set the service account name to my-sa and namespace to test.
                                                                                                                                                                                          kubectl create sa my-sa -n test
                                                                                                                                                                                          
-
                                                                                                                                                                                          
+
                                                                                                                                                                                          
 
                                                                                                                                                                                        2. Configure the role table and assign operation permissions to different resources.
                                                                                                                                                                                          vi role-test.yaml
                                                                                                                                                                                          
 
                                                                                                                                                                                          The content is as follows:
                                                                                                                                                                                          apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -43,7 +43,7 @@ rules:
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          Create a Role.
                                                                                                                                                                                          
 
                                                                                                                                                                                          kubectl create -f role-test.yaml
                                                                                                                                                                                          
-
                                                                                                                                                                                          
+
                                                                                                                                                                                          
 
                                                                                                                                                                                        3. Create a RoleBinding and bind the service account to the role so that the user can obtain the corresponding permissions.
                                                                                                                                                                                          vi myrolebinding.yaml
                                                                                                                                                                                          
 
                                                                                                                                                                                          The content is as follows:
                                                                                                                                                                                          apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -61,37 +61,37 @@ subjects:
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          Create a RoleBinding.
                                                                                                                                                                                          
 
                                                                                                                                                                                          kubectl create -f myrolebinding.yaml
                                                                                                                                                                                          
-
                                                                                                                                                                                          
+
                                                                                                                                                                                          
 
                                                                                                                                                                                          The user information is configured. Now perform 4 to 6 to write the user information to the configuration file.
                                                                                                                                                                                          
 
                                                                                                                                                                                        4. Configure the cluster information.
                                                                                                                                                                                          1. Use the sa name my-sa to obtain the secret corresponding to the sa. In the following example, my-sa-token-z4967 in the first column is the secret name.
                                                                                                                                                                                          
 
                                                                                                                                                                                          kubectl get secret -n test |grep my-sa
                                                                                                                                                                                          
-
                                                                                                                                                                                          
+
                                                                                                                                                                                          
 
                                                                                                                                                                                          1. Decrypt the ca.crt file in the secret and export it.
                                                                                                                                                                                          
 
                                                                                                                                                                                          kubectl get secret my-sa-token-5gpl4 -n test -oyaml |grep ca.crt: | awk '{print $2}' |base64 -d > /home/ca.crt
                                                                                                                                                                                          
 
                                                                                                                                                                                          1. Set the cluster access mode. test-arm indicates the cluster to be accessed, 10.0.1.100 indicates the IP address of the API server in the cluster and /home/test.config indicates the path for storing the configuration file.
                                                                                                                                                                                            • If the internal API server address is used, run the following command:
                                                                                                                                                                                              kubectl config set-cluster test-arm --server=https://10.0.1.100:5443  --certificate-authority=/home/ca.crt  --embed-certs=true --kubeconfig=/home/test.config
                                                                                                                                                                                              
 
                                                                                                                                                                                            • If the public API server address is used, run the following command:
                                                                                                                                                                                              kubectl config set-cluster test-arm --server=https://10.0.1.100:5443 --kubeconfig=/home/test.config --insecure-skip-tls-verify=true
                                                                                                                                                                                              
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            
+
                                                                                                                                                                                            
 
                                                                                                                                                                                          
 
                                                                                                                                                                                           
                                                                                                                                                                                          If you perform operations on a node in the cluster or the node that uses the configuration is a cluster node, do not set the path of kubeconfig to /root/.kube/config.
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          The cluster API server address is an intranet API server address. After an EIP is bound to the cluster, the cluster API server address can also be a public API server address.
                                                                                                                                                                                          
-
                                                                                                                                                                                        5. Configure the cluster authentication information.
                                                                                                                                                                                          1. Obtain the cluster token. (If the token is obtained in GET mode, you need to run based64 -d to decode the token.)
                                                                                                                                                                                          
+
                                                                                                                                                                                        6. Configure the cluster authentication information.
                                                                                                                                                                                          1. Obtain the cluster token. (If the token is obtained in GET mode, run based64 -d to decode the token.)
                                                                                                                                                                                          
 
                                                                                                                                                                                          token=$(kubectl describe secret my-sa-token-5gpl4 -n test | awk '/token:/{print $2}')
                                                                                                                                                                                          
 
                                                                                                                                                                                          1. Set the cluster user ui-admin.
                                                                                                                                                                                          
 
                                                                                                                                                                                          kubectl config set-credentials ui-admin --token=$token --kubeconfig=/home/test.config
                                                                                                                                                                                          
-
                                                                                                                                                                                          
+
                                                                                                                                                                                          
 
                                                                                                                                                                                        7. Configure the context information for cluster authentication. ui-admin@test is the context name.
                                                                                                                                                                                          kubectl config set-context ui-admin@test --cluster=test-arm --user=ui-admin --kubeconfig=/home/test.config
                                                                                                                                                                                          
-
                                                                                                                                                                                          
-
                                                                                                                                                                                        8. Set the context. For details about how to use the context, see Permissions Verification.
                                                                                                                                                                                          kubectl config use-context ui-admin@test --kubeconfig=/home/test.config
                                                                                                                                                                                          
-
                                                                                                                                                                                          
+
                                                                                                                                                                                          
+
                                                                                                                                                                                        9. Set the context. For details about how to use the context, see Verification.
                                                                                                                                                                                          kubectl config use-context ui-admin@test --kubeconfig=/home/test.config
                                                                                                                                                                                          
+
                                                                                                                                                                                          
 
                                                                                                                                                                                           
                                                                                                                                                                                          If you want to assign other users the above permissions to perform operations on the cluster, provide the generated configuration file /home/test.config to the user after performing step 6. The user must ensure that the host can access the API server address of the cluster. When performing step 7 on the host and using kubectl, the user must set the kubeconfig parameter to the path of the configuration file.
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
                                                                                                                                                                                        
 
                                                                                                                                                                                        
-
                                                                                                                                                                                        Permissions Verification
                                                                                                                                                                                        1. Pods in the test namespace cannot access pods in other namespaces.
                                                                                                                                                                                          kubectl get pod -n test --kubeconfig=/home/test.config
                                                                                                                                                                                          
-
                                                                                                                                                                                          
-
                                                                                                                                                                                        2. Pods in the test namespace cannot be deleted.
                                                                                                                                                                                          
+
                                                                                                                                                                                          Verification
                                                                                                                                                                                          1. Pods in the test namespace cannot access pods in other namespaces.
                                                                                                                                                                                            kubectl get pod -n test --kubeconfig=/home/test.config
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
                                                                                                                                                                                          2. Pods in the test namespace cannot be deleted.
                                                                                                                                                                                            
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          Further Readings
                                                                                                                                                                                          For more information about users and identity authentication in Kubernetes, see Authenticating.
                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_bestpractice_00226.html b/docs/cce/umn/cce_bestpractice_00226.html
index 4c20a58f4..64ef7126c 100644
--- a/docs/cce/umn/cce_bestpractice_00226.html
+++ b/docs/cce/umn/cce_bestpractice_00226.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                          Using hostAliases to Configure /etc/hosts in a Pod
                                                                                                                                                                                          
-
                                                                                                                                                                                          Scenario
                                                                                                                                                                                          If DNS or other related settings are inappropriate, you can use hostAliases to overwrite the resolution of the host name at the pod level when adding entries to the /etc/hosts file of the pod.
                                                                                                                                                                                          
+
                                                                                                                                                                                          Application Scenarios
                                                                                                                                                                                          If DNS or other related settings are inappropriate, you can use hostAliases to overwrite the resolution of the hostname at the pod level when adding entries to the /etc/hosts file of the pod.
                                                                                                                                                                                          
 
                                                                                                                                                                                          
 
                                                                                                                                                                                          Procedure
                                                                                                                                                                                          1. Use kubectl to connect to the cluster.
                                                                                                                                                                                          2. Create the hostaliases-pod.yaml file.
                                                                                                                                                                                            vi hostaliases-pod.yaml
                                                                                                                                                                                            
 
                                                                                                                                                                                            The field in bold in the YAML file indicates the image name and tag. You can replace the example value as required.
                                                                                                                                                                                            
@@ -33,7 +33,7 @@ spec:
 
 
                                                                                                                                                                                            
-
@@ -41,35 +41,35 @@ spec:
 
-
-
-
-
-
@@ -80,7 +80,7 @@ spec:
 
 
                                                                                                                                                                                            Table 1 pod field description
                                                                                                                                                                                            Parameter
                                                                                                                                                                                            
 
                                                                                                                                                                                            Mandatory/Optional
                                                                                                                                                                                            
+
                                                                                                                                                                                            Mandatory
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            Description
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            apiVersion
                                                                                                                                                                                            
 
                                                                                                                                                                                            Mandatory
                                                                                                                                                                                            
+
                                                                                                                                                                                            Yes
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            API version number
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            kind
                                                                                                                                                                                            
 
                                                                                                                                                                                            Mandatory
                                                                                                                                                                                            
+
                                                                                                                                                                                            Yes
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            Type of the object to be created
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            metadata
                                                                                                                                                                                            
 
                                                                                                                                                                                            Mandatory
                                                                                                                                                                                            
+
                                                                                                                                                                                            Yes
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            Metadata definition of a resource object
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            name
                                                                                                                                                                                            
 
                                                                                                                                                                                            Mandatory
                                                                                                                                                                                            
+
                                                                                                                                                                                            Yes
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            Name of a pod
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            spec
                                                                                                                                                                                            
 
                                                                                                                                                                                            Mandatory
                                                                                                                                                                                            
+
                                                                                                                                                                                            Yes
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            Detailed description of the pod. For details, see Table 2.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
@@ -88,14 +88,14 @@ spec:
 
-
-
@@ -106,7 +106,7 @@ spec:
 
 
                                                                                                                                                                                            Table 2 spec field description
                                                                                                                                                                                            Parameter
                                                                                                                                                                                            
 
                                                                                                                                                                                            Mandatory/Optional
                                                                                                                                                                                            
+
                                                                                                                                                                                            Mandatory
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            Description
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            hostAliases
                                                                                                                                                                                            
 
                                                                                                                                                                                            Mandatory
                                                                                                                                                                                            
+
                                                                                                                                                                                            Yes
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            Host alias
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            containers
                                                                                                                                                                                            
 
                                                                                                                                                                                            Mandatory
                                                                                                                                                                                            
+
                                                                                                                                                                                            Yes
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            For details, see Table 3.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
@@ -114,21 +114,21 @@ spec:
 
-
-
-
@@ -145,7 +145,7 @@ spec:
 hostaliases-pod       1/1            Running      0             16m
                                                                                                                                                                                          3. Check whether the hostAliases functions properly.
                                                                                                                                                                                            docker ps |grep hostaliases-pod
                                                                                                                                                                                            
 
                                                                                                                                                                                            docker exec -ti Container ID /bin/sh
                                                                                                                                                                                            
-
                                                                                                                                                                                            
+
                                                                                                                                                                                            
 
                                                                                                                                                                                            4. 
diff --git a/docs/cce/umn/cce_bestpractice_00227.html b/docs/cce/umn/cce_bestpractice_00227.html
index 2936b8da6..1afa96fad 100644
--- a/docs/cce/umn/cce_bestpractice_00227.html
+++ b/docs/cce/umn/cce_bestpractice_00227.html
@@ -1,9 +1,9 @@
 
                                                                                                                                                                                            Modifying Kernel Parameters Using a Privileged Container
                                                                                                                                                                                            
-
                                                                                                                                                                                            Prerequisites
                                                                                                                                                                                            To access a Kubernetes cluster from a client, you can use the Kubernetes command line tool kubectl.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Prerequisites
                                                                                                                                                                                            To access a Kubernetes cluster from a client, you can use the Kubernetes command line tool kubectl. 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Procedure
                                                                                                                                                                                            1. Create a DaemonSet in the background, select the Nginx image, enable the Privileged Container, configure the lifecycle, and add the hostNetwork field (value: true).
                                                                                                                                                                                              1. Create a DaemonSet file.
                                                                                                                                                                                                vi daemonSet.yaml
                                                                                                                                                                                                
+
                                                                                                                                                                                                Procedure
                                                                                                                                                                                                1. Create a DaemonSet in the background, select the Nginx image, enable the Privileged Container, configure the lifecycle, and add the hostNetwork field (value: true).
                                                                                                                                                                                                  1. Create a daemonSet file.
                                                                                                                                                                                                    vi daemonSet.yaml
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    An example YAML file is provided as follows:
                                                                                                                                                                                                    
 
                                                                                                                                                                                                     
                                                                                                                                                                                                    The spec.spec.containers.lifecycle field indicates the command that will be run after the container is started.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
@@ -45,15 +45,15 @@ spec:
       - name: default-secret
 
                                                                                                                                                                                                  2. Create a DaemonSet.
                                                                                                                                                                                                    kubectl create –f daemonSet.yaml
                                                                                                                                                                                                    
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                2. Check whether the DaemonSet is successfully created.
                                                                                                                                                                                                  kubectl get daemonset  DaemonSet name
                                                                                                                                                                                                  
+
                                                                                                                                                                                                3. Check whether the DaemonSet is successfully created.
                                                                                                                                                                                                  kubectl get daemonset DaemonSet name
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  In this example, run the following command:
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  kubectl get daemonset daemonset-test
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  kubectl get daemonset daemonset-test
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Information similar to the following is displayed:
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  NAME               DESIRED    CURRENT   READY    UP-T0-DATE    AVAILABLE     NODE SELECTOR   AGE
 daemonset-test     2          2         2        2             2             <node>          2h
                                                                                                                                                                                                  
 
                                                                                                                                                                                                4. Query the container ID of DaemonSet on the node.
                                                                                                                                                                                                  docker ps -a|grep DaemonSet name
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  In this example, run the following command:
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  docker ps -a|grep daemonset-test
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  docker ps -a|grep daemonset-test
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Information similar to the following is displayed:
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  897b99faa9ce        3e094d5696c1                           "/bin/sh  -c while..."     31 minutes ago     Up  30 minutes  ault_fa7cc313-4ac1-11e9-a716-fa163e0aalba_0
                                                                                                                                                                                                  
 
                                                                                                                                                                                                5. Access the container.
                                                                                                                                                                                                  docker exec -it containerid /bin/sh
                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_bestpractice_00228.html b/docs/cce/umn/cce_bestpractice_00228.html
index 0cef5e72e..c1de1a22f 100644
--- a/docs/cce/umn/cce_bestpractice_00228.html
+++ b/docs/cce/umn/cce_bestpractice_00228.html
@@ -1,10 +1,10 @@
 
 
-
                                                                                                                                                                                                  Initializing a Container
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Using Init Containers to Initialize an Application
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Concepts
                                                                                                                                                                                                  Before containers running applications are started, one or some init containers are started first. If there are multiple init containers, they will be started in the defined sequence. The application containers are started only after all init containers run to completion and exit. Storage volumes in a pod are shared. Therefore, the data generated in the init containers can be used by the application containers.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Init containers can be used in multiple Kubernetes resources, such as Deployments, DaemonSets, and jobs. They perform initialization before application containers are started.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Scenario
                                                                                                                                                                                                  Before deploying a service, you can use an init container to make preparations before the pod where the service is running is deployed. After the preparations are complete, the init container runs to completion and exit, and the container to be deployed will be started.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Application Scenarios
                                                                                                                                                                                                  Before deploying a service, you can use an init container to make preparations before the pod where the service is running is deployed. After the preparations are complete, the init container runs to completion and exit, and the container to be deployed will be started.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  • Scenario 1: Wait for other modules to be ready. For example, an application contains two containerized services: web server and database. The web server service needs to access the database service. However, when the application is started, the database service may have not been started. Therefore, web server may fail to access database. To solve this problem, you can use an init container in the pod where web server is running to check whether database is ready. The init container runs to completion only when database is accessible. Then, web server is started and initiates a formal access request to database. 
                                                                                                                                                                                                  • Scenario 2: Initialize the configuration. For example, the init container can check all existing member nodes in the cluster and prepare the cluster configuration information for the application container. After the application container is started, it can be added to the cluster using the configuration information.
                                                                                                                                                                                                  • Other scenarios: For example, register a pod with a central database and download application dependencies.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  For details, see Init Containers.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
@@ -49,7 +49,7 @@ spec:
 
                                                                                                                                                                                                  deployment.apps/mysql created
                                                                                                                                                                                                  
 
                                                                                                                                                                                                6. Query the created Docker container on the node where the workload is running.
                                                                                                                                                                                                  docker ps -a|grep mysql
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  The init container will exit after it runs to completion. The query result Exited (0) shows the exit status of the init container.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
 
                                                                                                                                                                                                
 
                                                                                                                                                                                                
 
                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_bestpractice_00231.html b/docs/cce/umn/cce_bestpractice_00231.html
index 5a8c13af3..53daa23da 100644
--- a/docs/cce/umn/cce_bestpractice_00231.html
+++ b/docs/cce/umn/cce_bestpractice_00231.html
@@ -8,7 +8,7 @@
 
                                                                                                                                                                                            The sticky session mechanism fundamentally conflicts with the basic functions of load balancing. A load balancer forwards requests from clients to multiple backend servers to avoid overload on a single server. However, sticky session requires that some requests be forwarded to the same server for processing. Therefore, select a proper sticky session mechanism based on the application environment.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Layer-4 Load Balancing (Service)
                                                                                                                                                                                            In layer-4 load balancing, source IP address-based sticky session (Hash routing based on the client IP address) can be enabled. To enable source IP address-based sticky session on Services, the following conditions must be met:
                                                                                                                                                                                            
-
                                                                                                                                                                                            CCE cluster
                                                                                                                                                                                            1. Service Affinity of the Service is set to Node level (that is, the value of the externalTrafficPolicy field of the Service is Local).
                                                                                                                                                                                               
                                                                                                                                                                                              You do not need to set this parameter for CCE Turbo clusters.
                                                                                                                                                                                              
+
                                                                                                                                                                                              CCE clusters
                                                                                                                                                                                              1. Service Affinity of the Service is set to Node level (that is, the value of the externalTrafficPolicy field of the Service is Local).
                                                                                                                                                                                                 
                                                                                                                                                                                                You do not need to set this parameter for CCE Turbo clusters.
                                                                                                                                                                                                
 
                                                                                                                                                                                                
 
                                                                                                                                                                                              2. Enable the source IP address-based sticky session in the load balancing configuration of the Service.
                                                                                                                                                                                                apiVersion: v1
 kind: Service
@@ -37,7 +37,7 @@ spec:
 
                                                                                                                                                                                                Layer-7 Load Balancing (Ingress)
                                                                                                                                                                                                In layer-7 load balancing, sticky session based on HTTP cookies and app cookies can be enabled. To enable such sticky session, the following conditions must be met:
                                                                                                                                                                                                
 
                                                                                                                                                                                                1. The application (workload) corresponding to the ingress is enabled with workload anti-affinity.
                                                                                                                                                                                                2. Node affinity is enabled for the Service corresponding to the ingress.
                                                                                                                                                                                                
 
                                                                                                                                                                                                Procedure
                                                                                                                                                                                                
-
                                                                                                                                                                                                1. Create a Nginx workload.
                                                                                                                                                                                                  Set the number of pods to 3 and set the podAntiAffinity.
                                                                                                                                                                                                  kind: Deployment
+
                                                                                                                                                                                                  1. Create an Nginx workload.
                                                                                                                                                                                                    Set the number of pods to 3 and set the podAntiAffinity.
                                                                                                                                                                                                    kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: nginx
diff --git a/docs/cce/umn/cce_bestpractice_00237.html b/docs/cce/umn/cce_bestpractice_00237.html
index a755d3ea9..7fc2cfc49 100644
--- a/docs/cce/umn/cce_bestpractice_00237.html
+++ b/docs/cce/umn/cce_bestpractice_00237.html
@@ -9,7 +9,7 @@
 
 
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Parent topic: Best Practice
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Parent topic: Best Practice
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
diff --git a/docs/cce/umn/cce_bestpractice_00253.html b/docs/cce/umn/cce_bestpractice_00253.html
index 711f2d04e..e43ab59f7 100644
--- a/docs/cce/umn/cce_bestpractice_00253.html
+++ b/docs/cce/umn/cce_bestpractice_00253.html
@@ -1,19 +1,19 @@
 
 
 
                                                                                                                                                                                                    Dynamically Creating and Mounting Subdirectories of an SFS Turbo File System
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Background
                                                                                                                                                                                                    The minimum capacity of an SFS Turbo file system is 500 GB, and the SFS Turbo file system cannot be billed by usage. By default, the root directory of an SFS Turbo file system is mounted to a container which, in most case, does not require such a large capacity.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Background
                                                                                                                                                                                                    The minimum capacity of an SFS Turbo file system is 500 GiB, and the SFS Turbo file system cannot be billed by usage. By default, the root directory of an SFS Turbo file system is mounted to a container which, in most case, does not require such a large capacity.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    The everest add-on allows you to dynamically create subdirectories in an SFS Turbo file system and mount these subdirectories to containers. In this way, an SFS Turbo file system can be shared by multiple containers to increase storage efficiency.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Notes and Constraints
                                                                                                                                                                                                    • Only clusters of v1.15 and later are supported.
                                                                                                                                                                                                    • The cluster must use the everest add-on of version 1.1.13 or later.
                                                                                                                                                                                                    • Kata containers are not supported.
                                                                                                                                                                                                    • When the everest add-on earlier than 1.2.69 or 2.1.11 is used, a maximum of 10 PVCs can be created concurrently at a time by using the subdirectory function. Everest 1.2.69 or later or 2.1.11 or later is recommended.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Constraints
                                                                                                                                                                                                    • Only clusters of v1.15 or later are supported.
                                                                                                                                                                                                    • The cluster must use the everest add-on of version 1.1.13 or later.
                                                                                                                                                                                                    • Kata containers are not supported.
                                                                                                                                                                                                    • When the everest add-on earlier than 1.2.69 or 2.1.11 is used, a maximum of 10 PVCs can be created concurrently at a time by using the subdirectory function. everest of 1.2.69 or later or of 2.1.11 or later is recommended.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Creating an SFS Turbo Volume of the subpath Type
                                                                                                                                                                                                     
                                                                                                                                                                                                    Do not expand, disassociate, or delete subPath volumes.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Creating an SFS Turbo Volume of the subpath Type
                                                                                                                                                                                                     
                                                                                                                                                                                                    Do not expand, disassociate, or delete a subpath volume.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    1. Import an SFS Turbo file system that is located in the same VPC and subnet as the cluster.
                                                                                                                                                                                                    2. Create a StorageClass YAML file, for example, sfsturbo-sc-test.yaml.
                                                                                                                                                                                                      Configuration example:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Create an SFS Turbo file system in the same VPC and subnet as the cluster.
                                                                                                                                                                                                      2. Create a YAML file of StorageClass, for example, sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                                        The following is an example:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        apiVersion: storage.k8s.io/v1
 allowVolumeExpansion: true
 kind: StorageClass
 metadata:
-  name: sfsturbo-sc-test
+  name: sfsturbo-subpath-sc
 mountOptions:
 - lock
 parameters:
@@ -31,14 +31,14 @@ provisioner: everest-csi-provisioner
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        In this example:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        • name: name of the StorageClass.
                                                                                                                                                                                                        • mountOptions: mount options. This field is optional.
                                                                                                                                                                                                          • In versions later than everest 1.1.13 and earlier than everest 1.2.8, only the nolock parameter can be configured. By default, the nolock parameter is used for the mount operation and does not need to be configured. If nolock is set to false, the lock field is used.
                                                                                                                                                                                                          • Starting from everest 1.2.8, more mount options are supported. For details, see Setting Mount Options. Do not set nolock to true. Otherwise, the mount operation fails.
                                                                                                                                                                                                            mountOptions:
+
                                                                                                                                                                                                            • name: indicates the name of the StorageClass.
                                                                                                                                                                                                            • mountOptions: indicates the mount options. This field is optional.
                                                                                                                                                                                                              • In versions later than everest 1.1.13 and earlier than everest 1.2.8, only the nolock parameter can be configured. By default, the nolock parameter is used for the mount operation and does not need to be configured. If nolock is set to false, the lock field is used.
                                                                                                                                                                                                              • More options are available in everest 1.2.8 or a later version. For details, see Setting Mount Options. Do not set nolock to true. Otherwise, the mount operation will fail.
                                                                                                                                                                                                                mountOptions:
 - vers=3
 - timeo=600
 - nolock
 - hard
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            • everest.io/volume-as: Set this parameter to subpath.
                                                                                                                                                                                                            • everest.io/share-access-to: This parameter is optional. In subpath mode, set this parameter to the ID of the VPC where the SFS Turbo file system is located.
                                                                                                                                                                                                            • everest.io/share-expand-type: This parameter is optional. If the type of the SFS Turbo file system is SFS Turbo Standard – Enhanced or SFS Turbo Performance – Enhanced, set this parameter to bandwidth.
                                                                                                                                                                                                            • everest.io/share-export-location: root directory to be mounted. It consists of the SFS Turbo shared path and sub-directory. The shared path can be queried on the SFS Turbo console. The sub-directory is user-defined. The PVCs created by the StorageClass are located in the sub-directory.
                                                                                                                                                                                                            • everest.io/share-volume-type: This parameter is optional. It specifies the SFS Turbo file system type. The value can be STANDARD or PERFORMANCE. For enhanced types, this parameter must be used together with everest.io/share-expand-type (whose value should be bandwidth).
                                                                                                                                                                                                            • everest.io/zone: This parameter is optional. Set it to the AZ where the SFS Turbo file system is located.
                                                                                                                                                                                                            • everest.io/volume-id: ID of the SFS Turbo volume. You can query the volume ID on the SFS Turbo page.
                                                                                                                                                                                                            • everest.io/archive-on-delete: If this parameter is set to true and the recycling policy is set to Delete, the original PV file will be archived when the PVC is deleted. The archive directory is named in the format of archived-$PV name.timestamp. If this parameter is set to false, the SFS Turbo sub-directory corresponding to the PV will be deleted. The default value is true.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                      1. Run the kubectl create -f sfsturbo-sc-test.yaml command to create a StorageClass.
                                                                                                                                                                                                      2. Create a PVC YAML file named sfs-turbo-test.yaml.
                                                                                                                                                                                                        Configuration example:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      3. everest.io/volume-as: This parameter is set to subpath to use the subpath volume.
                                                                                                                                                                                                      4. everest.io/share-access-to: This parameter is optional. In a subpath volume, set this parameter to the ID of the VPC where the SFS Turbo file system is located.
                                                                                                                                                                                                      5. everest.io/share-expand-type: This parameter is optional. If the type of the SFS Turbo file system is SFS Turbo Standard – Enhanced or SFS Turbo Performance – Enhanced, set this parameter to bandwidth.
                                                                                                                                                                                                      6. everest.io/share-export-location: This parameter indicates the mount directory. It consists of the SFS Turbo shared path and sub-directory. The shared path can be obtained on the SFS Turbo console. The sub-directory is user-defined. The PVCs created using the StorageClass are located in this sub-directory.
                                                                                                                                                                                                      7. everest.io/share-volume-type: This parameter is optional. It specifies the SFS Turbo file system type. The value can be STANDARD or PERFORMANCE. For enhanced types, this parameter must be used together with everest.io/share-expand-type (whose value should be bandwidth).
                                                                                                                                                                                                      8. everest.io/zone: This parameter is optional. Set it to the AZ where the SFS Turbo file system is located.
                                                                                                                                                                                                      9. everest.io/volume-id: This parameter indicates the ID of the SFS Turbo volume. You can obtain the volume ID on the SFS Turbo page.
                                                                                                                                                                                                      10. everest.io/archive-on-delete: If this parameter is set to true and Delete is selected for Reclaim Policy, the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted. If this parameter is set to false, the SFS Turbo subdirectory of the corresponding PV will be deleted. The default value is true, indicating that the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted.
                                                                                                                                                                                                        11. 
+
                                                                                                                                                                                                      1. Run kubectl create -f sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                                      2. Create a PVC YAML file named sfs-turbo-test.yaml.
                                                                                                                                                                                                        The following is an example:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -50,15 +50,15 @@ spec:
   resources:
     requests:
       storage: 50Gi
-  storageClassName: sfsturbo-sc-test
+  storageClassName: sfsturbo-subpath-sc
   volumeMode: Filesystem
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        In this example:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        • name: name of the PVC.
                                                                                                                                                                                                        • storageClassName: name of the StorageClass created in the previous step.
                                                                                                                                                                                                        • storage: In the subpath mode, this parameter is invalid. The storage capacity is limited by the total capacity of the SFS Turbo file system. If the total capacity of the SFS Turbo file system is insufficient, expand the capacity on the SFS Turbo page in a timely manner.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      1. Run the kubectl create -f sfs-turbo-test.yaml command to create a PVC.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                       
                                                                                                                                                                                                      It is meaningless to conduct capacity expansion on an SFS Turbo volume created in the subpath mode. This operation does not expand the capacity of the SFS Turbo file system. You need to ensure that the total capacity of the SFS Turbo file system is not used up.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • name: indicates the name of the PVC.
                                                                                                                                                                                                      • storageClassName: specifies the name of the StorageClass.
                                                                                                                                                                                                      • storage: In the subpath mode, it is useless to specify this parameter. The storage capacity is limited by the total capacity of the SFS Turbo file system. If the total capacity of the SFS Turbo file system is insufficient, expand the capacity on the SFS Turbo page in a timely manner.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    1. Run kubectl create -f sfs-turbo-test.yaml.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                     
                                                                                                                                                                                                    It is meaningless to conduct capacity expansion on an SFS Turbo volume created in the subpath mode. This operation does not expand the capacity of the SFS Turbo file system. Ensure that the total capacity of the SFS Turbo file system is not used up.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Creating a Deployment and Mounting an Existing Volume
                                                                                                                                                                                                    1. Create a Deployment YAML file named deployment-test.yaml.
                                                                                                                                                                                                      Configuration example:
                                                                                                                                                                                                      apiVersion: apps/v1
+
                                                                                                                                                                                                      Creating a Deployment and Mounting an Existing Volume to the Deployment
                                                                                                                                                                                                      1. Create a YAML file for the Deployment, for example, deployment-test.yaml.
                                                                                                                                                                                                        The following is an example:
                                                                                                                                                                                                        apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: test-turbo-subpath-example
@@ -91,10 +91,11 @@ spec:
           claimName: sfs-turbo-test
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        In this example:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        • name: name of the Deployment.
                                                                                                                                                                                                        • image: image used by the Deployment.
                                                                                                                                                                                                        • mountPath: mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                                                        • claimName: name of an existing PVC.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      1. Run the kubectl create -f deployment-test.yaml command to create a Deployment.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • name: indicates the name of the Deployment.
                                                                                                                                                                                                      • image: specifies the image used by the Deployment.
                                                                                                                                                                                                      • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                                                      • claimName: indicates the name of an existing PVC.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    1. Create the Deployment.
                                                                                                                                                                                                      kubectl create -f deployment-test.yaml
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Creating a StatefulSet That Uses a Volume Dynamically Created in subpath Mode
                                                                                                                                                                                                    1. Create a StatefulSet YAML file named statefulset-test.yaml.
                                                                                                                                                                                                      Configuration example:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Dynamically Creating a subpath Volume for a StatefulSet
                                                                                                                                                                                                      1. Create a YAML file for a StatefulSet, for example, statefulset-test.yaml.
                                                                                                                                                                                                        The following is an example:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        apiVersion: apps/v1
 kind: StatefulSet
 metadata:
@@ -119,13 +120,6 @@ spec:
       containers:
         - name: container-0
           image: 'nginx:latest'
-          env:
-            - name: PAAS_APP_NAME
-              value: deploy-sfs-nfs-rw-in
-            - name: PAAS_NAMESPACE
-              value: default
-            - name: PAAS_PROJECT_ID
-              value: 8190a2a1692c46f284585c56fc0e2fb9
           resources: {}
           volumeMounts:
             - name: sfs-turbo-160024548582479676
@@ -152,15 +146,16 @@ spec:
         resources:
           requests:
             storage: 10Gi
-        storageClassName: sfsturbo-sc-test
+        storageClassName: sfsturbo-subpath-sc
   serviceName: wwww
   podManagementPolicy: OrderedReady
   updateStrategy:
     type: RollingUpdate
   revisionHistoryLimit: 10
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        In this example:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        • name: name of the StatefulSet.
                                                                                                                                                                                                        • image: image used by the StatefulSet.
                                                                                                                                                                                                        • mountPath: mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                                                        • spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name must be consistent because they have a mapping relationship.
                                                                                                                                                                                                        • storageClassName: name of the created StorageClass.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      1. Run the kubectl create -f statefulset-test.yaml command to create a StatefulSet.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • name: indicates the name of the StatefulSet.
                                                                                                                                                                                                      • image: specifies the image used by the StatefulSet.
                                                                                                                                                                                                      • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                                                      • spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name: must be consistent because they are mapped to each other.
                                                                                                                                                                                                      • storageClassName: indicates the name of the StorageClass.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    1. Create the StatefulSet.
                                                                                                                                                                                                      kubectl create -f statefulset-test.yaml
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_bestpractice_00253_0.html b/docs/cce/umn/cce_bestpractice_00253_0.html
new file mode 100644
index 000000000..8a59bcf2e
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_00253_0.html
@@ -0,0 +1,166 @@
+
+
+
                                                                                                                                                                                                    Dynamically Creating and Mounting Subdirectories of an SFS Turbo File System
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Background
                                                                                                                                                                                                    The minimum capacity of an SFS Turbo file system is 500 GiB, and the SFS Turbo file system cannot be billed by usage. By default, the root directory of an SFS Turbo file system is mounted to a container which, in most case, does not require such a large capacity.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    The everest add-on allows you to dynamically create subdirectories in an SFS Turbo file system and mount these subdirectories to containers. In this way, an SFS Turbo file system can be shared by multiple containers to increase storage efficiency.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Constraints
                                                                                                                                                                                                    • Only clusters of v1.15 or later are supported.
                                                                                                                                                                                                    • The cluster must use the everest add-on of version 1.1.13 or later.
                                                                                                                                                                                                    • Kata containers are not supported.
                                                                                                                                                                                                    • When the everest add-on earlier than 1.2.69 or 2.1.11 is used, a maximum of 10 PVCs can be created concurrently at a time by using the subdirectory function. everest of 1.2.69 or later or of 2.1.11 or later is recommended.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Creating an SFS Turbo Volume of the subpath Type
                                                                                                                                                                                                     
                                                                                                                                                                                                    Do not expand, disassociate, or delete a subpath volume.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    1. Create an SFS Turbo file system in the same VPC and subnet as the cluster.
                                                                                                                                                                                                    2. Create a YAML file of StorageClass, for example, sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                                      The following is an example:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      apiVersion: storage.k8s.io/v1
+allowVolumeExpansion: true
+kind: StorageClass
+metadata:
+  name: sfsturbo-subpath-sc
+mountOptions:
+- lock
+parameters:
+  csi.storage.k8s.io/csi-driver-name: sfsturbo.csi.everest.io
+  csi.storage.k8s.io/fstype: nfs
+  everest.io/archive-on-delete: "true"
+  everest.io/share-access-to: 7ca2dba2-1234-1234-1234-626371a8fb3a
+  everest.io/share-expand-type: bandwidth
+  everest.io/share-export-location: 192.168.1.1:/sfsturbo/
+  everest.io/share-source: sfs-turbo
+  everest.io/share-volume-type: STANDARD
+  everest.io/volume-as: subpath
+  everest.io/volume-id: 0d773f2e-1234-1234-1234-de6a35074696
+provisioner: everest-csi-provisioner
+reclaimPolicy: Delete
+volumeBindingMode: Immediate
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      In this example:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • name: indicates the name of the StorageClass.
                                                                                                                                                                                                      • mountOptions: indicates the mount options. This field is optional.
                                                                                                                                                                                                        • In versions later than everest 1.1.13 and earlier than everest 1.2.8, only the nolock parameter can be configured. By default, the nolock parameter is used for the mount operation and does not need to be configured. If nolock is set to false, the lock field is used.
                                                                                                                                                                                                        • More options are available in everest 1.2.8 or a later version. For details, see Setting Mount Options. Do not set nolock to true. Otherwise, the mount operation will fail.
                                                                                                                                                                                                          mountOptions:
+- vers=3
+- timeo=600
+- nolock
+- hard
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • everest.io/volume-as: This parameter is set to subpath to use the subpath volume.
                                                                                                                                                                                                      • everest.io/share-access-to: This parameter is optional. In a subpath volume, set this parameter to the ID of the VPC where the SFS Turbo file system is located.
                                                                                                                                                                                                      • everest.io/share-expand-type: This parameter is optional. If the type of the SFS Turbo file system is SFS Turbo Standard – Enhanced or SFS Turbo Performance – Enhanced, set this parameter to bandwidth.
                                                                                                                                                                                                      • everest.io/share-export-location: This parameter indicates the mount directory. It consists of the SFS Turbo shared path and sub-directory. The shared path can be obtained on the SFS Turbo console. The sub-directory is user-defined. The PVCs created using the StorageClass are located in this sub-directory.
                                                                                                                                                                                                      • everest.io/share-volume-type: This parameter is optional. It specifies the SFS Turbo file system type. The value can be STANDARD or PERFORMANCE. For enhanced types, this parameter must be used together with everest.io/share-expand-type (whose value should be bandwidth).
                                                                                                                                                                                                      • everest.io/zone: This parameter is optional. Set it to the AZ where the SFS Turbo file system is located.
                                                                                                                                                                                                      • everest.io/volume-id: This parameter indicates the ID of the SFS Turbo volume. You can obtain the volume ID on the SFS Turbo page.
                                                                                                                                                                                                      • everest.io/archive-on-delete: If this parameter is set to true and Delete is selected for Reclaim Policy, the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted. If this parameter is set to false, the SFS Turbo subdirectory of the corresponding PV will be deleted. The default value is true, indicating that the original documents of the PV will be archived to the directory named archived-{$PV name.timestamp} before the PVC is deleted.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    1. Run kubectl create -f sfsturbo-subpath-sc.yaml.
                                                                                                                                                                                                    2. Create a PVC YAML file named sfs-turbo-test.yaml.
                                                                                                                                                                                                      The following is an example:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: sfs-turbo-test
+  namespace: default
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 50Gi
+  storageClassName: sfsturbo-subpath-sc
+  volumeMode: Filesystem
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      In this example:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • name: indicates the name of the PVC.
                                                                                                                                                                                                      • storageClassName: specifies the name of the StorageClass.
                                                                                                                                                                                                      • storage: In the subpath mode, it is useless to specify this parameter. The storage capacity is limited by the total capacity of the SFS Turbo file system. If the total capacity of the SFS Turbo file system is insufficient, expand the capacity on the SFS Turbo page in a timely manner.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    1. Run kubectl create -f sfs-turbo-test.yaml.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                     
                                                                                                                                                                                                    It is meaningless to conduct capacity expansion on an SFS Turbo volume created in the subpath mode. This operation does not expand the capacity of the SFS Turbo file system. Ensure that the total capacity of the SFS Turbo file system is not used up.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Creating a Deployment and Mounting an Existing Volume to the Deployment
                                                                                                                                                                                                    1. Create a YAML file for the Deployment, for example, deployment-test.yaml.
                                                                                                                                                                                                      The following is an example:
                                                                                                                                                                                                      apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: test-turbo-subpath-example
+  namespace: default
+  generation: 1
+  labels:
+    appgroup: ''
+spec: 
+  replicas: 1 
+  selector: 
+    matchLabels: 
+      app: test-turbo-subpath-example 
+  template: 
+    metadata: 
+      labels: 
+        app: test-turbo-subpath-example 
+    spec: 
+      containers: 
+      - image: nginx:latest 
+        name: container-0 
+        volumeMounts: 
+        - mountPath: /tmp
+          name: pvc-sfs-turbo-example 
+      restartPolicy: Always 
+      imagePullSecrets:
+      - name: default-secret
+      volumes: 
+      - name: pvc-sfs-turbo-example 
+        persistentVolumeClaim: 
+          claimName: sfs-turbo-test
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      In this example:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • name: indicates the name of the Deployment.
                                                                                                                                                                                                      • image: specifies the image used by the Deployment.
                                                                                                                                                                                                      • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                                                      • claimName: indicates the name of an existing PVC.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    1. Create the Deployment.
                                                                                                                                                                                                      kubectl create -f deployment-test.yaml
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Dynamically Creating a subpath Volume for a StatefulSet
                                                                                                                                                                                                    1. Create a YAML file for a StatefulSet, for example, statefulset-test.yaml.
                                                                                                                                                                                                      The following is an example:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: test-turbo-subpath
+  namespace: default
+  generation: 1
+  labels:
+    appgroup: ''
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: test-turbo-subpath
+  template:
+    metadata:
+      labels:
+        app: test-turbo-subpath
+      annotations:
+        metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"","path":"","port":"","names":""}]'
+        pod.alpha.kubernetes.io/initialized: 'true'
+    spec:
+      containers:
+        - name: container-0
+          image: 'nginx:latest'
+          resources: {}
+          volumeMounts:
+            - name: sfs-turbo-160024548582479676
+              mountPath: /tmp
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          imagePullPolicy: IfNotPresent
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      dnsPolicy: ClusterFirst
+      securityContext: {}
+      imagePullSecrets:
+        - name: default-secret
+      affinity: {}
+      schedulerName: default-scheduler
+  volumeClaimTemplates:
+    - metadata:
+        name: sfs-turbo-160024548582479676
+        namespace: default
+        annotations: {}
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 10Gi
+        storageClassName: sfsturbo-subpath-sc
+  serviceName: wwww
+  podManagementPolicy: OrderedReady
+  updateStrategy:
+    type: RollingUpdate
+  revisionHistoryLimit: 10
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      In this example:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • name: indicates the name of the StatefulSet.
                                                                                                                                                                                                      • image: specifies the image used by the StatefulSet.
                                                                                                                                                                                                      • mountPath: indicates the mount path of the container. In this example, the volume is mounted to the /tmp directory.
                                                                                                                                                                                                      • spec.template.spec.containers.volumeMounts.name and spec.volumeClaimTemplates.metadata.name: must be consistent because they are mapped to each other.
                                                                                                                                                                                                      • storageClassName: indicates the name of the StorageClass.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    1. Create the StatefulSet.
                                                                                                                                                                                                      kubectl create -f statefulset-test.yaml
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Parent topic: SFS Turbo File Systems
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
diff --git a/docs/cce/umn/cce_bestpractice_00254.html b/docs/cce/umn/cce_bestpractice_00254.html
index 7c10cf2a8..1c9ac67f4 100644
--- a/docs/cce/umn/cce_bestpractice_00254.html
+++ b/docs/cce/umn/cce_bestpractice_00254.html
@@ -1,16 +1,16 @@
 
 
 
                                                                                                                                                                                                    Connecting to Multiple Clusters Using kubectl
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Painpoint
                                                                                                                                                                                                    When you have multiple CCE clusters, you may find it difficult to efficiently connect to all of them.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Background
                                                                                                                                                                                                    When you have multiple CCE clusters, you may find it difficult to efficiently connect to all of them.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Solution
                                                                                                                                                                                                    This section describes how to configure access to multiple clusters by modifying kubeconfig.json. The file describes multiple clusters, users, and contexts. To access different clusters, run the kubectl config use-context command to switch between contexts.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Figure 1 Using kubectl to connect to multiple clusters
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Figure 1 Using kubectl to connect to multiple clusters
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Prerequisites
                                                                                                                                                                                                    kubectl can access multiple clusters.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Introduction to kubeconfig.json
                                                                                                                                                                                                    kubeconfig.json is the configuration file of kubectl. You can download it on the cluster details page.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    The content of kubeconfig.json is as follows:
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    {
     "kind": "Config",
diff --git a/docs/cce/umn/cce_bestpractice_00281.html b/docs/cce/umn/cce_bestpractice_00281.html
index 14021273e..8eab08083 100644
--- a/docs/cce/umn/cce_bestpractice_00281.html
+++ b/docs/cce/umn/cce_bestpractice_00281.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                                    Custom Storage Classes
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Challenges
                                                                                                                                                                                                    When using storage resources in CCE, the most common method is to specify storageClassName to define the type of storage resources to be created when creating a PVC. The following configuration shows how to use a PVC to apply for an SAS (high I/O) EVS disk (block storage).
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Background
                                                                                                                                                                                                    When using storage resources in CCE, the most common method is to specify storageClassName to define the type of storage resources to be created when creating a PVC. The following configuration shows how to use a PVC to apply for an SAS (high I/O) EVS disk (block storage).
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -16,12 +16,12 @@ spec:
     requests:
       storage: 10Gi
   storageClassName: csi-disk
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    If you need to specify the EVS disk type, you can set the everest.io/disk-volume-type field. The value SAS is used as an example here, indicating the high I/O EVS disk type. Or you can choose SATA (common I/O) and SSD (ultra-high I/O).
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    To specify the EVS disk type, you can set the everest.io/disk-volume-type field. The value SAS is used as an example here, indicating the high I/O EVS disk type. Or you can choose SATA (common I/O) and SSD (ultra-high I/O).
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    This configuration method may not work if you want to:
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    • Set storageClassName only, which is simpler than specifying the EVS disk type by using everest.io/disk-volume-type.
                                                                                                                                                                                                    • Avoid modifying YAML files or Helm charts. Some users switch from self-built or other Kubernetes services to CCE and have written YAML files of many applications. In these YAML files, different types of storage resources are specified by different StorageClassNames. When using CCE, they need to modify a large number of YAML files or Helm charts to use storage resources, which is labor-consuming and error-prone.
                                                                                                                                                                                                    • Set the default storageClassName for all applications to use the default storage class. In this way, you can create storage resources of the default type without needing to specify storageClassName in the YAML file.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Solution
                                                                                                                                                                                                    This section describes how to set a custom storage class in CCE and how to set the default storage class. You can specify different types of storage resources by setting storageClassName.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    • For the first scenario, you can define custom storageClassNames for SAS and SSD EVS disks. For example, define a storage class named csi-disk-sas for creating SAS disks. The following figure shows the differences before and after you use a custom storage class.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • For the first scenario, you can define custom storageClassNames for SAS and SSD EVS disks. For example, define a storage class named csi-disk-sas for creating SAS disks. The following figure shows the differences before and after you use a custom storage class.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      • For the second scenario, you can define a storage class with the same name as that in the existing YAML file without needing to modify storageClassName in the YAML file.
                                                                                                                                                                                                      • For the third scenario, you can set the default storage class as described below to create storage resources without specifying storageClassName in YAML files.
                                                                                                                                                                                                        apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -35,7 +35,7 @@ spec:
       storage: 10Gi
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Storage Classes in CCE
                                                                                                                                                                                                    Run the following command to query the supported storage classes.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Default Storage Classes in CCE
                                                                                                                                                                                                    Run the following command to query the supported storage classes.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    # kubectl get sc
 NAME                PROVISIONER                     AGE
 csi-disk            everest-csi-provisioner         17d          # Storage class for EVS disks
@@ -142,7 +142,7 @@ reclaimPolicy: Delete
 volumeBindingMode: Immediate
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    2. 
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Setting a Default Storage Class
                                                                                                                                                                                                  You can specify a storage class as the default class. In this way, if you do not specify storageClassName when creating a PVC, the PVC is created using the default storage class.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Specifying a Default StorageClass
                                                                                                                                                                                                  You can specify a storage class as the default class. In this way, if you do not specify storageClassName when creating a PVC, the PVC is created using the default storage class.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  For example, to specify csi-disk-ssd as the default storage class, edit your YAML file as follows:
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  apiVersion: storage.k8s.io/v1
 kind: StorageClass
diff --git a/docs/cce/umn/cce_bestpractice_00282.html b/docs/cce/umn/cce_bestpractice_00282.html
index 77c9e5fce..e33d47e4c 100644
--- a/docs/cce/umn/cce_bestpractice_00282.html
+++ b/docs/cce/umn/cce_bestpractice_00282.html
@@ -1,20 +1,20 @@
 
 
 
                                                                                                                                                                                                  Using HPA and CA for Auto Scaling of Workloads and Nodes
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Scenario
                                                                                                                                                                                                  The best way to handle surging traffic is to automatically adjust the number of machines based on the traffic volume or resource usage, which is called scaling.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  In CCE, the resources that can be used by containers are fixed during application deployment. Therefore, in auto scaling, pods are scaled first. The node resource usage increases only after the number of pods increases. Then, nodes can be scaled based on the node resource usage. How to configure auto scaling in CCE?
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Application Scenarios
                                                                                                                                                                                                  The best way to handle surging traffic is to automatically adjust the number of machines based on the traffic volume or resource usage, which is called scaling.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  When pods or containers are used for deploying applications, the upper limit of available resources is typically required to set for pods or containers to prevent unlimited usage of node resources during peak hours. However, after the upper limit is reached, an application error may occur. To resolve this issue, scale in the number of pods to share workloads. If the node resource usage increases to a certain extent that newly added pods cannot be scheduled, scale in the number of nodes based on the node resource usage.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Solution
                                                                                                                                                                                                  Two major auto scaling policies are HPA (Horizontal Pod Autoscaling) and CA (Cluster AutoScaling). HPA is for workload auto scaling and CA is for node auto scaling.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  HPA and CA work with each other. HPA requires sufficient cluster resources for successful scaling. When the cluster resources are insufficient, CA is needed to add nodes. If HPA reduces workloads, the cluster will have a large number of idle resources. In this case, CA needs to release nodes to avoid resource waste.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                                                                                                                                  Figure 1 HPA and CA working flows
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  As shown in Figure 1, HPA performs scale-out based on the monitoring metrics. When cluster resources are insufficient, newly created pods are in Pending state. CA then checks these pending pods and selects the most appropriate node pool based on the configured scaling policy to scale out the node pool. 
                                                                                                                                                                                                  Figure 1 HPA and CA working flows
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Using HPA and CA can easily implement auto scaling in most scenarios. In addition, the scaling process of nodes and pods can be easily observed.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  This section uses an example to describe the auto scaling process using HPA and CA policies together.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Preparations
                                                                                                                                                                                                  1. Create a cluster with one node. The node should have 2 cores of CPU and 4 GB of memory, or a higher specification, as well as an EIP to allow external access. If no EIP is bound to the node during node creation, you can manually bind one on the ECS console after creating the node.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Preparations
                                                                                                                                                                                                    1. Create a cluster with one node. The node should have 2 cores of vCPUs and 4 GiB of memory, or a higher specification, as well as an EIP to allow external access. If no EIP is bound to the node during node creation, you can manually bind one on the ECS console after creating the node.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    2. Install add-ons for the cluster.
                                                                                                                                                                                                      • autoscaler: node scaling add-on
                                                                                                                                                                                                      • metrics-server: an aggregator of resource usage data in a Kubernetes cluster. It can collect measurement data of major Kubernetes resources, such as pods, nodes, containers, and Services.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    3. Log in to the cluster node and run a computing-intensive application. When a user sends a request, the result needs to be calculated before being returned to the user.
                                                                                                                                                                                                      1. Create a PHP file named index.php to calculate the square root of the request for 1,000,000 times before returning OK!.
                                                                                                                                                                                                        vi index.php
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Example file content:
                                                                                                                                                                                                        <?php
+
                                                                                                                                                                                                        The file content is as follows:
                                                                                                                                                                                                        <?php
   $x = 0.0001;
   for ($i = 0; $i <= 1000000; $i++) {
     $x += sqrt($x);
@@ -22,19 +22,19 @@
   echo "OK!";
 ?>
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      2. Compile a Dockerfile to build an image.
                                                                                                                                                                                                        vi Dockerfile
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Example Dockerfile:
                                                                                                                                                                                                        FROM php:5-apache
+
                                                                                                                                                                                                      3. Compile a Dockerfile file to build an image.
                                                                                                                                                                                                        vi Dockerfile
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        The content is as follows:
                                                                                                                                                                                                        FROM php:5-apache
 COPY index.php /var/www/html/index.php
 RUN chmod a+rx index.php
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      4. Run the following command to build an image named hpa-example with the tag latest.
                                                                                                                                                                                                        docker build -t hpa-example:latest .
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      5. (Optional) Log in to the SWR console, choose Organization Management in the navigation pane, and click Create Organization in the upper right corner to create an organization.
                                                                                                                                                                                                        Skip this step if you already have an organization.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      6. In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                                                                                                                                      7. Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                                                                                                                      8. Tag the hpa-example image.
                                                                                                                                                                                                        docker tag [Image name 1:Tag 1] [Image repository address]/[Organization name]/[Image name 2:Tag 2]
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        • [Image name 1:Tag 1]: name and tag of the local image to be uploaded.
                                                                                                                                                                                                        • [Image repository address]: The domain name at the end of the login command in  5 is the image repository address, which can be obtained on the SWR console.
                                                                                                                                                                                                        • [Organization name]: name of the organization created in 4.
                                                                                                                                                                                                        • [Image name 2:Tag 2]: desired image name and tag to be displayed on the SWR console.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Example:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      9. (Optional) Log in to the SWR console, choose Organizations in the navigation pane, and click Create Organization in the upper right corner to create an organization.
                                                                                                                                                                                                        Skip this step if you already have an organization.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      10. In the navigation pane, choose My Images and then click Upload Through Client. On the page displayed, click Generate a temporary login command and click  to copy the command.
                                                                                                                                                                                                      11. Run the login command copied in the previous step on the cluster node. If the login is successful, the message "Login Succeeded" is displayed.
                                                                                                                                                                                                      12. Tag the hpa-example image.
                                                                                                                                                                                                        docker tag {Image name 1:Tag 1}/{Image repository address}/{Organization name}/{Image name 2:Tag 2}
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • {Image name 1:Tag 1}: name and tag of the local image to be uploaded.
                                                                                                                                                                                                        • {Image repository address}: the domain name at the end of the login command in login command. It can be obtained on the SWR console.
                                                                                                                                                                                                        • {Organization name}: name of the created organization.
                                                                                                                                                                                                        • {Image name 2:Tag 2}: desired image name and tag to be displayed on the SWR console.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        The following is an example:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        docker tag hpa-example:latest swr.eu-de.otc.t-systems.com/group/hpa-example:latest
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      13. Push the image to the image repository.
                                                                                                                                                                                                        docker push [Image repository address]/[Organization name]/[Image name 2:Tag 2]
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Example:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      14. Push the image to the image repository.
                                                                                                                                                                                                        docker push {Image repository address}/{Organization name}/{Image name 2:Tag 2}
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        The following is an example:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        docker push swr.eu-de.otc.t-systems.com/group/hpa-example:latest
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        The following information will be returned upon a successful push:
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        6d6b9812c8ae: Pushed 
@@ -45,15 +45,15 @@ latest: digest: sha256:eb7e3bbd*** size: **
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Creating a Node Pool and a Node Scaling Policy
                                                                                                                                                                                                    1. Log in to the CCE console, access the created cluster, click Nodes on the left, click the Node Pools tab, and click Create Node Pool in the upper right corner.
                                                                                                                                                                                                    2. Set node pool parameters, add a node with 2 vCPUs and 4 GB memory, and enable auto scaling.
                                                                                                                                                                                                      • Nodes: Set it to 1, indicating that one node is created by default when a node pool is created.
                                                                                                                                                                                                      • Auto Scaling: Enable the option, meaning that nodes will be automatically created or deleted in the node pool based on the cluster loads.
                                                                                                                                                                                                      • Max. Nodes: Set it to 5, indicating the maximum number of nodes in a node pool.
                                                                                                                                                                                                      • Specifications: 2 vCPUs | 4 GiB
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Creating a Node Pool and a Node Scaling Policy
                                                                                                                                                                                                      1. Log in to the CCE console, access the created cluster, click Nodes on the left, click the Node Pools tab, and click Create Node Pool in the upper right corner.
                                                                                                                                                                                                      2. Configure node pool parameters, add a node with 2 vCPUs and 4 GiB memory, and enable auto scaling.
                                                                                                                                                                                                        • Nodes: Set it to 1, indicating that one node is created by default when a node pool is created.
                                                                                                                                                                                                        • Auto Scaling: Enable the option, meaning that nodes will be automatically created or deleted in the node pool based on the cluster loads.
                                                                                                                                                                                                        • Max. Nodes: Set it to 5, indicating the maximum number of nodes in a node pool.
                                                                                                                                                                                                        • Specifications: 2 vCPUs | 4 GiB
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Retain the defaults for other parameters. For details, see Creating a Node Pool.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      3. Click Add-ons on the left of the cluster console, click Edit under the autoscaler add-on, modify the add-on configuration, enable Auto node scale-in, and configure scale-in parameters. For example, trigger scale-in when the node resource utilization is less than 50%.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        After the preceding configurations, scale-out is performed based on the pending status of the pod and scale-in is triggered when the node resource utilization decreases.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      4. Click Node Scaling on the left of the cluster console and click Create Node Scaling Policy in the upper right corner. Node scaling policies added here trigger scale-out based on the CPU/memory allocation rate or periodically.
                                                                                                                                                                                                        As shown in the following figure, when the cluster CPU allocation rate is greater than 70%, one node will be added. A node scaling policy needs to be associated with a node pool. Multiple node pools can be associated. When you need to scale nodes, node with proper specifications will be added or reduced from the node pool based on the minimum waste principle. For details, see Creating a Node Scaling Policy.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Creating a Workload
                                                                                                                                                                                                      Use the hpa-example image to create a Deployment with one replica. The image path is related to the organization uploaded to the SWR repository and needs to be replaced with the actual value.
                                                                                                                                                                                                      
@@ -62,7 +62,7 @@ apiVersion: apps/v1
 metadata:
   name: hpa-example
 spec:
-  replicas: 1
+  replicas: 1
   selector:
     matchLabels:
       app: hpa-example
@@ -73,7 +73,7 @@ spec:
     spec:
       containers:
       - name: container-1
-        image: 'hpa-example:latest '  # Replace it with the address of the image you uploaded to SWR.
+        image: 'hpa-example:latest' # Replace it with the address of the image you uploaded to SWR.
         resources:
           limits:                  # The value of limits must be the same as that of requests to prevent flapping during scaling.
             cpu: 500m
@@ -97,7 +97,7 @@ spec:
       nodePort: 31144
   selector:
     app: hpa-example
-  type: NodePort
                                                                                                                                                                                                  
+  type: NodePort
                                                                                                                                                                                                
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Creating an HPA Policy
                                                                                                                                                                                              Create an HPA policy. As shown below, the policy is associated with the hpa-example workload, and the target CPU usage is 50%.
                                                                                                                                                                                              
 
                                                                                                                                                                                              There are two other annotations. One annotation defines the CPU thresholds, indicating that scaling is not performed when the CPU usage is between 30% and 70% to prevent impact caused by slight fluctuation. The other is the scaling time window, indicating that after the policy is successfully executed, a scaling operation will not be triggered again in this cooling interval to prevent impact caused by short-term fluctuation.
                                                                                                                                                                                              
@@ -106,23 +106,25 @@ kind: HorizontalPodAutoscaler
 metadata:
   name: hpa-policy
   annotations:
-    extendedhpa.metrics: '[{"type":"Resource","name":"cpu","targetType":"Utilization","targetRange":{"low":"30","high":"70"}}]'
-    extendedhpa.option: '{"downscaleWindow":"5m","upscaleWindow":"3m"}'
+    extendedhpa.metrics: '[{"type":"Resource","name":"cpu","targetType":"Utilization","targetRange":{"low":"30","high":"70"}}]'
+    extendedhpa.option: '{"downscaleWindow":"5m","upscaleWindow":"3m"}'
 spec:
-  scaleTargetRef:
-    kind: Deployment
-    name: hpa-example
-    apiVersion: apps/v1
+  scaleTargetRef:
+    kind: Deployment
+    name: hpa-example
+    apiVersion: apps/v1
   minReplicas: 1
   maxReplicas: 100
   metrics:
     - type: Resource
-      resource:
-        name: cpu
-        targetAverageUtilization: 50
-
                                                                                                                                                                                              Set the parameters as follows if you are using the console.
                                                                                                                                                                                              
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 50
+
                                                                                                                                                                                              Configure the parameters as follows if you are using the console.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              
+
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Observing the Auto Scaling Process
                                                                                                                                                                                              1. Check the cluster node status. In the following example, there are two nodes.
                                                                                                                                                                                                # kubectl get node
 NAME            STATUS   ROLES    AGE     VERSION
@@ -133,7 +135,7 @@ NAME            STATUS   ROLES    AGE     VERSION
 NAME         REFERENCE                TARGETS   MINPODS   MAXPODS   REPLICAS   AGE
 hpa-policy   Deployment/hpa-example   0%/50%    1         100       1          4m
                                                                                                                                                                                                
 
                                                                                                                                                                                              2. Run the following command to access the workload. In the following command, {ip:port} indicates the access address of the workload, which can be queried on the workload details page.
                                                                                                                                                                                                while true;do wget -q -O- http://{ip:port}; done
                                                                                                                                                                                                
-
                                                                                                                                                                                                 
                                                                                                                                                                                                If no EIP is displayed, the cluster node has not been assigned any EIP. You need to create one, bind it to the node, and synchronize node data. .
                                                                                                                                                                                                
+
                                                                                                                                                                                                 
                                                                                                                                                                                                If no EIP is displayed, the cluster node has not been assigned any EIP. Allocate one, bind it to the node, and synchronize node data. .
                                                                                                                                                                                                
 
                                                                                                                                                                                                
 
                                                                                                                                                                                                Observe the scaling process of the workload.
                                                                                                                                                                                                
 
                                                                                                                                                                                                # kubectl get hpa hpa-policy --watch
diff --git a/docs/cce/umn/cce_bestpractice_00284.html b/docs/cce/umn/cce_bestpractice_00284.html
index 272c654d1..6cd203531 100644
--- a/docs/cce/umn/cce_bestpractice_00284.html
+++ b/docs/cce/umn/cce_bestpractice_00284.html
@@ -1,14 +1,11 @@
 
 
-
                                                                                                                                                                                                Realizing Automatic Topology for EVS Disks When Nodes Are Deployed Across AZs (csi-disk-topology)
                                                                                                                                                                                                
-
                                                                                                                                                                                                Challenges
                                                                                                                                                                                                EVS disks cannot be attached across AZs. For example, EVS disks in AZ 1 cannot be attached to nodes in AZ 2.
                                                                                                                                                                                                
-
                                                                                                                                                                                                If the storage class csi-disk is used for StatefulSets, when a StatefulSet is scheduled, a PVC and a PV are created immediately (an EVS disk is created along with the PV), and then the PVC is bound to the PV.
                                                                                                                                                                                                
-
                                                                                                                                                                                                However, when the cluster nodes are located in multiple AZs, the EVS disk created by the PVC and the node to which the pods are scheduled may be in different AZs. As a result, the pods fail to be scheduled.
                                                                                                                                                                                                
-
                                                                                                                                                                                                
+
                                                                                                                                                                                                Enabling Automatic Topology for EVS Disks When Nodes Are Deployed in Different AZs (csi-disk-topology)
                                                                                                                                                                                                
+
                                                                                                                                                                                                Background
                                                                                                                                                                                                EVS disks cannot be attached to a node deployed in another AZ. For example, the EVS disks in AZ 1 cannot be attached to a node in AZ 2. If the storage class csi-disk is used for StatefulSets, when a StatefulSet is scheduled, a PVC and a PV are created immediately (an EVS disk is created along with the PV), and then the PVC is bound to the PV. However, when the cluster nodes are located in multiple AZs, the EVS disk created by the PVC and the node to which the pods are scheduled may be in different AZs. As a result, the pods fail to be scheduled.
                                                                                                                                                                                                
+
                                                                                                                                                                                                
 
                                                                                                                                                                                                
-
                                                                                                                                                                                                Solution
                                                                                                                                                                                                CCE provides a storage class named csi-disk-topology. When you use this storage class to create a PVC, no PV will be created in pace with the PVC. Instead, the PV is created in the AZ of the node where the pod will be scheduled. An EVS disk is then created in the same AZ to ensure that the EVS disk can be attached and the pod can be successfully scheduled.
                                                                                                                                                                                                
-
                                                                                                                                                                                                csi-disk-topology postpones the binding between a PVC and a PV for a while.
                                                                                                                                                                                                
-
                                                                                                                                                                                                
+
                                                                                                                                                                                                Solution
                                                                                                                                                                                                CCE provides a storage class named csi-disk-topology, which is a late-binding EVS disk type. When you use this storage class to create a PVC, no PV will be created in pace with the PVC. Instead, the PV is created in the AZ of the node where the pod will be scheduled. An EVS disk is then created in the same AZ to ensure that the EVS disk can be attached and the pod can be successfully scheduled.
                                                                                                                                                                                                
+
                                                                                                                                                                                                
 
                                                                                                                                                                                                
 
                                                                                                                                                                                                Failed Pod Scheduling Due to csi-disk Used in Cross-AZ Node Deployment
                                                                                                                                                                                                Create a cluster with three nodes in different AZs.
                                                                                                                                                                                                
 
                                                                                                                                                                                                Use the csi-disk storage class to create a StatefulSet and check whether the workload is successfully created.
                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_bestpractice_0050.html b/docs/cce/umn/cce_bestpractice_0050.html
index 123ced02d..afca8c62c 100644
--- a/docs/cce/umn/cce_bestpractice_0050.html
+++ b/docs/cce/umn/cce_bestpractice_0050.html
@@ -7,14 +7,12 @@
 
 
 
                                                                                                                                                                                                
-
                                                                                                                                                                                                Parent topic: Best Practice
                                                                                                                                                                                                
+
                                                                                                                                                                                                Parent topic: Best Practice
                                                                                                                                                                                                
 
                                                                                                                                                                                                
 
                                                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_bestpractice_0051.html b/docs/cce/umn/cce_bestpractice_0051.html
index dcc7beff6..ba99c4cf9 100644
--- a/docs/cce/umn/cce_bestpractice_0051.html
+++ b/docs/cce/umn/cce_bestpractice_0051.html
@@ -12,7 +12,7 @@
 
                                                                                                                                                                                                3. 
 
                                                                                                                                                                                              3. Modifying Kernel Parameters Using a Privileged Container
                                                                                                                                                                                                
 
                                                                                                                                                                                                4. 
-
                                                                                                                                                                                              4. Initializing a Container
                                                                                                                                                                                                
+
                                                                                                                                                                                              5. Using Init Containers to Initialize an Application
                                                                                                                                                                                                
 
                                                                                                                                                                                                6. 
 
                                                                                                                                                                                              6. Using hostAliases to Configure /etc/hosts in a Pod
                                                                                                                                                                                                
 
                                                                                                                                                                                                7. 
@@ -21,7 +21,7 @@
 
 
 
                                                                                                                                                                                                
-
                                                                                                                                                                                                Parent topic: Best Practice
                                                                                                                                                                                                
+
                                                                                                                                                                                                Parent topic: Best Practice
                                                                                                                                                                                                
 
                                                                                                                                                                                                
 
                                                                                                                                                                                              
 
diff --git a/docs/cce/umn/cce_bestpractice_0052.html b/docs/cce/umn/cce_bestpractice_0052.html
index d689f65dc..d3bd0a796 100644
--- a/docs/cce/umn/cce_bestpractice_0052.html
+++ b/docs/cce/umn/cce_bestpractice_0052.html
@@ -13,10 +13,12 @@
 
                                                                                                                                                                                              2. 
 
                                                                                                                                                                                            2. Obtaining the Client Source IP Address for a Container
                                                                                                                                                                                              
 
                                                                                                                                                                                              3. 
+
                                                                                                                                                                                            3. Pre-Binding Container ENI for CCE Turbo Clusters
                                                                                                                                                                                              
+
                                                                                                                                                                                              4. 
 
 
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              Parent topic: Best Practice
                                                                                                                                                                                              
+
                                                                                                                                                                                              Parent topic: Best Practice
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                            
 
diff --git a/docs/cce/umn/cce_bestpractice_0053.html b/docs/cce/umn/cce_bestpractice_0053.html
index 4e38f74fa..a5131714e 100644
--- a/docs/cce/umn/cce_bestpractice_0053.html
+++ b/docs/cce/umn/cce_bestpractice_0053.html
@@ -4,7 +4,7 @@
 
                                                                                                                                                                                            
 
 
diff --git a/docs/cce/umn/cce_bestpractice_0055.html b/docs/cce/umn/cce_bestpractice_0055.html
index 71fac532a..3c45e6654 100644
--- a/docs/cce/umn/cce_bestpractice_0055.html
+++ b/docs/cce/umn/cce_bestpractice_0055.html
@@ -9,7 +9,7 @@
 
 
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Parent topic: Best Practice
                                                                                                                                                                                            
+
                                                                                                                                                                                            Parent topic: Best Practice
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
diff --git a/docs/cce/umn/cce_bestpractice_0090.html b/docs/cce/umn/cce_bestpractice_0090.html
index a57952534..0cdf3e8f9 100644
--- a/docs/cce/umn/cce_bestpractice_0090.html
+++ b/docs/cce/umn/cce_bestpractice_0090.html
@@ -10,7 +10,7 @@
 
 
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Parent topic: Best Practice
                                                                                                                                                                                            
+
                                                                                                                                                                                            Parent topic: Best Practice
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
diff --git a/docs/cce/umn/cce_bestpractice_0107.html b/docs/cce/umn/cce_bestpractice_0107.html
index 61766e7eb..c2c21fd3b 100644
--- a/docs/cce/umn/cce_bestpractice_0107.html
+++ b/docs/cce/umn/cce_bestpractice_0107.html
@@ -549,7 +549,7 @@ spec:
 
                                                                                                                                                                                             
                                                                                                                                                                                            Replace the example file name pvc-example.yaml in the preceding commands with the names of the YAML files configured in 2 and 3.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                          4. Run the kubectl edit command to edit the StatefulSet and use the newly created PVC.
                                                                                                                                                                                            kubectl edit sts sts-example -n xxx
                                                                                                                                                                                            
-
                                                                                                                                                                                            
+
                                                                                                                                                                                            
 
                                                                                                                                                                                             
                                                                                                                                                                                            Replace sts-example in the preceding command with the actual name of the StatefulSet to upgrade. xxx indicates the namespace to which the StatefulSet belongs.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                          5. Wait until the pods are running.
                                                                                                                                                                                            6. 
diff --git a/docs/cce/umn/cce_bestpractice_0307.html b/docs/cce/umn/cce_bestpractice_0307.html
index 4e873d7dd..c2f647857 100644
--- a/docs/cce/umn/cce_bestpractice_0307.html
+++ b/docs/cce/umn/cce_bestpractice_0307.html
@@ -1,13 +1,13 @@
 
 
 
                                                                                                                                                                                            Solution Overview
                                                                                                                                                                                            
-
                                                                                                                                                                                            Scenario
                                                                                                                                                                                            Containers are growing in popularity and Kubernetes simplifies containerized deployment. Many companies choose to build their own Kubernetes clusters. However, the O&M workload of on-premises clusters is heavy, and O&M personnel need to configure the management systems and monitoring solutions by themselves. This increases the labor costs while decreasing the efficiency.
                                                                                                                                                                                            
-
                                                                                                                                                                                            In terms of performance, an on-premises cluster has poor scalability due to its fixed specifications. Auto scaling cannot be implemented in case of traffic surges, which may easily result in the insufficient or waste of cluster resources. In addition, an on-premises cluster is usually deployed on a single node without considering disaster recovery risks. Once a fault occurs, the entire cluster cannot be used, which may cause serious production incident.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Application Scenarios
                                                                                                                                                                                            Containers are growing in popularity and Kubernetes simplifies containerized deployment. Many companies choose to build their own Kubernetes clusters. However, the O&M workload of on-premises clusters is heavy, and O&M personnel need to configure the management systems and monitoring solutions by themselves. This increases the labor costs while decreasing the efficiency.
                                                                                                                                                                                            
+
                                                                                                                                                                                            In terms of performance, an on-premises cluster has poor scalability due to its fixed specifications. Auto scaling cannot be implemented in case of traffic surges, which may easily result in the insufficient or waste of cluster resources. In addition, disaster recovery risks are not considered for deploying an on-premises cluster, leading to poor reliability. Once a fault occurs, the entire cluster may fail, resulting in serious production incidents.
                                                                                                                                                                                            
 
                                                                                                                                                                                            Now you can address the preceding challenges by using CCE, a service that allows easy cluster management and flexible scaling, integrated with application service mesh and Helm charts to simplify cluster O&M and reduce operations costs. CCE is easy to use and delivers high performance, security, reliability, openness, and compatibility. This section describes the solution and procedure for migrating on-premises clusters to CCE.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Migration Solution
                                                                                                                                                                                            This section describes a cluster migration solution, which applies to the following types of clusters:
                                                                                                                                                                                            
 
                                                                                                                                                                                            • Kubernetes clusters built in local IDCs
                                                                                                                                                                                            • On-premises clusters built using multiple ECSs
                                                                                                                                                                                            • Cluster services provided by other cloud service providers
                                                                                                                                                                                            
-
                                                                                                                                                                                            Before the migration, you need to analyze all resources in the source clusters and then determine the migration solution. Resources that can be migrated include resources inside and outside the clusters, as listed in the following table.
+
                                                                                                                                                                                            Before the migration, analyze all resources in the source clusters and then determine the migration solution. Resources that can be migrated include resources inside and outside the clusters, as listed in the following table.
 
                                                                                                                                                                                            Table 3 containers field description
                                                                                                                                                                                            Parameter
                                                                                                                                                                                            
 
                                                                                                                                                                                            Mandatory/Optional
                                                                                                                                                                                            
+
                                                                                                                                                                                            Mandatory
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            Description
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            name
                                                                                                                                                                                            
 
                                                                                                                                                                                            Mandatory
                                                                                                                                                                                            
+
                                                                                                                                                                                            Yes
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            Container name
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            image
                                                                                                                                                                                            
 
                                                                                                                                                                                            Mandatory
                                                                                                                                                                                            
+
                                                                                                                                                                                            Yes
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            Container image name
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            lifecycle
                                                                                                                                                                                            
 
                                                                                                                                                                                            Optional
                                                                                                                                                                                            
+
                                                                                                                                                                                            No
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            Lifecycle
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
 
 
 
 
                                                                                                                                                                                            Table 1 Resources that can be migrated
                                                                                                                                                                                            Category
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            Migration Object
                                                                                                                                                                                            
@@ -53,18 +53,18 @@
 
 
 
                                                                                                                                                                                            Figure 1 shows the migration process. You can migrate resources outside a cluster as required.
                                                                                                                                                                                            
-
                                                                                                                                                                                            Figure 1 Migration solution diagram
                                                                                                                                                                                            
+
                                                                                                                                                                                            Figure 1 Migration solution diagram
                                                                                                                                                                                            
 
-
                                                                                                                                                                                            Migration Process
                                                                                                                                                                                            
+
                                                                                                                                                                                            Migration Process
                                                                                                                                                                                            
 
                                                                                                                                                                                            The cluster migration process is as follows:
                                                                                                                                                                                            
 
                                                                                                                                                                                            1. Plan resources for the target cluster.
                                                                                                                                                                                              For details about the differences between CCE clusters and on-premises clusters, see Key Performance Parameter in Planning Resources for the Target Cluster. Plan resources as required and ensure that the performance configuration of the target cluster is the same as that of the source cluster.
                                                                                                                                                                                              
-
                                                                                                                                                                                            2. Migrate resources outside a cluster.
                                                                                                                                                                                              If you need to migrate resources outside the cluster, see Migrating Resources Outside a Cluster.
                                                                                                                                                                                              
+
                                                                                                                                                                                            3. Migrate resources outside a cluster.
                                                                                                                                                                                              To migrate resources outside the cluster, see Migrating Resources Outside a Cluster.
                                                                                                                                                                                              
 
                                                                                                                                                                                            4. Install the migration tool.
                                                                                                                                                                                              After resources outside a cluster are migrated, you can use a migration tool to back up and restore application configurations in the source and target clusters. For details about how to install the tool, see Installing the Migration Tool.
                                                                                                                                                                                              
 
                                                                                                                                                                                            5. Migrate resources in the cluster.
                                                                                                                                                                                              Use Velero to back up resources in the source cluster to OBS and restore the resources in the target cluster. For details, see Migrating Resources in a Cluster.
                                                                                                                                                                                              
 
                                                                                                                                                                                              • Backing Up Applications in the Source Cluster
                                                                                                                                                                                                To back up resources, use the Velero tool to create a backup object in the original cluster, query and back up cluster data and resources, package the data, and upload the package to the object storage that is compatible with the S3 protocol. Cluster resources are stored in the JSON format.
                                                                                                                                                                                                
 
                                                                                                                                                                                              • Restoring Applications in the Target Cluster
                                                                                                                                                                                                During restoration in the target cluster, Velero specifies the temporary object bucket that stores the backup data, downloads the backup data to the new cluster, and redeploys resources based on the JSON file.
                                                                                                                                                                                                
 
                                                                                                                                                                                              
-
                                                                                                                                                                                            6. Update resources accordingly.
                                                                                                                                                                                              After the migration, cluster resources may fail to be deployed. You need to update the faulty resources. The possible adaptation problems are as follows:
                                                                                                                                                                                              
+
                                                                                                                                                                                            7. Update resources accordingly.
                                                                                                                                                                                              After the migration, cluster resources may fail to be deployed. Update the faulty resources. The possible adaptation problems are as follows:
                                                                                                                                                                                              
 
 
                                                                                                                                                                                            8. Perform additional tasks.
                                                                                                                                                                                              After cluster resources are properly deployed, verify application functions after the migration and switch service traffic to the target cluster. After confirming that all services are running properly, bring the source cluster offline.
                                                                                                                                                                                              
 
                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_bestpractice_0308.html b/docs/cce/umn/cce_bestpractice_0308.html
index e2c13f101..dcf2321dd 100644
--- a/docs/cce/umn/cce_bestpractice_0308.html
+++ b/docs/cce/umn/cce_bestpractice_0308.html
@@ -5,23 +5,23 @@
 
                                                                                                                                                                                             
                                                                                                                                                                                            After a cluster is created, the resource parameters marked with asterisks (*) in Table 1 cannot be modified.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
-
                                                                                                                                                                                            Table 1 CCE cluster planning
                                                                                                                                                                                            Resource
                                                                                                                                                                                            
+
                                                                                                                                                                                            
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_bestpractice_0311.html b/docs/cce/umn/cce_bestpractice_0311.html
index 83ef9bb70..863c3a792 100644
--- a/docs/cce/umn/cce_bestpractice_0311.html
+++ b/docs/cce/umn/cce_bestpractice_0311.html
@@ -1,12 +1,12 @@
 
                                                                                                                                                                                            Migrating Resources in a Cluster 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Scenario
                                                                                                                                                                                            WordPress is used as an example to describe how to migrate an application from an on-premises Kubernetes cluster to a CCE cluster. The WordPress application consists of the WordPress and MySQL components, which are containerized. The two components are bound to two local storage volumes of the Local type respectively and provide external access through the NodePort Service.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Application Scenarios
                                                                                                                                                                                            WordPress is used as an example to describe how to migrate an application from an on-premises Kubernetes cluster to a CCE cluster. The WordPress application consists of the WordPress and MySQL components, which are containerized. The two components are bound to two local storage volumes of the Local type respectively and provide external access through the NodePort Service.
                                                                                                                                                                                            
 
                                                                                                                                                                                            Before the migration, use a browser to access the WordPress site, create a site named Migrate to CCE, and publish an article to verify the integrity of PV data after the migration. The article published in WordPress will be stored in the wp_posts table of the MySQL database. If the migration is successful, all contents in the database will be migrated to the new cluster. You can verify the PV data migration based on the migration result.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Prerequisites
                                                                                                                                                                                            • Before the migration, clear the abnormal pod resources in the source cluster. If the pod is in the abnormal state and has a PVC mounted, the PVC is in the pending state after the cluster is migrated.
                                                                                                                                                                                            • Ensure that the cluster on the CCE side does not have the same resources as the cluster to be migrated because Velero does not restore the same resources by default.
                                                                                                                                                                                            • To ensure that container image images can be properly pulled after cluster migration, migrate the images to SWR.
                                                                                                                                                                                            • CCE does not support EVS disks of the ReadWriteMany type. If resources of this type exist in the source cluster, change the storage type to ReadWriteOnce.
                                                                                                                                                                                            • Velero integrates the Restic tool to back up and restore storage volumes. Currently, the storage volumes of the HostPath type are not supported. For details, see Restic Restrictions. If you need to back up storage volumes of this type, replace the hostPath volumes with local volumes by referring to Storage Volumes of the HostPath Type Cannot Be Backed Up. If a backup task involves storage of the HostPath type, the storage volumes of this type will be automatically skipped and a warning message will be generated. This will not cause a backup failure.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Prerequisites
                                                                                                                                                                                            • Before the migration, clear the abnormal pod resources in the source cluster. If the pod is in the abnormal state and has a PVC mounted, the PVC is in the pending state after the cluster is migrated.
                                                                                                                                                                                            • Ensure that the cluster on the CCE side does not have the same resources as the cluster to be migrated because Velero does not restore the same resources by default.
                                                                                                                                                                                            • To ensure that container image images can be properly pulled after cluster migration, migrate the images to SWR.
                                                                                                                                                                                            • CCE does not support EVS disks of the ReadWriteMany type. If resources of this type exist in the source cluster, change the storage type to ReadWriteOnce.
                                                                                                                                                                                            • Velero integrates the Restic tool to back up and restore storage volumes. Currently, the storage volumes of the HostPath type are not supported. For details, see Restic Restrictions. To back up storage volumes of this type, replace the hostPath volumes with local volumes by referring to Storage Volumes of the HostPath Type Cannot Be Backed Up. If a backup task involves storage of the HostPath type, the storage volumes of this type will be automatically skipped and a warning message will be generated. This will not cause a backup failure.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Backing Up Applications in the Source Cluster
                                                                                                                                                                                            1. (Optional) If you need to back up the data of a specified storage volume in the pod, add an annotation to the pod. The annotation template is as follows:
                                                                                                                                                                                              kubectl -n <namespace> annotate <pod/pod_name> backup.velero.io/backup-volumes=<volume_name_1>,<volume_name_2>,...
                                                                                                                                                                                              
+
                                                                                                                                                                                              Backing Up Applications in the Source Cluster
                                                                                                                                                                                              1. (Optional) To back up the data of a specified storage volume in the pod, add an annotation to the pod. The annotation template is as follows:
                                                                                                                                                                                                kubectl -n <namespace> annotate <pod/pod_name> backup.velero.io/backup-volumes=<volume_name_1>,<volume_name_2>,...
                                                                                                                                                                                                
 
                                                                                                                                                                                                • <namespace>: namespace where the pod is located.
                                                                                                                                                                                                • <pod_name>: pod name.
                                                                                                                                                                                                • <volume_name>: name of the persistent volume mounted to the pod. You can run the describe statement to query the pod information. The Volume field indicates the names of all persistent volumes attached to the pod.
                                                                                                                                                                                                
 
                                                                                                                                                                                                Add annotations to the pods of WordPress and MySQL. The pod names are wordpress-758fbf6fc7-s7fsr and mysql-5ffdfbc498-c45lh. As the pods are in the default namespace default, the -n <NAMESPACE> parameter can be omitted.
                                                                                                                                                                                                
 
                                                                                                                                                                                                kubectl annotate pod/wordpress-758fbf6fc7-s7fsr backup.velero.io/backup-volumes=wp-storage
@@ -16,7 +16,7 @@ kubectl annotate pod/mysql-5f
 
                                                                                                                                                                                              2. --include-resources: backs up the specified resources.
                                                                                                                                                                                                velero backup create <backup-name> --include-resources deployments
                                                                                                                                                                                                
 
                                                                                                                                                                                              3. --selector: backs up resources that match the selector.
                                                                                                                                                                                                velero backup create <backup-name> --selector <key>=<value>
                                                                                                                                                                                                
 
                                                                                                                                                                                                4. 
-
                                                                                                                                                                                                In this section, resources in the namespace default are backed up. wordpress-backup is the backup name. You need to specify the same backup name when restoring applications. Example:
                                                                                                                                                                                                
+
                                                                                                                                                                                                In this section, resources in the namespace default are backed up. wordpress-backup is the backup name. Specify the same backup name when restoring applications. An example is as follows:
                                                                                                                                                                                                
 
                                                                                                                                                                                                velero backup create wordpress-backup --include-namespaces default --default-volumes-to-restic
                                                                                                                                                                                                
 
                                                                                                                                                                                                If the following information is displayed, the backup task is successfully created:
                                                                                                                                                                                                
 
                                                                                                                                                                                                Backup request "wordpress-backup" submitted successfully. Run `velero backup describe wordpress-backup` or `velero backup logs wordpress-backup` for more details.
                                                                                                                                                                                                
@@ -25,10 +25,10 @@ kubectl annotate pod/mysql-5f
 wordpress-backup   Completed   0        0          2021-10-14 15:32:07 +0800 CST   29d       default            <none>
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              In addition, you can go to the object bucket to view the backup files. The backups path is the application resource backup path, and the restic path is the PV data backup path.
                                                                                                                                                                                              
-
                                                                                                                                                                                              
+
                                                                                                                                                                                              
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Restoring Applications in the Target Cluster
                                                                                                                                                                                            The storage infrastructure of an on-premises cluster is different from that of a cloud cluster. After the cluster is migrated, PVs cannot be mounted to pods. Therefore, during the migration, you need to update the storage class of the target cluster to shield the differences of underlying storage interfaces between the two clusters when creating a workload and request storage resources of the corresponding type. For details, see Updating the Storage Class. 
                                                                                                                                                                                            
+
                                                                                                                                                                                            Restoring Applications in the Target Cluster
                                                                                                                                                                                            The storage infrastructure of an on-premises cluster is different from that of a cloud cluster. After the cluster is migrated, PVs cannot be mounted to pods. Therefore, during the migration, update the storage class of the target cluster to shield the differences of underlying storage interfaces between the two clusters when creating a workload and request storage resources of the corresponding type. For details, see Updating the Storage Class. 
                                                                                                                                                                                            
 
                                                                                                                                                                                            1. Use kubectl to connect to the CCE cluster. Create a storage class with the same name as that of the source cluster.
                                                                                                                                                                                              In this example, the storage class name of the source cluster is local and the storage type is local disk. Local disks completely depend on the node availability. The data DR performance is poor. When the node is unavailable, the existing storage data is affected. Therefore, EVS volumes are used as storage resources in CCE clusters, and SAS disks are used as backend storage media.
                                                                                                                                                                                              
 
                                                                                                                                                                                               
                                                                                                                                                                                              • When an application containing PV data is restored in a CCE cluster, the defined storage class dynamically creates and mounts storage resources (such as EVS volumes) based on the PVC.
                                                                                                                                                                                              • The storage resources of the cluster can be changed as required, not limited to EVS volumes. To mount other types of storage, such as file storage and object storage, see Updating the Storage Class.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_0312.html b/docs/cce/umn/cce_bestpractice_0312.html
index 514835abf..2f275bc5c 100644
--- a/docs/cce/umn/cce_bestpractice_0312.html
+++ b/docs/cce/umn/cce_bestpractice_0312.html
@@ -2,14 +2,14 @@
 
 
                                                                                                                                                                                              Updating Resources Accordingly
                                                                                                                                                                                              
 
                                                                                                                                                                                              Updating Images
                                                                                                                                                                                              The WordPress and MySQL images used in this example can be pulled from SWR. Therefore, the image pull failure (ErrImagePull) will not occur. If the application to be migrated is created from a private image, perform the following steps to update the image:
                                                                                                                                                                                              
-
                                                                                                                                                                                              1. Migrate the image resources to SWR. For details, see Uploading an Image Through a Container Engine Client.
                                                                                                                                                                                              2. Log in to the SWR console and obtain the image path used after the migration.
                                                                                                                                                                                                The image path is in the following format:
                                                                                                                                                                                                
+
                                                                                                                                                                                                1. Migrate the image resources to SWR. For details, see Uploading an Image Through the Client.
                                                                                                                                                                                                2. Log in to the SWR console and obtain the image path used after the migration.
                                                                                                                                                                                                  The image path is in the following format:
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  'swr.{Region}.otc.t-systems.com/{Organization name}/{Image name}:{Tag}'
                                                                                                                                                                                                  
 
                                                                                                                                                                                                3. Run the following command to modify the workload and replace the image field in the YAML file with the image path:
                                                                                                                                                                                                  kubectl edit deploy wordpress
                                                                                                                                                                                                  
 
                                                                                                                                                                                                4. Check the running status of the workload.
                                                                                                                                                                                                
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              Updating Services
                                                                                                                                                                                              After the cluster is migrated, the Service of the source cluster may fail to take effect. You can perform the following steps to update the Service. If ingresses are configured in the source cluster, you need to connect the new cluster to ELB again after the migration. For details, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Updating Services
                                                                                                                                                                                              After the cluster is migrated, the Service of the source cluster may fail to take effect. You can perform the following steps to update the Service. If ingresses are configured in the source cluster, connect the new cluster to ELB again after the migration. For details, see Using kubectl to Create an ELB Ingress.
                                                                                                                                                                                              
 
                                                                                                                                                                                              1. Connect to the cluster using kubectl.
                                                                                                                                                                                              2. Edit the YAML file of the corresponding Service to change the Service type and port number.
                                                                                                                                                                                                kubectl edit svc wordpress
                                                                                                                                                                                                
-
                                                                                                                                                                                                To update load balancer resources, you need to connect to ELB again. Add the following annotations. For details, see LoadBalancer.
                                                                                                                                                                                                annotations: 
+
                                                                                                                                                                                                To update load balancer resources, connect to ELB again. Add the annotations by following the procedure described in LoadBalancer.
                                                                                                                                                                                                annotations: 
   kubernetes.io/elb.class: union # Shared load balancer
   kubernetes.io/elb.id: 9d06a39d-xxxx-xxxx-xxxx-c204397498a3    # Load balancer ID, which can be queried on the ELB console.
   kubernetes.io/elb.subnet-id: f86ba71c-xxxx-xxxx-xxxx-39c8a7d4bb36    # ID of the cluster where the subnet resides
@@ -99,7 +99,7 @@ provisioner: everest-csi-provisioner
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
                                                                                                                                                                                                
 
                                                                                                                                                                                                
-
                                                                                                                                                                                                 
                                                                                                                                                                                                • SFS Turbo file systems cannot be directly created using StorageClass. You need to go to the SFS Turbo console to create SFS Turbo file systems that belong to the same VPC subnet and have inbound ports (111, 445, 2049, 2051, 2052, and 20048) enabled in the security group.
                                                                                                                                                                                                • CCE does not support EVS disks of the ReadWriteMany type. If resources of this type exist in the source cluster, change the storage type to ReadWriteOnce.
                                                                                                                                                                                                
+
                                                                                                                                                                                                 
                                                                                                                                                                                                • SFS Turbo file systems cannot be directly created using StorageClass. Go to the SFS Turbo console to create SFS Turbo file systems that belong to the same VPC subnet and have inbound ports (111, 445, 2049, 2051, 2052, and 20048) enabled in the security group.
                                                                                                                                                                                                • CCE does not support EVS disks of the ReadWriteMany type. If resources of this type exist in the source cluster, change the storage type to ReadWriteOnce.
                                                                                                                                                                                                
 
                                                                                                                                                                                                
 
                                                                                                                                                                                              3. Restore the cluster application by referring to Restoring Applications in the Target Cluster and check whether the PVC is successfully created.
                                                                                                                                                                                                kubectl get pvc
                                                                                                                                                                                                
 
                                                                                                                                                                                                In the command output, the VOLUME column indicates the name of the PV automatically created using the storage class.
                                                                                                                                                                                                NAME   STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
@@ -112,7 +112,7 @@ pvc    Bound    pvc-4c8e655a-1dbc-4897-ae6c-446b502f5e77   5Gi        RWX
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              1. Log in to the RDS console and obtain the private IP address and port number of the DB instance on the Basic Information page.
                                                                                                                                                                                              2. Run the following command to modify the WordPress workload:
                                                                                                                                                                                                kubectl edit deploy wordpress
                                                                                                                                                                                                
 
                                                                                                                                                                                                Set the environment variables in the env field.
                                                                                                                                                                                                
-
                                                                                                                                                                                                • WORDPRESS_DB_HOST: address and port number used for accessing the database, that is, the internal network address and port number obtained in the previous step.
                                                                                                                                                                                                • WORDPRESS_DB_USERU: username for accessing the database.
                                                                                                                                                                                                • WORDPRESS_DB_PASSWORD: password for accessing the database.
                                                                                                                                                                                                • WORDPRESS_DB_NAME: name of the database to be connected.
                                                                                                                                                                                                
+
                                                                                                                                                                                                • WORDPRESS_DB_HOST: address and port number used for accessing the database, that is, the internal network address and port number obtained in the previous step.
                                                                                                                                                                                                • WORDPRESS_DB_USER: username for accessing the database.
                                                                                                                                                                                                • WORDPRESS_DB_PASSWORD: password for accessing the database.
                                                                                                                                                                                                • WORDPRESS_DB_NAME: name of the database to be connected.
                                                                                                                                                                                                
 
                                                                                                                                                                                              3. Check whether the RDS database is properly connected.
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_0313.html b/docs/cce/umn/cce_bestpractice_0313.html
index d87a1eef9..3b6ee94a3 100644
--- a/docs/cce/umn/cce_bestpractice_0313.html
+++ b/docs/cce/umn/cce_bestpractice_0313.html
@@ -1,9 +1,9 @@
 
 
 
                                                                                                                                                                                              Performing Additional Tasks
                                                                                                                                                                                              
-
                                                                                                                                                                                              Verifying Application Functions
                                                                                                                                                                                              Cluster migration involves full migration of application data, which may cause intra-application adaptation problems. In this example, after the cluster is migrated, the redirection link of the article published in WordPress is still the original domain name. If you click the article title, you will be redirected to the application in the source cluster. Therefore, you need to search for the original domain name in WordPress and replace it with the new domain name, change the values of site_url and primary URL in the database. For details, see Changing The Site URL.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Verifying Application Functions
                                                                                                                                                                                              Cluster migration involves full migration of application data, which may cause intra-application adaptation problems. In this example, after the cluster is migrated, the redirection link of the article published in WordPress is still the original domain name. If you click the article title, you will be redirected to the application in the source cluster. Therefore, search for the original domain name in WordPress and replace it with the new domain name, change the values of site_url and primary URL in the database. For details, see Changing The Site URL.
                                                                                                                                                                                              
 
                                                                                                                                                                                              Access the new address of the WordPress application. If the article published before the migration is displayed, the data of the persistent volume is successfully restored.
                                                                                                                                                                                              
-
                                                                                                                                                                                              
+
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              Switching Live Traffic to the Target Cluster
                                                                                                                                                                                              O&M personnel switch DNS to direct live traffic to the target cluster.
                                                                                                                                                                                              
 
                                                                                                                                                                                              • DNS traffic switching: Adjust the DNS configuration to switch traffic.
                                                                                                                                                                                              • Client traffic switching: Upgrade the client code or update the configuration to switch traffic.
                                                                                                                                                                                              
diff --git a/docs/cce/umn/cce_bestpractice_0315.html b/docs/cce/umn/cce_bestpractice_0315.html
index c4eef920a..771b69b14 100644
--- a/docs/cce/umn/cce_bestpractice_0315.html
+++ b/docs/cce/umn/cce_bestpractice_0315.html
@@ -19,7 +19,7 @@
 
 
 
                                                                                                                                                                                              
-
                                                                                                                                                                                              Parent topic: Best Practice
                                                                                                                                                                                              
+
                                                                                                                                                                                              Parent topic: Best Practice
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
                                                                                                                                                                                              
 
diff --git a/docs/cce/umn/cce_bestpractice_0317.html b/docs/cce/umn/cce_bestpractice_0317.html
index 76eb1ea00..43df9795a 100644
--- a/docs/cce/umn/cce_bestpractice_0317.html
+++ b/docs/cce/umn/cce_bestpractice_0317.html
@@ -78,7 +78,7 @@ spec:
 
                                                                                                                                                                                              2. 
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Configuring Network Isolation in a Cluster
                                                                                                                                                                                            • Container tunnel network
                                                                                                                                                                                              If networks need to be isolated between namespaces in a cluster or between workloads in the same namespace, you can configure network policies to isolate the networks. 
                                                                                                                                                                                              
-
                                                                                                                                                                                            • Cloud Native Network 2.0
                                                                                                                                                                                              In the Cloud Native Network 2.0 model, you can configure security groups to isolate networks between pods. For details, see SecurityGroup.
                                                                                                                                                                                              
+
                                                                                                                                                                                            • Cloud Native Network 2.0
                                                                                                                                                                                              In the Cloud Native Network 2.0 model, you can configure security groups to isolate networks between pods. For details, see Security Group Policies.
                                                                                                                                                                                              
 
                                                                                                                                                                                            • VPC network
                                                                                                                                                                                              Network isolation is not supported.
                                                                                                                                                                                              
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_bestpractice_0318.html b/docs/cce/umn/cce_bestpractice_0318.html
index e01bcf11f..c15755f3b 100644
--- a/docs/cce/umn/cce_bestpractice_0318.html
+++ b/docs/cce/umn/cce_bestpractice_0318.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                                            Node Security
                                                                                                                                                                                            
 
                                                                                                                                                                                            Preventing Nodes from Being Exposed to Public Networks
                                                                                                                                                                                            • Do not bind an EIP to a node unless necessary to reduce the attack surface.
                                                                                                                                                                                            • If an EIP must be used, properly configure the firewall or security group rules to restrict access of unnecessary ports and IP addresses.
                                                                                                                                                                                            
 
                                                                                                                                                                                            You may have configured the kubeconfig.json file on a node in your cluster. kubectl can use the certificate and private key in this file to control the entire cluster. You are advised to delete unnecessary files from the /root/.kube directory on the node to prevent malicious use.
                                                                                                                                                                                            
-
                                                                                                                                                                                            rm -rf /root/.kube
                                                                                                                                                                                            
+
                                                                                                                                                                                            rm -rf /root/.kube
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Hardening VPC Security Group Rules
                                                                                                                                                                                            CCE is a universal container platform. Its default security group rules apply to common scenarios. Based on security requirements, you can harden the security group rules set for CCE clusters on the Security Groups page of Network Console.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
@@ -15,8 +15,8 @@
 
                                                                                                                                                                                            For details about how to restore the metadata, see the "Notes" section in Obtaining Metadata.
                                                                                                                                                                                            
 
                                                                                                                                                                                             
                                                                                                                                                                                            This solution may affect the password change on the ECS console. Therefore, you must verify the solution before rectifying the fault.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            1. Obtain the network model and container CIDR of the cluster.
                                                                                                                                                                                              On the Clusters page of the CCE console, view the network model and container CIDR of the cluster.
                                                                                                                                                                                              
-
                                                                                                                                                                                              
+
                                                                                                                                                                                              1. Obtain the network model and container CIDR of the cluster.
                                                                                                                                                                                                On the Cluster Information page, check the network model and container CIDR block of the cluster in the Networking Configuration area.
                                                                                                                                                                                                
+
                                                                                                                                                                                                
 
                                                                                                                                                                                              2. Prevent the container from obtaining host metadata.
                                                                                                                                                                                                • VPC network
                                                                                                                                                                                                  1. Log in to each node in the CCE cluster as user root and run the following command:
                                                                                                                                                                                                    iptables -I OUTPUT -s {container_cidr} -d 169.254.169.254 -j REJECT
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    {container_cidr} indicates the container CIDR of the cluster, for example, 10.0.0.0/16.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    To ensure configuration persistence, you are advised to write the command to the /etc/rc.local script.
                                                                                                                                                                                                    
diff --git a/docs/cce/umn/cce_bestpractice_0321.html b/docs/cce/umn/cce_bestpractice_0321.html
index 737858fe0..6905c029e 100644
--- a/docs/cce/umn/cce_bestpractice_0321.html
+++ b/docs/cce/umn/cce_bestpractice_0321.html
@@ -13,7 +13,7 @@
 
                                                                                                                                                                                                
 
 
                                                                                                                                                                                                
-
                                                                                                                                                                                                Parent topic: Best Practice
                                                                                                                                                                                                
+
                                                                                                                                                                                                Parent topic: Best Practice
                                                                                                                                                                                                
 
                                                                                                                                                                                                
 
                                                                                                                                                                                            
 
diff --git a/docs/cce/umn/cce_bestpractice_0322.html b/docs/cce/umn/cce_bestpractice_0322.html
index 3fac4ff95..810ff1d2c 100644
--- a/docs/cce/umn/cce_bestpractice_0322.html
+++ b/docs/cce/umn/cce_bestpractice_0322.html
@@ -13,7 +13,7 @@
 
 
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Parent topic: Best Practice
                                                                                                                                                                                            
+
                                                                                                                                                                                            Parent topic: Best Practice
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
diff --git a/docs/cce/umn/cce_bestpractice_0323.html b/docs/cce/umn/cce_bestpractice_0323.html
index ecb2381c0..bea22780d 100644
--- a/docs/cce/umn/cce_bestpractice_0323.html
+++ b/docs/cce/umn/cce_bestpractice_0323.html
@@ -8,12 +8,12 @@
 
 
 
diff --git a/docs/cce/umn/cce_bestpractice_0324.html b/docs/cce/umn/cce_bestpractice_0324.html
index ab18d269e..31f727408 100644
--- a/docs/cce/umn/cce_bestpractice_0324.html
+++ b/docs/cce/umn/cce_bestpractice_0324.html
@@ -2,15 +2,15 @@
 
 
                                                                                                                                                                                            Interconnecting GitLab with SWR and CCE for CI/CD
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Challenges
                                                                                                                                                                                            GitLab is an open-source version management system developed with Ruby on Rails for Git project repository management. It supports web-based access to public and private projects. Similar to GitHub, GitLab allows you to browse source code, manage bugs and comments, and control team member access to repositories. You will find it very easy to view committed versions and file history database. Team members can communicate with each other using the built-in chat program (Wall).
                                                                                                                                                                                            
+
                                                                                                                                                                                            Background
                                                                                                                                                                                            GitLab is an open-source version management system developed with Ruby on Rails for Git project repository management. It supports web-based access to public and private projects. Similar to GitHub, GitLab allows you to browse source code, manage bugs and comments, and control team member access to repositories. You will find it very easy to view committed versions and file history database. Team members can communicate with each other using the built-in chat program (Wall).
                                                                                                                                                                                            
 
                                                                                                                                                                                            GitLab provides powerful CI/CD functions and is widely used in software development.
                                                                                                                                                                                            
-
                                                                                                                                                                                            Figure 1 GitLab CI/CD process
                                                                                                                                                                                            
+
                                                                                                                                                                                            Figure 1 GitLab CI/CD process
                                                                                                                                                                                            
 
                                                                                                                                                                                            This section describes how to interconnect GitLab with SWR and CCE for CI/CD.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Preparations
                                                                                                                                                                                            1. Create a CCE cluster and a node and bind an EIP to the node for downloading an image during GitLab Runner installation.
                                                                                                                                                                                            2. Download and configure kubectl to connect to the cluster.
                                                                                                                                                                                            3. Install Helm 3.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Installing GitLab Runner
                                                                                                                                                                                            Log in to GitLab, choose Settings > CI/CD in the project view, click Expand next to Runners, and search for the GitLab Runner registration URL and token.
                                                                                                                                                                                            
-
                                                                                                                                                                                            
+
                                                                                                                                                                                            
 
                                                                                                                                                                                            Create the values.yaml file and fill in the following information:
                                                                                                                                                                                            
 
                                                                                                                                                                                            # Registration URL
 gitlabUrl: https://gitlab.com/
@@ -24,37 +24,37 @@ runners:
 
                                                                                                                                                                                            kubectl create namespace gitlab
                                                                                                                                                                                            
 
                                                                                                                                                                                            Install GitLab Runner using Helm.
                                                                                                                                                                                            
 
                                                                                                                                                                                            helm repo add gitlab https://charts.gitlab.io 
-helm install --namespace gitlab gitlab-runner -f values.yaml gitlab/gitlab-runner
                                                                                                                                                                                            
-
                                                                                                                                                                                            After the installation, you can query the workload of gitlab-runner on the CCE console and view the connection information in GitLab later.
                                                                                                                                                                                            
-
                                                                                                                                                                                            
+helm install --namespace gitlab gitlab-runner -f values.yaml gitlab/gitlab-runner --version=0.43.1
                                                                                                                                                                                            
+
                                                                                                                                                                                            After the installation, you can obtain the gitlab-runner workload on the CCE console and view the connection information in GitLab later.
                                                                                                                                                                                            
+
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Creating an Application
                                                                                                                                                                                            Place the application to be created in the GitLab project repository. This section takes Nginx modification as an example. For details, visit https://gitlab.com/c8147/cidemo/-/tree/main.
                                                                                                                                                                                            
 
                                                                                                                                                                                            The following files are included:
                                                                                                                                                                                            
 
                                                                                                                                                                                            • .gitlab-ci.yml: Gitlab CI file, which will be described in detail in Creating a Pipeline.
                                                                                                                                                                                            • Dockerfile: used to build Docker images.
                                                                                                                                                                                            • index.html: used to replace the index page of Nginx.
                                                                                                                                                                                            • k8s.yaml: used to deploy the Nginx app. A Deployment named nginx-test and a Service named nginx-test will be created.
                                                                                                                                                                                            
 
                                                                                                                                                                                            The preceding files are only examples. You can replace or modify them accordingly.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Configuring Global Variables
                                                                                                                                                                                            When using pipelines, you need to build an image, upload it to SWR, and run kubectl commands to deploy the image in the cluster. Before performing these operations, you must log in to SWR and obtain the credential for connecting to the cluster. You can define the information as variables in GitLab.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Configuring Global Variables
                                                                                                                                                                                            When using pipelines, build an image, upload it to SWR, and run kubectl commands to deploy the image in the cluster. Before performing these operations, you must log in to SWR and obtain the credential for connecting to the cluster. You can define the information as variables in GitLab.
                                                                                                                                                                                            
 
                                                                                                                                                                                            Log in to GitLab, choose Settings > CI/CD in the project view, and click Expand next to Variables to add variables.
                                                                                                                                                                                            
-
                                                                                                                                                                                            
+
                                                                                                                                                                                            
 
                                                                                                                                                                                            • kube_config
                                                                                                                                                                                              kubeconfig.json file used for kubectl command authentication. Run the following command on the host where kubectl is configured to convert the file to the Base64 format:
                                                                                                                                                                                              
 
                                                                                                                                                                                              echo $(cat ~/.kube/config | base64) | tr -d " "
                                                                                                                                                                                              
 
                                                                                                                                                                                              The command output is the content of kubeconfig.json.
                                                                                                                                                                                              
 
                                                                                                                                                                                            • project: project name.
                                                                                                                                                                                              Log in to the management console, click your username in the upper right corner, and click My Credentials. In the Projects area on the API Credentials page, check the name of the project in your current region.
                                                                                                                                                                                              
-
                                                                                                                                                                                            • swr_ak: access key.
                                                                                                                                                                                              Log in to the management console, click your username in the upper right corner, and click My Credentials. In the navigation pane on the left, choose Access Keys. Click Create Access Key, enter the description, and click OK. In the displayed Information dialog box, click Download. After the certificate is downloaded, obtain the AK and SK information from the credentials file.
                                                                                                                                                                                              
+
                                                                                                                                                                                            • swr_ak: access key.
                                                                                                                                                                                              Log in to the management console, click your username in the upper right corner, and click My Credentials. In the navigation pane, choose Access Keys. Click Create Access Key, enter the description, and click OK. In the displayed Information dialog box, click Download. After the certificate is downloaded, obtain the AK and SK information from the credentials file.
                                                                                                                                                                                              
 
                                                                                                                                                                                            • swr_sk: secret key for logging in to SWR.
                                                                                                                                                                                              Run the following command to obtain the key pair. Replace $AK and $SK with the AK and SK obtained in the preceding steps.
                                                                                                                                                                                              
 
                                                                                                                                                                                              printf "$AK" | openssl dgst -binary -sha256 -hmac "$SK" | od -An -vtx1 | sed 's/[ \n]//g' | sed 'N;s/\n//'
                                                                                                                                                                                              
 
                                                                                                                                                                                              The command output displays the login key pair.
                                                                                                                                                                                              
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Creating a Pipeline
                                                                                                                                                                                            Log in to Gitlab and add the .gitlab-ci.yml file to Repository.
                                                                                                                                                                                            
-
                                                                                                                                                                                            
+
                                                                                                                                                                                            
 
                                                                                                                                                                                            The content is as follows:
                                                                                                                                                                                            
 
                                                                                                                                                                                            # Define pipeline stages, including package, build, and deploy.
 stages:
   - package  
   - build
   - deploy
-# If no image is specified in each stage, the default image docker:latest is used.
+# If no image is specified in each stage, the default image docker:latest is used.
 image: docker:latest
 # In the package stage, only printing is performed.
 package:
@@ -85,7 +85,7 @@ deploy:
     entrypoint: [""]
   stage: deploy
   script:
-    # Configure the kubeconfig file.
+    # Configure the kubeconfig file.
     - mkdir -p $HOME/.kube
     - export KUBECONFIG=$HOME/.kube/config
     - echo $kube_config |base64 -d > $KUBECONFIG
@@ -95,18 +95,17 @@ deploy:
     # Deploy an application.
     - kubectl apply -f k8s.yaml
                                                                                                                                                                                            
 
                                                                                                                                                                                            After the .gitlab-ci.yml file is saved, the pipeline is started immediately. You can view the pipeline execution status in GitLab.
                                                                                                                                                                                            
-
                                                                                                                                                                                            
+
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Verifying Deployment
                                                                                                                                                                                            After the pipeline is deployed, locate the nginx-test Service on the CCE console, query its access address, and run the curl command to access the Service.
                                                                                                                                                                                            
-
                                                                                                                                                                                            # curl xxx.xxx.xxx.xxx:31111
+
                                                                                                                                                                                            # curl xxx.xxx.xxx.xxx:31111
 Hello Gitlab!
                                                                                                                                                                                            
 
                                                                                                                                                                                            If the preceding information is displayed, the deployment is correct.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            FAQs
                                                                                                                                                                                            If the following problems occur during the deployment:
                                                                                                                                                                                            
-
                                                                                                                                                                                            
-
                                                                                                                                                                                            or
                                                                                                                                                                                            
-
                                                                                                                                                                                            
-
                                                                                                                                                                                            Check whether the following commands are missing in the .gitlab-ci.yml file. If yes, add them to the .gitlab-ci.yml file.
                                                                                                                                                                                            
+
                                                                                                                                                                                            FAQs
                                                                                                                                                                                            • If the following problem occurs during the deployment:
                                                                                                                                                                                              
+
                                                                                                                                                                                              Or
                                                                                                                                                                                              
+
                                                                                                                                                                                              
+
                                                                                                                                                                                              Check whether the following commands are missing in the .gitlab-ci.yml file. If yes, add them to the .gitlab-ci.yml file.
                                                                                                                                                                                              
 
                                                                                                                                                                                              ...
 deploy:
   # Use the kubectl image.
@@ -115,13 +114,16 @@ deploy:
     entrypoint: [""]
   stage: deploy
   script:
-    # Configure the kubeconfig file.
+    # Configure the kubeconfig file.
     - mkdir -p $HOME/.kube
     - export KUBECONFIG=$HOME/.kube/config
     - echo $kube_config |base64 -d > $KUBECONFIG
     # Replace the image in the k8s.yaml file.
 ...
                                                                                                                                                                                              
-
                                                                                                                                                                                              
+
                                                                                                                                                                                            • If Docker cannot be executed, information similar to the following will display.
                                                                                                                                                                                              
+
                                                                                                                                                                                              The privileged: true parameter fails to be transferred during GitLab Runner installation. As a result, you do not have the permission to run the docker command. To resolve this issue, find GitLab Runner in the workload list on the CCE console, add the environment variable KUBERNETES_PRIVILEGED, and set its value to true.
                                                                                                                                                                                              
+
                                                                                                                                                                                              
+
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_bestpractice_0325.html b/docs/cce/umn/cce_bestpractice_0325.html
index 7dbfe27c4..1439446ad 100644
--- a/docs/cce/umn/cce_bestpractice_0325.html
+++ b/docs/cce/umn/cce_bestpractice_0325.html
@@ -1,15 +1,15 @@
 
 
 
                                                                                                                                                                                            Configuring Core Dumps
                                                                                                                                                                                            
-
                                                                                                                                                                                            Challenges
                                                                                                                                                                                            Linux allows you to create a core dump file if an application crashes, which contains the data the application had in memory at the time of the crash. You can analyze the file to locate the fault.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Application Scenarios
                                                                                                                                                                                            Linux allows you to create a core dump file if an application crashes, which contains the data the application had in memory at the time of the crash. You can analyze the file to locate the fault.
                                                                                                                                                                                            
 
                                                                                                                                                                                            Generally, when a service application crashes, its container exits and is reclaimed and destroyed. Therefore, container core files need to be permanently stored on the host or cloud storage. This topic describes how to configure container core dumps.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Notes and Constraints
                                                                                                                                                                                            When a container core dump is persistently stored to OBS (parallel file system or object bucket), the default mount option umask=0 is used. As a result, although the core dump file is generated, the core dump information cannot be written to the core file. 
                                                                                                                                                                                            
+
                                                                                                                                                                                            Constraints
                                                                                                                                                                                            When a container core dump is persistently stored to OBS (parallel file system or object bucket), the default mount option umask=0 is used. As a result, although the core dump file is generated, the core dump information cannot be written to the core file. 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Enabling Core Dump on a Node
                                                                                                                                                                                            Log in to the node, run the following command to enable core dump, and set the path and format for storing core files:
                                                                                                                                                                                            
 
                                                                                                                                                                                            echo "/tmp/cores/core.%h.%e.%p.%t" > /proc/sys/kernel/core_pattern
                                                                                                                                                                                            
-
                                                                                                                                                                                            %h, %e, %p, and %t are placeholders, which are described as follows:
                                                                                                                                                                                            
-
                                                                                                                                                                                            • %h: host name (or pod name). You are advised to configure this parameter.
                                                                                                                                                                                            • %e: program file name. You are advised to configure this parameter.
                                                                                                                                                                                            • %p: (optional) process ID.
                                                                                                                                                                                            • %t: (optional) time of the core dump.
                                                                                                                                                                                            
+
                                                                                                                                                                                            %h, %e, %p, and %t are placeholders, which are described as follows:
                                                                                                                                                                                            
+
                                                                                                                                                                                            • %h: hostname (or pod name). You are advised to configure this parameter.
                                                                                                                                                                                            • %e: program file name. You are advised to configure this parameter.
                                                                                                                                                                                            • %p: (optional) process ID.
                                                                                                                                                                                            • %t: (optional) time of the core dump.
                                                                                                                                                                                            
 
                                                                                                                                                                                            After the core dump function is enabled by running the preceding command, the generated core file is named in the format of core.{Host name}.{Program file name}.{Process ID}.{Time}.
                                                                                                                                                                                            
 
                                                                                                                                                                                            You can also configure a pre-installation or post-installation script to automatically run this command when creating a node.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_bestpractice_10000.html b/docs/cce/umn/cce_bestpractice_10000.html
index 1d7f2a2f6..b2efa44f5 100644
--- a/docs/cce/umn/cce_bestpractice_10000.html
+++ b/docs/cce/umn/cce_bestpractice_10000.html
@@ -11,7 +11,7 @@
 
 
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Parent topic: Best Practice
                                                                                                                                                                                            
+
                                                                                                                                                                                            Parent topic: Best Practice
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
diff --git a/docs/cce/umn/cce_bestpractice_10001.html b/docs/cce/umn/cce_bestpractice_10001.html
index e8a942030..7ac481246 100644
--- a/docs/cce/umn/cce_bestpractice_10001.html
+++ b/docs/cce/umn/cce_bestpractice_10001.html
@@ -1,15 +1,15 @@
 
 
 
                                                                                                                                                                                            Overview
                                                                                                                                                                                            
-
                                                                                                                                                                                            Challenges
                                                                                                                                                                                            When switching between old and new services, you may be challenged in ensuring the system service continuity. If a new service version is directly released to all users at a time, it can be risky because once an online accident or bug occurs, the impact on users is great. It could take a long time to fix the issue. Sometimes, the version has to be rolled back, which severely affects user experience.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Background
                                                                                                                                                                                            When switching between old and new services, you may be challenged in ensuring the system service continuity. If a new service version is directly released to all users at a time, it can be risky because once an online accident or bug occurs, the impact on users is great. It could take a long time to fix the issue. Sometimes, the version has to be rolled back, which severely affects user experience.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Solutions
                                                                                                                                                                                            Several release policies are developed for service upgrade: grayscale release, blue-green deployment, A/B testing, rolling upgrade, and batch suspension of release. Traffic loss or service unavailability caused by releases can be avoided as much as possible.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Solution
                                                                                                                                                                                            Several release policies are developed for service upgrade: grayscale release, blue-green deployment, A/B testing, rolling upgrade, and batch suspension of release. Traffic loss or service unavailability caused by releases can be avoided as much as possible.
                                                                                                                                                                                            
 
                                                                                                                                                                                            This document describes the principles and practices of grayscale release and blue-green deployment.
                                                                                                                                                                                            
 
                                                                                                                                                                                            • Grayscale release, also called canary release, is a smooth iteration mode for version upgrade. During the upgrade, some users use the new version, while other users continue to use the old version. After the new version is stable and ready, it gradually takes over all the live traffic. In this way, service risks brought by the release of the new version can be minimized, the impact of faults can be reduced, and quick rollback is supported.
                                                                                                                                                                                              The following figure shows the general process of grayscale release. First, divide 20% of all service traffic to the new version. If the service version runs normally, gradually increase the traffic proportion and continue to test the performance of the new version. If the new version is stable, switch all traffic to it and bring the old version offline.
                                                                                                                                                                                              
-
                                                                                                                                                                                              
+
                                                                                                                                                                                              
 
                                                                                                                                                                                              If an exception occurs in the new version when 20% of the traffic goes to the new version, you can quickly switch back to the old version.
                                                                                                                                                                                              
-
                                                                                                                                                                                              
-
                                                                                                                                                                                            • Blue-green deployment provides a zero-downtime, predictable manner for releasing applications to reduce service interruption during the release. A new version is deployed while the old version is retained. The two versions are online at the same time. The new and old versions work in hot backup mode. The route weight is switched (0 or 100) to enable different versions to go online or offline. If a problem occurs, the version can be quickly rolled back.
                                                                                                                                                                                              
+
                                                                                                                                                                                              
+
                                                                                                                                                                                            • Blue-green deployment provides a zero-downtime, predictable manner for releasing applications to reduce service interruption during the release. A new version is deployed while the old version is retained. The two versions are online at the same time. The new and old versions work in hot backup mode. The route weight is switched (0 or 100) to enable different versions to go online or offline. If a problem occurs, the version can be quickly rolled back.
                                                                                                                                                                                              
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_bestpractice_10002.html b/docs/cce/umn/cce_bestpractice_10002.html
index 6820913f1..c765f5196 100644
--- a/docs/cce/umn/cce_bestpractice_10002.html
+++ b/docs/cce/umn/cce_bestpractice_10002.html
@@ -1,14 +1,14 @@
 
 
 
                                                                                                                                                                                            Using Services to Implement Simple Grayscale Release and Blue-Green Deployment
                                                                                                                                                                                            
-
                                                                                                                                                                                            To implement grayscale release for a CCE cluster, you need to deploy other open-source tools, such as Nginx Ingress, to the cluster or deploy services to a service mesh. These solutions are difficult to implement. If your grayscale release requirements are simple and you do not want to introduce too many plug-ins or complex configurations, you can refer to this section to implement simple grayscale release and blue-green deployment based on native Kubernetes features.
                                                                                                                                                                                            
+
                                                                                                                                                                                            To implement grayscale release for a CCE cluster, deploy other open-source tools, such as Nginx Ingress, to the cluster or deploy services to a service mesh. These solutions are difficult to implement. If your grayscale release requirements are simple and you do not want to introduce too many plug-ins or complex configurations, you can refer to this section to implement simple grayscale release and blue-green deployment based on native Kubernetes features.
                                                                                                                                                                                            
 
                                                                                                                                                                                            Principles
                                                                                                                                                                                            Users usually use Kubernetes objects such as Deployments and StatefulSets to deploy services. Each workload manages a group of pods. The following figure uses Deployment as an example.
                                                                                                                                                                                            
-
                                                                                                                                                                                            
+
                                                                                                                                                                                            
 
                                                                                                                                                                                            Generally, a Service is created for each workload. The Service uses the selector to match the backend pod. Other Services or objects outside the cluster can access the pods backing the Service. If a pod needs to be exposed, set the Service type to LoadBalancer. The ELB load balancer functions as the traffic entrance.
                                                                                                                                                                                            
 
                                                                                                                                                                                            • Grayscale release principles
                                                                                                                                                                                              Take a Deployment as an example. A Service, in most cases, will be created for each Deployment. However, Kubernetes does not require that Services and Deployments correspond to each other. A Service uses a selector to match backend pods. If pods of different Deployments are selected by the same selector, a Service corresponds to multiple versions of Deployments. You can adjust the number of replicas of Deployments of different versions to adjust the weights of services of different versions to achieve grayscale release. The following figure shows the process:
                                                                                                                                                                                              
-
                                                                                                                                                                                              
+
                                                                                                                                                                                              
 
                                                                                                                                                                                            • Blue-green deployment principles
                                                                                                                                                                                              Take a Deployment as an example. Two Deployments of different versions have been deployed in the cluster, and their pods are labeled with the same key but different values to distinguish versions. A Service uses the selector to select the pod of a Deployment of a version. In this case, you can change the value of the label that determines the version in the Service selector to change the pod backing the Service. In this way, you can directly switch the service traffic from one version to another. The following figure shows the process:
                                                                                                                                                                                              
-
                                                                                                                                                                                              
+
                                                                                                                                                                                              
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Prerequisites
                                                                                                                                                                                            The Nginx image has been uploaded to SWR. The Nginx images have two versions: v1 and v2. The welcome pages are Nginx-v1 and Nginx-v2.
                                                                                                                                                                                            
@@ -91,9 +91,9 @@ spec:
   selector:             # The selector does not contain version information.
     app: nginx
    type: LoadBalancer   # Service type (LoadBalancer)
-
                                                                                                                                                                                          6. Run the following command to test the access:
                                                                                                                                                                                            for i in {1..10}; do curl <EXTERNAL_IP>; done;
                                                                                                                                                                                            
-
                                                                                                                                                                                            <EXTERNAL_IP> indicates the IP address of the ELB load balancer.
                                                                                                                                                                                            
-
                                                                                                                                                                                            The command output is as follows. Half of the responses are from the Deployment of version v1, and the other half are from version v2.
                                                                                                                                                                                            
+
                                                                                                                                                                                          7. Run the following command to test the access:
                                                                                                                                                                                            for i in {1..10}; do curl <EXTERNAL_IP>; done;
                                                                                                                                                                                            
+
                                                                                                                                                                                            <EXTERNAL_IP> indicates the IP address of the ELB load balancer.
                                                                                                                                                                                            
+
                                                                                                                                                                                            The command output is as follows (Half of the responses are from the Deployment of version v1, and the other half are from version v2):
                                                                                                                                                                                            
 
                                                                                                                                                                                            Nginx-v2
 Nginx-v1
 Nginx-v1
@@ -106,8 +106,8 @@ Nginx-v2
 Nginx-v2
                                                                                                                                                                                            
 
                                                                                                                                                                                          8. Use the console or kubectl to adjust the number of replicas of the Deployments. Change the number of replicas to 4 for v1 and 1 for v2.
                                                                                                                                                                                            kubectl scale deployment/nginx-v1 --replicas=4
                                                                                                                                                                                            
 
                                                                                                                                                                                            kubectl scale deployment/nginx-v2 --replicas=1
                                                                                                                                                                                            
-
                                                                                                                                                                                          9. Run the following command to test the access again:
                                                                                                                                                                                            for i in {1..10}; do curl <EXTERNAL_IP>; done;
                                                                                                                                                                                            
-
                                                                                                                                                                                            <EXTERNAL_IP> indicates the IP address of the ELB load balancer.
                                                                                                                                                                                            
+
                                                                                                                                                                                          10. Run the following command to test the access again:
                                                                                                                                                                                            for i in {1..10}; do curl <EXTERNAL_IP>; done;
                                                                                                                                                                                            
+
                                                                                                                                                                                            <EXTERNAL_IP> indicates the IP address of the ELB load balancer.
                                                                                                                                                                                            
 
                                                                                                                                                                                            In the command output, among the 10 access requests, only two responses are from the v2 version. The response ratio of the v1 and v2 versions is the same as the ratio of the number of replicas of the v1 and v2 versions, that is, 4:1. Grayscale release is implemented by controlling the number of replicas of services of different versions.
                                                                                                                                                                                            
 
                                                                                                                                                                                            Nginx-v1
 Nginx-v1
@@ -139,8 +139,8 @@ spec:
     app: nginx
     version: v1
   type: LoadBalancer    # Service type (LoadBalancer)
                                                                                                                                                                                            
-
                                                                                                                                                                                          11. Run the following command to test the access:
                                                                                                                                                                                            for i in {1..10}; do curl <EXTERNAL_IP>; done;
                                                                                                                                                                                            
-
                                                                                                                                                                                            <EXTERNAL_IP> indicates the IP address of the ELB load balancer.
                                                                                                                                                                                            
+
                                                                                                                                                                                          12. Run the following command to test the access:
                                                                                                                                                                                            for i in {1..10}; do curl <EXTERNAL_IP>; done;
                                                                                                                                                                                            
+
                                                                                                                                                                                            <EXTERNAL_IP> indicates the IP address of the ELB load balancer.
                                                                                                                                                                                            
 
                                                                                                                                                                                            The command output is as follows (all responses are from the v1 version):
                                                                                                                                                                                            
 
                                                                                                                                                                                            Nginx-v1
 Nginx-v1
@@ -153,8 +153,8 @@ Nginx-v1
 Nginx-v1
 Nginx-v1
                                                                                                                                                                                            
 
                                                                                                                                                                                          13. Use the console or kubectl to modify the selector of the Service so that the v2 version is selected.
                                                                                                                                                                                            kubectl patch service nginx -p '{"spec":{"selector":{"version":"v2"}}}'
                                                                                                                                                                                            
-
                                                                                                                                                                                          14. Run the following command to test the access again:
                                                                                                                                                                                            for i in {1..10}; do curl <EXTERNAL_IP>; done;
                                                                                                                                                                                            
-
                                                                                                                                                                                            <EXTERNAL_IP> indicates the IP address of the ELB load balancer.
                                                                                                                                                                                            
+
                                                                                                                                                                                          15. Run the following command to test the access again:
                                                                                                                                                                                            for i in {1..10}; do curl <EXTERNAL_IP>; done;
                                                                                                                                                                                            
+
                                                                                                                                                                                            <EXTERNAL_IP> indicates the IP address of the ELB load balancer.
                                                                                                                                                                                            
 
                                                                                                                                                                                            The returned results show that are all responses are from the v2 version. The blue-green deployment is successfully implemented.
                                                                                                                                                                                            
 
                                                                                                                                                                                            Nginx-v2
 Nginx-v2
diff --git a/docs/cce/umn/cce_bestpractice_10008.html b/docs/cce/umn/cce_bestpractice_10008.html
index c6c448888..228d6d430 100644
--- a/docs/cce/umn/cce_bestpractice_10008.html
+++ b/docs/cce/umn/cce_bestpractice_10008.html
@@ -10,7 +10,7 @@
 
 
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Parent topic: Best Practice
                                                                                                                                                                                            
+
                                                                                                                                                                                            Parent topic: Best Practice
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            16. 
 
diff --git a/docs/cce/umn/cce_bestpractice_10009.html b/docs/cce/umn/cce_bestpractice_10009.html
index 79fde1f90..3cc344d4e 100644
--- a/docs/cce/umn/cce_bestpractice_10009.html
+++ b/docs/cce/umn/cce_bestpractice_10009.html
@@ -1,14 +1,14 @@
 
 
 
                                                                                                                                                                                            Using Prometheus for Multi-cluster Monitoring
                                                                                                                                                                                            
-
                                                                                                                                                                                            Scenario
                                                                                                                                                                                            Generally, a user has different clusters for different purposes, such as production, testing, and development. To monitor, collect, and view metrics of these clusters, you can deploy a set of Prometheus.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Application Scenarios
                                                                                                                                                                                            Generally, a user has different clusters for different purposes, such as production, testing, and development. To monitor, collect, and view metrics of these clusters, you can deploy a set of Prometheus.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Solution Architecture
                                                                                                                                                                                            Multiple clusters are connected to the same Prometheus monitoring system, as shown in the following figure. This reduces maintenance and resource costs and facilitates monitoring information aggregation.
                                                                                                                                                                                            
-
                                                                                                                                                                                            
+
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Prerequisites
                                                                                                                                                                                            • The target cluster has been created.
                                                                                                                                                                                            • Prometheus is properly connected to the target cluster.
                                                                                                                                                                                            • Prometheus has been installed on a Linux host using a binary file. For details, see Installation.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Prerequisites
                                                                                                                                                                                            • The target cluster has been created.
                                                                                                                                                                                            • Prometheus has been properly connected to the target cluster.
                                                                                                                                                                                            • Prometheus has been installed on a Linux host using a binary file. For details, see Installation.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Procedure
                                                                                                                                                                                            1. Obtain the bear_token information of the target cluster.
                                                                                                                                                                                              1. Create the RBAC permission in the target cluster.
                                                                                                                                                                                                Log in to the background node of the target cluster and create the prometheus_rbac.yaml file.
                                                                                                                                                                                                apiVersion: v1
+
                                                                                                                                                                                                Procedure
                                                                                                                                                                                                1. Obtain the bearer_token information of the target cluster.
                                                                                                                                                                                                  1. Create the RBAC permission in the target cluster.
                                                                                                                                                                                                    Log in to the background node of the target cluster and create the prometheus_rbac.yaml file.
                                                                                                                                                                                                    apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: prometheus-test
@@ -67,19 +67,19 @@ subjects:
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Run the following command to create the RBAC permission:
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    kubectl apply -f prometheus_rbac.yaml
                                                                                                                                                                                                    
-
                                                                                                                                                                                                  2. Obtain the bearer_token information of the target cluster.
                                                                                                                                                                                                     
                                                                                                                                                                                                    • In clusters earlier than v1.21, a token is obtained by mounting the secret of the service account to a pod. Tokens obtained this way are permanent. This approach is no longer recommended starting from version 1.21. Service accounts will stop auto creating secrets in clusters from version 1.25.
                                                                                                                                                                                                      In clusters of version 1.21 or later, you can use the TokenRequest API to obtain the token and use the projected volume to mount the token to the pod. Such tokens are valid for a fixed period. When the mounting pod is deleted, the token automatically becomes invalid. .
                                                                                                                                                                                                      
-
                                                                                                                                                                                                    • If you need a token that never expires, you can also manually manage secrets for service accounts. Although a permanent service account token can be manually created, you are advised to use a short-lived token by calling the TokenRequest API for higher security.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  3. Obtain the bearer_token information of the target cluster.
                                                                                                                                                                                                     
                                                                                                                                                                                                    • In clusters earlier than v1.21, a token is obtained by mounting the secret of the service account to a pod. Tokens obtained this way are permanent. This approach is no longer recommended starting from version 1.21. Service accounts will stop auto creating secrets in clusters from version 1.25.
                                                                                                                                                                                                      In clusters of version 1.21 or later, you can use the TokenRequest API to obtain the token and use the projected volume to mount the token to the pod. Such tokens are valid for a fixed period. When the mounting pod is deleted, the token automatically becomes invalid. 
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    • If you need a token that never expires, you can also manually manage secrets for service accounts. Although a permanent service account token can be manually created, you are advised to use a short-lived token by calling the TokenRequest API for higher security.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Obtain the serviceaccount information.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    kubectl describe sa prometheus-test -n kube-system
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    kubectl describe secret prometheus-test-token-hdhkg -n kube-system
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Record the token value, which is the bearer_token information to be collected.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                2. Configure bearer_token information.
                                                                                                                                                                                                  Log in to the host where Prometheus is located, go to the Prometheus installation directory, and save the token information of the target cluster in a file.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                3. Configure Prometheus to monitor jobs.
                                                                                                                                                                                                  The example job monitors container metrics. If you need to monitor other metrics, you can add jobs and compile capture rules.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                4. Configure a Prometheus monitoring job.
                                                                                                                                                                                                  The example job monitors container metrics. To monitor other metrics, you can add jobs and compile capture rules.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                    - job_name: k8s_cAdvisor
     scheme: https
     bearer_token_file: k8s_token # Token file in the previous step.
@@ -88,21 +88,21 @@ subjects:
     kubernetes_sd_configs:  # kubernetes automatic discovery configuration
     - role: node    # Automatic discovery of the node type
       bearer_token_file: k8s_token # Token file in the previous step
-      api_server: https://192.168.0.153:5443  # The API server address of the Kubernetes cluster
+      api_server: https://192.168.0.153:5443  # API server address of the Kubernetes cluster
       tls_config:
         insecure_skip_verify: true   # Skip the authentication on the server.
     relabel_configs:  ## Modify the existing label of the target cluster before capturing metrics.
     - target_label: __address__
       replacement: 192.168.0.153:5443
       action: replace
-      ## Convert metrics_path to /api/v1/nodes/${1}/proxy/metrics/cadvisor.
-      # Obtain data from kubelet using the API Server proxy.
+      ## Convert metrics_path to /api/v1/nodes/${1}/proxy/metrics/cadvisor.
+      # Obtain data from kubelet using the API server proxy.
     - source_labels: [__meta_kubernetes_node_name]   # Specifies the source label to be processed.
-      regex: (.+)    # Match the value of the source label. (.+) indicates that any value of the source label can be matched.
-      target_label: __metrics_path__     # specifies the label to be replaced.
-      replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor  # indicates the new label, that is, the value of __metrics_path__. ${1} indicates the value that matches the regular expression, that is, node name.
+      regex: (.+)    # Matched value of the source label. (.+) indicates that any value of the source label can be matched.
+      target_label: __metrics_path__     # Specifies the label to be replaced.
+      replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor  # Indicates the new label, that is, the value of __metrics_path__. ${1} indicates the value that matches the regular expression, that is, node name.
     - target_label: cluster
-      replacement: xxxxx   ## (Optional) Enter the cluster information based on the actual situation.
+      replacement: xxxxx   ## (Optional) Enter the cluster information.
 
 ### The following job monitors another cluster.
   - job_name: k8s02_cAdvisor
@@ -113,7 +113,7 @@ subjects:
     kubernetes_sd_configs: 
     - role: node    
       bearer_token_file: k8s02_token # Token file in the previous step
-      api_server: https://192.168.0.147:5443  # API Server address of the Kubernetes cluster
+      api_server: https://192.168.0.147:5443  # API server address of the Kubernetes cluster
       tls_config:
         insecure_skip_verify: true   # Skip the authentication on the server.
     relabel_configs:  ## Modify the existing label of the target cluster before capturing metrics.
@@ -127,11 +127,11 @@ subjects:
       replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
 
     - target_label: cluster
-      replacement: xxxx    ## (Optional) Enter the cluster information based on the actual situation.
                                                                                                                                                                                                  
+      replacement: xxxx    ## (Optional) Enter the cluster information.
                                                                                                                                                                                                
 
                                                                                                                                                                                              2. Enable Prometheus.
                                                                                                                                                                                                After the configuration, enable Prometheus.
                                                                                                                                                                                                
 
                                                                                                                                                                                                ./prometheus --config.file=prometheus.yml
                                                                                                                                                                                                
-
                                                                                                                                                                                              3. Log in to Prometheus and view the monitoring information.
                                                                                                                                                                                                
-
                                                                                                                                                                                                
+
                                                                                                                                                                                              4. Log in to Prometheus and view the monitoring information.
                                                                                                                                                                                                
+
                                                                                                                                                                                                
 
                                                                                                                                                                                              
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_bestpractice_10010.html b/docs/cce/umn/cce_bestpractice_10010.html
new file mode 100644
index 000000000..b18a3549c
--- /dev/null
+++ b/docs/cce/umn/cce_bestpractice_10010.html
@@ -0,0 +1,117 @@
+
+
+
                                                                                                                                                                                            Pre-Binding Container ENI for CCE Turbo Clusters
                                                                                                                                                                                            
+
                                                                                                                                                                                            In the Cloud Native Network 2.0 model, each pod is allocated an ENI or a sub-ENI (called container ENI). The speed of ENI creation and binding is slower than that of pod scaling, severely affecting the container startup speed in large-scale batch creation. Therefore, the Cloud Native Network 2.0 model provides the dynamic pre-binding of container ENIs to accelerate pod startup while improving IP resource utilization.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Constraints
                                                                                                                                                                                            • CCE Turbo clusters of 1.19.16-r4, 1.21.7-r0, 1.23.5-r0, 1.25.1-r0 or later support ENI pre-binding, global configuration at the cluster level, and custom settings at the node pool level. Custom settings of nodes out of a node pools is not supported.
                                                                                                                                                                                            • CCE Turbo clusters of 1.19.16-r2, 1.21.5-r0, 1.23.3-r0 to 1.19.16-r4, 1.21.7-r0, 1.23.5-r0 only support two parameters, nic-minimum-target and nic-warm-target, and do not support custom settings at the node pool level.
                                                                                                                                                                                            • Modify the dynamic pre-binding parameters using the console or API instead of the node annotations in the background. Otherwise, the modified annotations will be overwritten by the original values after the cluster is upgraded.
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
                                                                                                                                                                                            How It Works
                                                                                                                                                                                            CCE Turbo provides four dynamic pre-binding parameters for container ENIs. You can properly configure the parameters based on your service requirements. (The node pool-level dynamic ENI pre-binding parameters take priority over the cluster-level dynamic ENI pre-binding parameters.)
                                                                                                                                                                                            
+
+
                                                                                                                                                                                            Table 1 CCE cluster planning
                                                                                                                                                                                            Resource
                                                                                                                                                                                            
 
                                                                                                                                                                                            Key Performance Parameter
                                                                                                                                                                                            
+
                                                                                                                                                                                            Key Performance Parameter
                                                                                                                                                                                            
 
                                                                                                                                                                                            Description
                                                                                                                                                                                            
+
                                                                                                                                                                                            Description
                                                                                                                                                                                            
 
                                                                                                                                                                                            Example Value
                                                                                                                                                                                            
+
                                                                                                                                                                                            Example Value
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Cluster
                                                                                                                                                                                            
+
                                                                                                                                                                                            Cluster
                                                                                                                                                                                            
 
                                                                                                                                                                                            *Cluster Type
                                                                                                                                                                                            
+
                                                                                                                                                                                            *Cluster Type
                                                                                                                                                                                            
 
                                                                                                                                                                                            • CCE cluster: supports VM nodes. You can run your containers in a secure and stable container runtime environment based on a high-performance network model.
                                                                                                                                                                                            • CCE Turbo cluster: runs on a cloud native infrastructure that features software-hardware synergy to support passthrough networking, high security and reliability, and intelligent scheduling, and BMS nodes.
                                                                                                                                                                                            
+
                                                                                                                                                                                            • CCE cluster: supports VM nodes. You can run your containers in a secure and stable container runtime environment based on a high-performance network model.
                                                                                                                                                                                            • CCE Turbo cluster: runs on a cloud native infrastructure that features software-hardware synergy to support passthrough networking, high security and reliability, and intelligent scheduling, and BMS nodes.
                                                                                                                                                                                            
 
                                                                                                                                                                                            CCE cluster
                                                                                                                                                                                            
+
                                                                                                                                                                                            CCE cluster
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            *Network Model
                                                                                                                                                                                            
@@ -38,13 +38,13 @@
 
                                                                                                                                                                                            3
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            Node
                                                                                                                                                                                            
+
                                                                                                                                                                                            Node
                                                                                                                                                                                            
 
                                                                                                                                                                                            OS
                                                                                                                                                                                            
+
                                                                                                                                                                                            OS
                                                                                                                                                                                            
 
                                                                                                                                                                                            • EulerOS
                                                                                                                                                                                            • CentOS
                                                                                                                                                                                            
+
                                                                                                                                                                                            • EulerOS
                                                                                                                                                                                            • CentOS
                                                                                                                                                                                            
 
                                                                                                                                                                                            EulerOS
                                                                                                                                                                                            
+
                                                                                                                                                                                            EulerOS
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Node Specifications (vary depending on the actual region)
                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_bestpractice_0309.html b/docs/cce/umn/cce_bestpractice_0309.html
index 794acd719..4c9679956 100644
--- a/docs/cce/umn/cce_bestpractice_0309.html
+++ b/docs/cce/umn/cce_bestpractice_0309.html
@@ -3,18 +3,18 @@
 
                                                                                                                                                                                            Migrating Resources Outside a Cluster
                                                                                                                                                                                            
 
                                                                                                                                                                                            If your migration does not involve resources outside a cluster listed in Table 1 or you do not need to use other services to update resources after the migration, skip this section.
                                                                                                                                                                                            
 
                                                                                                                                                                                            Migrating Container Images
                                                                                                                                                                                            To ensure that container images can be properly pulled after cluster migration and improve container deployment efficiency, you are advised to migrate private images to SoftWare Repository for Container (SWR). CCE works with SWR to provide a pipeline for automated container delivery. Images are pulled in parallel, which greatly improves container delivery efficiency.
                                                                                                                                                                                            
-
                                                                                                                                                                                            You need to manually migrate container images.
                                                                                                                                                                                            
-
                                                                                                                                                                                            1. Remotely log in to any node in the source cluster and run the docker pull command to pull all images to the local host.
                                                                                                                                                                                            2. Log in to the SWR console, click Login Command in the upper right corner of the page, and copy the command.
                                                                                                                                                                                            3. Run the copied login command on the node.
                                                                                                                                                                                              The message "Login Succeeded" will be displayed upon a successful login.
                                                                                                                                                                                              
+
                                                                                                                                                                                              Manually migrate container images.
                                                                                                                                                                                              
+
                                                                                                                                                                                              1. Remotely log in to any node in the source cluster and run the docker pull command to pull all images to the local host.
                                                                                                                                                                                              2. Log in to the SWR console, click Login Command in the upper right corner of the page, and copy the command.
                                                                                                                                                                                              3. Run the copied login command on the node.
                                                                                                                                                                                                The message "Login Succeeded" will be displayed upon a successful login.
                                                                                                                                                                                                
 
                                                                                                                                                                                              4. Add tags to all local images.
                                                                                                                                                                                                docker tag [Image name 1:tag 1] [Image repository address]/[Organization name]/[Image name 2:tag 2]
                                                                                                                                                                                                
-
                                                                                                                                                                                                • [Image name 1:tag 1]: name and tag of the local image to be pulled.
                                                                                                                                                                                                • [Image repository address]: You can query the image repository address on the SWR console.
                                                                                                                                                                                                • [Organization name]: Enter the name of the organization you created on the SWR console.
                                                                                                                                                                                                • [Image name 2:tag 2]: image name and tag displayed on the SWR console.
                                                                                                                                                                                                
-
                                                                                                                                                                                                Example
                                                                                                                                                                                                
+
                                                                                                                                                                                                • [Image name 1:tag 1]: name and tag of the local image to be pulled.
                                                                                                                                                                                                • [Image repository address]: You can obtain the image repository address on the SWR console.
                                                                                                                                                                                                • [Organization name]: Enter the name of the organization you created on the SWR console.
                                                                                                                                                                                                • [Image name 2:tag 2]: image name and tag displayed on the SWR console.
                                                                                                                                                                                                
+
                                                                                                                                                                                                The following is an example:
                                                                                                                                                                                                
 
                                                                                                                                                                                                docker tag nginx:v1 swr.eu-de.otc.t-systems.com/cloud-develop/mynginx:v1
                                                                                                                                                                                                
-
                                                                                                                                                                                              5. Run the docker push command to upload all local container image files to SWR.
                                                                                                                                                                                                docker push [Image repository address]/[Organization name]/[Image name 2:tag 2]
                                                                                                                                                                                                
-
                                                                                                                                                                                                Example
                                                                                                                                                                                                
+
                                                                                                                                                                                              6. Run the docker push command to upload all local container image files to SWR.
                                                                                                                                                                                                docker push [Image repository address]/[Organization name]/[Image name 2:tag 2]
                                                                                                                                                                                                
+
                                                                                                                                                                                                The following is an example:
                                                                                                                                                                                                
 
                                                                                                                                                                                                docker push swr.eu-de.otc.t-systems.com/cloud-develop/mynginx:v1
                                                                                                                                                                                                
 
                                                                                                                                                                                              
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Migrating Databases and Storage (On-Demand)
                                                                                                                                                                                            You can determine whether to use Relational Database Service (RDS) and Object Storage Service (OBS) based on your production requirements. After the migration is complete, you need to reconfigure the database and storage for applications in the target CCE cluster.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Migrating Databases and Storage (On-Demand)
                                                                                                                                                                                            You can determine whether to use Relational Database Service (RDS) and Object Storage Service (OBS) based on your production requirements. After the migration is complete, reconfigure the database and storage for applications in the target CCE cluster.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            
diff --git a/docs/cce/umn/cce_bestpractice_0310.html b/docs/cce/umn/cce_bestpractice_0310.html
index 5e51485fc..9da3f65e6 100644
--- a/docs/cce/umn/cce_bestpractice_0310.html
+++ b/docs/cce/umn/cce_bestpractice_0310.html
@@ -2,8 +2,8 @@
 
 
                                                                                                                                                                                            Installing the Migration Tool
                                                                                                                                                                                            
 
                                                                                                                                                                                            Velero is an open-source backup and migration tool for Kubernetes clusters. It integrates the persistent volume (PV) data backup capability of the Restic tool and can be used to back up Kubernetes resource objects (such as Deployments, jobs, Services, and ConfigMaps) in the source cluster. Data in the PV mounted to the pod is backed up and uploaded to the object storage. When a disaster occurs or migration is required, the target cluster can use Velero to obtain the corresponding backup data from OBS and restore cluster resources as required.
                                                                                                                                                                                            
-
                                                                                                                                                                                            According to Migration Solution, you need to prepare temporary object storage to store backup files before the migration. Velero supports OSB or MinIO as the object storage. OBS requires sufficient storage space for storing backup files. You can estimate the storage space based on your cluster scale and data volume. You are advised to use OBS for backup. For details about how to deploy Velero, see Installing Velero.
                                                                                                                                                                                            
-
                                                                                                                                                                                            Prerequisites
                                                                                                                                                                                            • The Kubernetes version of the source on-premises cluster must be 1.10 or later, and the cluster can use DNS and Internet services properly.
                                                                                                                                                                                            • If you use OBS to store backup files, you need to obtain the AK/SK of a user who has the right to operate OBS. For details, see Obtaining Access Keys (AK/SK).
                                                                                                                                                                                            • If you use MinIO to store backup files, bind an EIP to the server where MinIO is installed and enable the API and console port of MinIO in the security group.
                                                                                                                                                                                            • The target CCE cluster has been created.
                                                                                                                                                                                            • The source cluster and target cluster must each have at least one idle node. It is recommended that the node specifications be 4 vCPUs and 8 GB memory or higher.
                                                                                                                                                                                            
+
                                                                                                                                                                                            According to Migration Solution, prepare temporary object storage to store backup files before the migration. Velero supports OSB or MinIO as the object storage. OBS requires sufficient storage space for storing backup files. You can estimate the storage space based on your cluster scale and data volume. You are advised to use OBS for backup. For details about how to deploy Velero, see Installing Velero.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Prerequisites
                                                                                                                                                                                            • The Kubernetes version of the source on-premises cluster must be 1.10 or later, and the cluster can use DNS and Internet services properly.
                                                                                                                                                                                            • If you use OBS to store backup files, obtain the AK/SK of a user who has the right to operate OBS. For details, see Access Keys.
                                                                                                                                                                                            • If you use MinIO to store backup files, bind an EIP to the server where MinIO is installed and enable the API and console port of MinIO in the security group.
                                                                                                                                                                                            • The target CCE cluster has been created.
                                                                                                                                                                                            • The source cluster and target cluster must each have at least one idle node. It is recommended that the node specifications be 4 vCPUs and 8 GiB memory or higher.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Installing MinIO
                                                                                                                                                                                            MinIO is an open-source, high-performance object storage tool compatible with the S3 API protocol. If MinIO is used to store backup files for cluster migration, you need a temporary server to deploy MinIO and provide services for external systems. If you use OBS to store backup files, skip this section and go to Installing Velero.
                                                                                                                                                                                            
 
                                                                                                                                                                                            MinIO can be installed in any of the following locations:
                                                                                                                                                                                            
@@ -30,7 +30,7 @@ export MINIO_ROOT_PASSWORD=minio123
 
                                                                                                                                                                                          16. Use a browser to access http://{EIP of the node where MinIO resides}:30840. The MinIO console page is displayed.
                                                                                                                                                                                            17. 
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Installing Velero
                                                                                                                                                                                            Go to the OBS console or MinIO console and create a bucket named velero to store backup files. You can custom the bucket name, which must be used when installing Velero. Otherwise, the bucket cannot be accessed and the backup fails. For details, see 4.
                                                                                                                                                                                            
-
                                                                                                                                                                                             
                                                                                                                                                                                            • Velero instances need to be installed and deployed in both the source and target clusters. The installation procedures are the same, which are used for backup and restoration, respectively.
                                                                                                                                                                                            • The master node of a CCE cluster does not provide a port for remote login. You can install Velero using kubectl.
                                                                                                                                                                                            • If there are a large number of resources to back up, you are advised to adjust the CPU and memory resources of Velero and Restic to 1 vCPU and 1 GB memory or higher. For details, see Backup Tool Resources Are Insufficient.
                                                                                                                                                                                            • The object storage bucket for storing backup files must be empty.
                                                                                                                                                                                            
+
                                                                                                                                                                                             
                                                                                                                                                                                            • Velero instances need to be installed and deployed in both the source and target clusters. The installation procedures are the same, which are used for backup and restoration, respectively.
                                                                                                                                                                                            • The master node of a CCE cluster does not provide a port for remote login. You can install Velero using kubectl.
                                                                                                                                                                                            • If there are a large number of resources to back up, you are advised to adjust the CPU and memory resources of Velero and Restic to 1 vCPU and 1 GiB memory or higher. For details, see Backup Tool Resources Are Insufficient.
                                                                                                                                                                                            • The object storage bucket for storing backup files must be empty.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Download the latest, stable binary file from https://github.com/vmware-tanzu/velero/releases. This section uses Velero 1.7.0 as an example. The installation process in the source cluster is the same as that in the target cluster.
                                                                                                                                                                                            
 
                                                                                                                                                                                            1. Download the binary file of Velero 1.7.0.
                                                                                                                                                                                              wget https://github.com/vmware-tanzu/velero/releases/download/v1.7.0/velero-v1.7.0-linux-amd64.tar.gz
                                                                                                                                                                                              
@@ -105,7 +105,7 @@ aws_secret_access_key = {SK}
 
                                                                                                                                                                                            s3Url
                                                                                                                                                                                            
                                                                                                                                                                                             		
 
                                                                                                                                                                                            API access address of the object storage bucket.
                                                                                                                                                                                            
-
                                                                                                                                                                                            • If OBS is used, set this parameter to http://obs.{region}.otc.t-systems.com (region indicates the region where the object storage bucket is located). For example, if the region is eu-de, the parameter value is http://obs.eu-de.otc.t-systems.com.
                                                                                                                                                                                            • If MinIO is used, set this parameter to http://{EIP of the node where minio is located}:9000. The value of this parameter is determined based on the IP address and port of the node where MinIO is installed.
                                                                                                                                                                                               NOTE: 
                                                                                                                                                                                              • The access port in s3Url must be set to the API port of MinIO instead of the console port. The default API port of MinIO is 9000.
                                                                                                                                                                                              • To access MinIO installed outside the cluster, you need to enter the public IP address of MinIO.
                                                                                                                                                                                              
+
                                                                                                                                                                                              • If OBS is used, set this parameter to http://obs.{region}.otc.t-systems.com (region indicates the region where the object storage bucket is located). For example, if the region is eu-de, the parameter value is http://obs.eu-de.otc.t-systems.com.
                                                                                                                                                                                              • If MinIO is used, set this parameter to http://{EIP of the node where minio is located}:9000. The value of this parameter is determined based on the IP address and port of the node where MinIO is installed.
                                                                                                                                                                                                 NOTE: 
                                                                                                                                                                                                • The access port in s3Url must be set to the API port of MinIO instead of the console port. The default API port of MinIO is 9000.
                                                                                                                                                                                                • To access MinIO installed outside the cluster, enter the public IP address of MinIO.
                                                                                                                                                                                                
 
                                                                                                                                                                                                
 
                                                                                                                                                                                              
 
                                                                                                                                                                                            		
 
 
                                                                                                                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                            Table 1 Parameters of the dynamic ENI pre-binding policy
                                                                                                                                                                                            Parameter
                                                                                                                                                                                            
+
                                                                                                                                                                                            Default Value
                                                                                                                                                                                            
+
                                                                                                                                                                                            Description
                                                                                                                                                                                            
+
                                                                                                                                                                                            Suggestion
                                                                                                                                                                                            
+
                                                                                                                                                                                            nic-minimum-target
                                                                                                                                                                                            
+
                                                                                                                                                                                            10
                                                                                                                                                                                            
+
                                                                                                                                                                                            Minimum number of ENIs bound to a node. The value can be a number or a percentage.
                                                                                                                                                                                            
+
                                                                                                                                                                                            • Value: The value must be a positive integer. For example, 10 indicates that at least 10 ENIs are bound to a node. If the ENI quota of a node is exceeded, the ENI quota is used.
                                                                                                                                                                                            • Percentage: The value ranges from 1% to 100%. For example, 10%. If the ENI quota of a node is 128, at least 12 (rounded down) ENIs are bound to the node.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Set both nic-minimum-target and nic-maximum-target to the same value or percentage.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Set these parameters based on the number of pods.
                                                                                                                                                                                            
+
                                                                                                                                                                                            nic-maximum-target
                                                                                                                                                                                            
+
                                                                                                                                                                                            0
                                                                                                                                                                                            
+
                                                                                                                                                                                            If the number of ENIs bound to a node exceeds the value of nic-maximum-target, the system does not proactively pre-bind NICs.
                                                                                                                                                                                            
+
                                                                                                                                                                                            If the value of this parameter is greater than or equal to the value of nic-minimum-target, the check on the maximum number of the pre-bound ENIs is enabled. Otherwise, the check is disabled. The value can be a number or a percentage.
                                                                                                                                                                                            
+
                                                                                                                                                                                            • Value: The value must be a positive integer. For example, 0. The check on the maximum number of the pre-bound ENIs is disabled. If the ENI quota of a node is exceeded, the ENI quota is used.
                                                                                                                                                                                            • Percentage: The value ranges from 1% to 100%. For example, 50%. If the ENI quota of a node is 128, the maximum number of the pre-bound ENI is 64 (rounded down).
                                                                                                                                                                                            
+
                                                                                                                                                                                            Set both nic-minimum-target and nic-maximum-target to the same value or percentage.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Set these parameters based on the number of pods.
                                                                                                                                                                                            
+
                                                                                                                                                                                            nic-warm-target
                                                                                                                                                                                            
+
                                                                                                                                                                                            2
                                                                                                                                                                                            
+
                                                                                                                                                                                            Extra ENIs will be pre-bound after the nic-minimum-target is used up in a pod. The value can only be a number.
                                                                                                                                                                                            
+
                                                                                                                                                                                            When the value of nic-warm-target + the number of bound ENIs is greater than the value of nic-maximum-target, the system will pre-bind ENIs based on the difference between the value of nic-maximum-target and the number of bound ENIs.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Set this parameter to the number of pods that can be scaled out instantaneously within 10 seconds.
                                                                                                                                                                                            
+
                                                                                                                                                                                            nic-max-above-warm-target
                                                                                                                                                                                            
+
                                                                                                                                                                                            2
                                                                                                                                                                                            
+
                                                                                                                                                                                            Only when the number of idle ENIs on a node minus the value of nic-warm-target is greater than the threshold, the pre-bound ENIs will be unbound and reclaimed. The value can only be a number.
                                                                                                                                                                                            
+
                                                                                                                                                                                            • Setting a larger value of this parameter slows down the recycling of idle ENIs and accelerates pod startup. However, the IP address usage decreases, especially when IP addresses are insufficient. Therefore, exercise caution when increasing the value of this parameter.
                                                                                                                                                                                            • Setting a smaller value of this parameter accelerates the recycling of idle ENIs and improves the IP address usage. However, when a large number of pods increase instantaneously, the startup of some pods slows down.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Set this parameter based on the difference between the number of pods that are frequently scaled on most nodes within minutes and the number of pods that are instantly scaled out on most nodes within 10 seconds.
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
+
                                                                                                                                                                                            Configuration Example
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                            Level
                                                                                                                                                                                            
+
                                                                                                                                                                                            Service Scenario
                                                                                                                                                                                            
+
                                                                                                                                                                                            Configuration Example
                                                                                                                                                                                            
+
                                                                                                                                                                                            Cluster
                                                                                                                                                                                            
+
                                                                                                                                                                                            All nodes use the c7.4xlarge.2 model (sub-ENI quota: 128).
                                                                                                                                                                                            
+
                                                                                                                                                                                            Most nodes run about 20 pods.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Most nodes can run a maximum of 60 pods.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Most nodes can scale out 10 pods within 10 seconds.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Most nodes frequently scale in or out 15 pods within minutes.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Cluster-level global configuration:
                                                                                                                                                                                            
+
                                                                                                                                                                                            • nic-minimum-target: 20 or 16%
                                                                                                                                                                                            • nic-maximum-target: 60 or 47%
                                                                                                                                                                                            • nic-warm-target: 10
                                                                                                                                                                                            • nic-max-above-warm-target: 5
                                                                                                                                                                                            
+
                                                                                                                                                                                            Node pool
                                                                                                                                                                                            
+
                                                                                                                                                                                            A node pool that uses the c7.8xlarge.2 high-specification model is created in the cluster. (sub-ENI quota: 256)
                                                                                                                                                                                            
+
                                                                                                                                                                                            Most nodes run about 100 pods.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Most nodes can run a maximum of 128 pods.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Most nodes can scale out 10 pods within 10 seconds.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Most nodes frequently scale in or out 12 pods within minutes.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Custom settings at the node pool level:
                                                                                                                                                                                            
+
                                                                                                                                                                                            • nic-minimum-target: 100 or 40%
                                                                                                                                                                                            • nic-maximum-target: 120 or 50%
                                                                                                                                                                                            • nic-warm-target: 10
                                                                                                                                                                                            • nic-max-above-warm-target: 2
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
                                                                                                                                                                                             
                                                                                                                                                                                            Pods using HostNetwork are excluded.
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
                                                                                                                                                                                            Cluster-level Global Configuration
                                                                                                                                                                                            1. Log in to the CCE console. In the navigation pane, choose Clusters.
                                                                                                                                                                                            2. Click  next to the target cluster.
                                                                                                                                                                                            3. In the Manage Component window that is displayed on the sidebar, select Networking Components. For details about the parameter values, see Configuration Example.
                                                                                                                                                                                              
+
                                                                                                                                                                                            4. After the configuration is complete, click OK. Wait for about 10 seconds for the configuration to take effect.
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
                                                                                                                                                                                            Custom Settings at the Node Pool Level
                                                                                                                                                                                            1. Log in to the CCE console.
                                                                                                                                                                                            2. Click the cluster name to access the cluster console, choose Nodes on the left, and click the Node Pools tab on the right.
                                                                                                                                                                                            3. Choose More > Manage next to the node pool name.
                                                                                                                                                                                            4. In the Manage Component window that is displayed on the sidebar, select Networking Components. For details about the parameter values, see Configuration Example.
                                                                                                                                                                                              
+
                                                                                                                                                                                            5. After the configuration is complete, click OK. Wait for about 10 seconds for the configuration to take effect.
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
+
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
                                                                                                                                                                                            Parent topic: Networking
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
                                                                                                                                                                                            
+
diff --git a/docs/cce/umn/cce_bestpractice_10012.html b/docs/cce/umn/cce_bestpractice_10012.html
index b8c887c9b..8eed4fa1f 100644
--- a/docs/cce/umn/cce_bestpractice_10012.html
+++ b/docs/cce/umn/cce_bestpractice_10012.html
@@ -1,58 +1,64 @@
 
 
 
                                                                                                                                                                                            Selecting a Data Disk for the Node
                                                                                                                                                                                            
-
                                                                                                                                                                                            When a node is created, a data disk is created by default for container runtime and kubelet components to use.  The data disk used by the container runtime and kubelet components cannot be detached, and the default size is 100 GB. To reduce costs, the size of a common data disk attached to a node can be reduced to 10 GB.
                                                                                                                                                                                            
-
                                                                                                                                                                                             
                                                                                                                                                                                            Adjusting the size of the data disk used by the container and Kubelet component may cause risks. You are advised to adjust the size after comprehensive evaluation based on the estimation method provided in this section.
                                                                                                                                                                                            
-
                                                                                                                                                                                            • If the data disk capacity is too small, the disk space may be insufficient. As a result, the image fails to be pulled. If different images need to be frequently pulled on the node, you are not advised to reduce the data disk capacity.
                                                                                                                                                                                            • During the cluster upgrade pre-check, the system checks whether the data disk usage exceeds 95%. If the disk pressure is high, the cluster upgrade may be affected.
                                                                                                                                                                                            • If Device Mapper is used, the disk space may be insufficient. You are advised to use the OverlayFS or select a large-capacity data disk.
                                                                                                                                                                                            • For dumping logs, application logs must be stored in a separate disk to prevent insufficient space of the dockersys partition from affecting service running.
                                                                                                                                                                                            
-
+
                                                                                                                                                                                            When a node is created, a data disk is attached by default for a container runtime and kubelet. The data disk used by the container runtime and kubelet cannot be detached, and the default capacity is 100 GiB. To cut costs, you can reduce the disk capacity attached to a node to the minimum of 10 GiB.
                                                                                                                                                                                            
+
                                                                                                                                                                                             
                                                                                                                                                                                            Adjusting the size of the data disk used by the container runtime and kubelet may incur risks. You are advised to evaluate the capacity adjustment and then perform the operations described in this section.
                                                                                                                                                                                            
+
                                                                                                                                                                                            • If the disk capacity is too small, the image pull may fail. If different images need to be frequently pulled on the node, you are not advised to reduce the data disk capacity.
                                                                                                                                                                                            • Before a cluster upgrade, the system checks whether the data disk usage exceeds 95%. If the usage is high, the cluster upgrade may be affected.
                                                                                                                                                                                            • If Device Mapper is used, the disk capacity may be insufficient. You are advised to use the OverlayFS or select a large-capacity data disk.
                                                                                                                                                                                            • For dumping logs, application logs must be stored in a separate disk to prevent insufficient storage capacity of the dockersys volume from affecting service running.
                                                                                                                                                                                            
+
                                                                                                                                                                                            • After reducing the data disk capacity, you are advised to install the npd add-on in the cluster to detect disk usage. If the disk usage of a node is high, resolve this problem by referring to What If the Data Disk Capacity Is Insufficient?
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Notes and Constraints
                                                                                                                                                                                            • Only clusters of v1.19 or later support reducing the data disk capacity used by running containers and kubelet components.
                                                                                                                                                                                            • Only the EVS disk capacity can be adjusted. (Local disks are available only when the node specification is disk-intensive or Ultra-high I/O.)
                                                                                                                                                                                            
+
                                                                                                                                                                                            Constraints
                                                                                                                                                                                            • Only clusters of v1.19 or later allow reducing the capacity of the data disk used by container runtimes and kubelet.
                                                                                                                                                                                            • Only the EVS disk capacity can be adjusted. (Local disks are available only when the node specification is disk-intensive or Ultra-high I/O.)
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Selecting a Data Disk
                                                                                                                                                                                            When selecting a proper data disk, consider the following factors:
                                                                                                                                                                                            
-
                                                                                                                                                                                            • During image pulling, the system downloads the image .tar package from the image repository, decompresses the package, and deletes the TAR package to retain the image file. During the decompression of the .tar package, the .tar package and the decompressed image file coexist, occupying extra storage space. Pay attention to this when calculating the required data disk capacity.
                                                                                                                                                                                            • During cluster creation, mandatory add-ons (such as everest and coredns add-ons) may be deployed on nodes, occupying certain space. When calculating the data disk size, reserve about 2 GB space for them.
                                                                                                                                                                                            • Logs are generated during application running and occupy certain space. To ensure normal service running, reserve about 1 GB space for each pod.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Selecting a Data Disk
                                                                                                                                                                                            When selecting a data disk, consider the following factors:
                                                                                                                                                                                            
+
                                                                                                                                                                                            • During image pull, the system downloads the image package (the .tar package) from the image repository, and decompresses the package. Then it deletes the package but retain the image file. During the decompression of the .tar package, the package and the decompressed image file coexist. Reserve the capacity for the decompressed files.
                                                                                                                                                                                            • Mandatory add-ons (such as everest and coredns) may be deployed on nodes during cluster creation. When calculating the data disk size, reserve about 2 GiB storage capacity for them.
                                                                                                                                                                                            • Logs are generated during application running. To ensure stable application running, reserve about 1 GiB storage capacity for each pod.
                                                                                                                                                                                            
 
                                                                                                                                                                                            For details about the calculation formulas, see OverlayFS and Device Mapper.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            OverlayFS
                                                                                                                                                                                            By default, the container engine and container image space on OverlayFS nodes occupy 90% of the data disk space (you are advised to retain this value). All the space is used for the dockersys partition. The calculation formula is as follows:
                                                                                                                                                                                            
-
                                                                                                                                                                                            • Container engine and container image space: Defaults to 90%. Space size = Data disk space x 90%
                                                                                                                                                                                              • dockersys partition (/var/lib/docker path): The entire container engine and container image space (90% of the data disk by default) are in the /var/lib/docker directory. Space size = Data disk space x 90%
                                                                                                                                                                                              
-
                                                                                                                                                                                            • kubelet components and emptyDir volumes space: 10% of the data disk space. Space size = Data disk space x 10%
                                                                                                                                                                                            
-
                                                                                                                                                                                            On an OverlayFS node, when an image is pulled, the .tar package is decompressed after being downloaded. During this process, the .tar package and the decompressed image file are stored in the dockersys space at the same time, occupying about twice the actual image capacity, after the decompression is complete, the .tar package is deleted. Therefore, in the actual image pulling process, after deducting the space occupied by the system add-on image, ensure that the remaining space of the dockersys partition is greater than twice the actual image capacity. To ensure that the container can run properly, you need to reserve pod space in the dockersys partition for container logs and other related files.
                                                                                                                                                                                            
-
                                                                                                                                                                                            A proper data disk should meet the following formula:
                                                                                                                                                                                            
-
                                                                                                                                                                                            dockersys partition capacity > 2 x Actual total image capacity + Total system add-on image capacity (about 2 GB) + Number of containers x Available space for a single container (about 1 GB log space)
                                                                                                                                                                                            
-
                                                                                                                                                                                             
                                                                                                                                                                                            If container logs are output in the json.log format, the dockersys partition is occupied. If persistent storage is configured for container logs, the dockersys partition is not occupied. Estimate the space of a single container as required.
                                                                                                                                                                                            
+
                                                                                                                                                                                            OverlayFS
                                                                                                                                                                                            By default, the container engine and container image storage capacity of a node using the OverlayFS storage driver occupies 90% of the data disk capacity (you are advised to retain this value). All the 90% storage capacity is used for dockersys partitioning. The calculation methods are as follows:
                                                                                                                                                                                            
+
                                                                                                                                                                                            • Capacity for storing container engines and container images requires 90% of the data disk capacity by default.
                                                                                                                                                                                              • Capacity for dockersys volume (in the /var/lib/docker directory) requires 90% of the data disk capacity. The entire container engine and container image capacity (need 90% of the data disk capacity by default) are in the /var/lib/docker directory.
                                                                                                                                                                                              
+
                                                                                                                                                                                            • Capacity for storing temporary kubelet and emptyDir requires 10% of the data disk capacity.
                                                                                                                                                                                            
+
                                                                                                                                                                                            On a node using the OverlayFS, when an image is pulled, the .tar package is decompressed after being downloaded. During this process, the .tar package and the decompressed image file are stored in the dockersys volume, occupying about twice the actual image storage capacity. After the decompression is complete, the .tar package is deleted. Therefore, during image pull, after deducting the storage capacity occupied by the system add-on images, ensure that the remaining capacity of the dockersys volume is greater than twice the actual image storage capacity. To ensure that the containers can run stably, reserve certain capacity in the dockersys volume for container logs and other related files.
                                                                                                                                                                                            
+
                                                                                                                                                                                            When selecting a data disk, consider the following formula:
                                                                                                                                                                                            
+
                                                                                                                                                                                            Capacity of dockersys volume > Actual total image storage capacity x 2 + Total system add-on image storage capacity (about 2 GiB) + Number of containers x Available storage capacity for a single container (about 1 GiB log storage capacity for each container)
                                                                                                                                                                                            
+
                                                                                                                                                                                             
                                                                                                                                                                                            If container logs are output in the json.log format, they will occupy some capacity in the dockersys volume. If container logs are stored on persistent storage, they will not occupy capacity in the dockersys volume. Estimate the capacity of every container as required.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Example:
                                                                                                                                                                                            
-
                                                                                                                                                                                            Assume that the storage type of the node is OverlayFS and the data disk size of the node is 20 GB. According to the preceding formula, the default ratio of the container engine and image space is 90%. Therefore, the dockersys partition disk usage is 18 GB (20 GB x 90%). In addition, mandatory add-ons may occupy about 2 GB space during cluster creation. If you deploy a .tar image package of 10 GB, 20 GB dockersys space is occupied by the decompressed package. In addition, the space occupied by mandatory add-ons exceeds the remaining space of dockersys. As a result, the image may fail to be pulled.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Assume that the node uses the OverlayFS and the data disk attached to this node is 20 GiB. According to the preceding methods, the capacity for storing container engines and images occupies 90% of the data disk capacity, and the capacity for the dockersys volume is 18 GiB (20 GiB x 90%). Additionally, mandatory add-ons may occupy about 2 GiB storage capacity during cluster creation. If you deploy a .tar package of 10 GiB, the package decompression takes 20 GiB of the dockersys volume's storage capacity. This, coupled with the storage capacity occupied by mandatory add-ons, exceeds the remaining capacity of the dockersys volume. As a result, the image pull may fail.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Device Mapper
                                                                                                                                                                                            By default, the container engine and image space on Device Mapper nodes occupy 90% of the data disk space (recommended). This 90% capacity is divided into the dockersys partition and thinpool space. The calculation formula is as follows:
                                                                                                                                                                                            
-
                                                                                                                                                                                            • Container engine and image space: 90% of the data disk space by default. Space size = Data disk space x 90%
                                                                                                                                                                                              • dockersys partition (/var/lib/docker path): Defaults to 20%. Space size = Data disk space x 90% x 20%
                                                                                                                                                                                              • thinpool space: Defaults to 80%. Space size = Data disk space x 90% x 80%
                                                                                                                                                                                              
-
                                                                                                                                                                                            • kubelet and emptyDir space: occupy 10%. Space size = Data disk space x 10%
                                                                                                                                                                                            
-
                                                                                                                                                                                            On a Device Mapper node, when an image is pulled, the TAR package is temporarily stored in the dockersys partition. After the TAR package is decompressed, the image file is stored in the thinpool space. Finally, the TAR package in the dockersys space is deleted. Therefore, during image pulling, ensure that the dockersys partition space and thinpool space are sufficient. The dockersys space is smaller than the thinpool space. Pay attention to this when calculating the data disk space. To ensure that a container can run properly, reserve pod space in the dockersys partition to store container logs and other related files.
                                                                                                                                                                                            
-
                                                                                                                                                                                            A proper data disk should meet the following formula:
                                                                                                                                                                                            • dockersys partition capacity > temporary storage space of the TAR package (approximately equal to the actual total image capacity) + Number of containers x Space of a single container (about 1 GB log space must be reserved for each container)
                                                                                                                                                                                            • thinpool space > Actual total image capacity + Total add-on image capacity (about 2 GB)
                                                                                                                                                                                            
+
                                                                                                                                                                                            Device Mapper
                                                                                                                                                                                            By default, the capacity for storing container engines and container images of a node using the Device Mapper storage driver occupies 90% of the data disk capacity (you are advised to retain this value). The occupied capacity includes the dockersys volume and thinpool volume. The calculation methods are as follows:
                                                                                                                                                                                            
+
                                                                                                                                                                                            • Capacity for storing container engines and container images requires 90% of the data disk capacity by default.
                                                                                                                                                                                              • Capacity for the dockersys volume (in the /var/lib/docker directory) requires 20% of the capacity for storing container engines and container images.
                                                                                                                                                                                              • Capacity forthe thinpool volume requires 80% of the container engine and container image storage capacity.
                                                                                                                                                                                              
+
                                                                                                                                                                                            • Capacity for storing temporary kubelet and emptyDir requires 10% of the data disk capacity.
                                                                                                                                                                                            
+
                                                                                                                                                                                            On a node using the Device Mapper storage driver, when an image is pulled, the .tar package is temporarily stored in the dockersys volume. After the .tar package is decompressed, the image file is stored in the thinpool volume, and the package in the dockersys volume will be deleted. Therefore, during image pull, ensure that the storage capacity of the dockersys volume and thinpool volume are sufficient, and note that the former is smaller than the latter. To ensure that the containers can run stably, reserve certain capacity in the dockersys volume for container logs and other related files.
                                                                                                                                                                                            
+
                                                                                                                                                                                            When selecting a data disk, consider the following formulas:
                                                                                                                                                                                            • Capacity for dockersys volume > Temporary storage capacity of the .tar package (approximately equal to the actual total image storage capacity) + Number of containers x Storage capacity of a single container (about 1 GiB log storage capacity must be reserved for each container)
                                                                                                                                                                                            • Capacity for thinpool volume > Actual total image storage capacity + Total add-on image storage capacity (about 2 GiB)
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                             
                                                                                                                                                                                            If container logs are output in the json.log format, the dockersys partition is occupied. If persistent storage is configured for container logs, the dockersys partition is not occupied. Estimate the space of a single container as required.
                                                                                                                                                                                            
+
                                                                                                                                                                                             
                                                                                                                                                                                            If container logs are output in the json.log format, they will occupy some capacity in the dockersys volume. If container logs are stored on persistent storage, they will not occupy capacity in the dockersys volume. Estimate the capacity of every container as required.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
 
                                                                                                                                                                                            Example:
                                                                                                                                                                                            
-
                                                                                                                                                                                            Assume that the storage type of the node is Device Mapper and the data disk size of the node is 20 GB. According to the preceding formula, the default ratio of the container engine and image space is 90%. Therefore, the dockersys partition disk usage is: 20 GB x 90% x 20% = 3.6 GB. In addition, mandatory add-ons may occupy about 2 GB dockersys space during cluster creation. Therefore, the remaining space is about 1.6 GB. If you deploy a .tar image package larger than 1.6 GB, the dockersys partition space is insufficient when the package is decompressed. As a result, the image may fail to be pulled.
                                                                                                                                                                                            
+
                                                                                                                                                                                            Assume that the node uses the Device Mapper and the data disk attached to this node is 20 GiB. According to the preceding methods, the container engine and image storage capacity occupies 90% of the data disk capacity, and the disk usage of the dockersys volume is 3.6 GiB. Additionally, the storage capacity of the mandatory add-ons may occupy about 2 GiB of the dockersys volume during cluster creation. The remaining storage capacity is about 1.6 GiB. If you deploy a .tar image package larger than 1.6 GiB, the storage capacity of the dockersys volume is insufficient for the package to be decompressed. As a result, the image pull may fail.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            What Do I Do If the Data Disk Space Is Insufficient?
                                                                                                                                                                                            Solution 1: Clearing Images
                                                                                                                                                                                            
-
                                                                                                                                                                                            You can run the following command to clear unused Docker images:
                                                                                                                                                                                            
-
                                                                                                                                                                                            docker system prune -a
                                                                                                                                                                                            
-
                                                                                                                                                                                             
                                                                                                                                                                                            This command will delete all Docker images that are not used. Exercise caution when running this command.
                                                                                                                                                                                            
+
                                                                                                                                                                                            What If the Data Disk Capacity Is Insufficient?
                                                                                                                                                                                            Solution 1: Clearing images
                                                                                                                                                                                            
+
                                                                                                                                                                                            Perform the following operations to clear unused images:
                                                                                                                                                                                            • Nodes that use containerd
                                                                                                                                                                                              1. Obtain local images on the node.
                                                                                                                                                                                                crictl images -v
                                                                                                                                                                                                
+
                                                                                                                                                                                              2. Delete the images that are not required by image ID.
                                                                                                                                                                                                crictl rmi Image ID
                                                                                                                                                                                                
+
                                                                                                                                                                                              
+
                                                                                                                                                                                            • Nodes that use Docker
                                                                                                                                                                                              1. Obtain local images on the node.
                                                                                                                                                                                                docker images
                                                                                                                                                                                                
+
                                                                                                                                                                                              2. Delete the images that are not required by image ID.
                                                                                                                                                                                                docker rmi Image ID
                                                                                                                                                                                                
+
                                                                                                                                                                                              
+
                                                                                                                                                                                            
+
                                                                                                                                                                                             
                                                                                                                                                                                            Do not delete system images such as the cce-pause image. Otherwise, pods may fail to be created.
                                                                                                                                                                                            
 
                                                                                                                                                                                            
-
                                                                                                                                                                                            Solution 2: Expanding the Disk Capacity
                                                                                                                                                                                            
-
                                                                                                                                                                                            1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                                                            2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data at the row containing the target node.
                                                                                                                                                                                            3. Log in to the target node.
                                                                                                                                                                                            4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                              A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                              
-
                                                                                                                                                                                              • Overlayfs: No independent thin pool is allocated. Image data is stored in the dockersys disk.
                                                                                                                                                                                                # lsblk
+
                                                                                                                                                                                            
+
                                                                                                                                                                                            Solution 2: Expanding the disk capacity
                                                                                                                                                                                            
+
                                                                                                                                                                                            1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                                                            2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                            3. Log in to the target node.
                                                                                                                                                                                            4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                              A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                              
+
                                                                                                                                                                                              • Overlayfs: No independent thin pool is allocated. Image data is stored in the dockersys disk.
                                                                                                                                                                                                # lsblk
 NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 sda                   8:0    0   50G  0 disk 
 └─sda1                8:1    0   50G  0 part /
 sdb                   8:16   0  200G  0 disk 
-├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/docker               # Space used by Docker.
-└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes.
                                                                                                                                                                                                
-
                                                                                                                                                                                                Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                                
-
                                                                                                                                                                                                pvresize /dev/sdb 
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/docker               # Space used by the container engine
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                                
+
                                                                                                                                                                                                Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                                
+
                                                                                                                                                                                                pvresize /dev/sdb 
 lvextend -l+100%FREE -n vgpaas/dockersys
 resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                
-
                                                                                                                                                                                              • Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                # lsblk
+
                                                                                                                                                                                              • Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                # lsblk
 NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
 sda                                   8:0    0   50G  0 disk 
 └─sda1                                8:1    0   50G  0 part /
@@ -65,9 +71,9 @@ sdb                                   8:16   0  200G  0 disk
 │ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
 │   ...
 └─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                
-
                                                                                                                                                                                                • Run the following commands on the node to add the new disk capacity to the thinpool disk:
                                                                                                                                                                                                  pvresize /dev/sdb 
+
                                                                                                                                                                                                  • Run the following commands on the node to add the new disk capacity to the thinpool disk:
                                                                                                                                                                                                    pvresize /dev/sdb 
 lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                                                    
-
                                                                                                                                                                                                  • Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                                    pvresize /dev/sdb 
+
                                                                                                                                                                                                  • Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                                    pvresize /dev/sdb 
 lvextend -l+100%FREE -n vgpaas/dockersys
 resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                    
 
                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_bulletin_0026.html b/docs/cce/umn/cce_bulletin_0026.html
new file mode 100644
index 000000000..deb699162
--- /dev/null
+++ b/docs/cce/umn/cce_bulletin_0026.html
@@ -0,0 +1,19 @@
+
+
+
                                                                                                                                                                                                  Kubernetes 1.21 Release Notes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.21.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Resource Changes and Deprecations
                                                                                                                                                                                                  Kubernetes 1.21 Release Notes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • CronJob is now in the stable state, and the version number changes to batch/v1.
                                                                                                                                                                                                  • The immutable Secret and ConfigMap have now been upgraded to the stable state. A new immutable field is added to these objects to reject changes. The rejection protects clusters from accidental updates that may cause application outages. As these resources are immutable, kubelet does not monitor or poll for changes. This reduces the load of kube-apiserver and improves scalability and performance of your clusters. For more information, see Immutable ConfigMaps.
                                                                                                                                                                                                  • Graceful node shutdown has been upgraded to the test state. With this update, kubelet can detect that a node is shut down and gracefully terminate the pods on the node. Prior to this update, when the node was shut down, its pod did not follow the expected termination lifecycle, which caused workload problems. Now kubelet can use systemd to detect the systems that are about to be shut down and notify the running pods to terminate them gracefully.
                                                                                                                                                                                                  • For a pod with multiple containers, you can use kubectl.kubernetes.io/ to pre-select containers.
                                                                                                                                                                                                  • PodSecurityPolicy is deprecated. For details, see https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/.
                                                                                                                                                                                                  • The BoundServiceAccountTokenVolume feature has entered the beta test. This feature improves the token security of the service account and changes the method of mounting tokens to pods. Kubernetes clusters of v1.21 and later enable this approach by default.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Kubernetes 1.20 Release Notes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • The API priority and fairness have reached the test state and are enabled by default. This allows kube-apiserver to classify incoming requests by priority. For more information, see API Priority and Fairness.
                                                                                                                                                                                                  • The bug of exec probe timeouts is fixed. Before this bug is fixed, the exec probe does not consider the timeoutSeconds field. Instead, the probe will run indefinitely, even beyond its configured deadline. It will stop until the result is returned. Now, if no value is specified, the default value is used, that is, one second. If the detection time exceeds one second, the application health check may fail. Update the timeoutSeconds field for the applications that use this feature during the upgrade. The repair provided by the newly introduced ExecProbeTimeout feature gating enables the cluster operator to restore the previous behavior, but this behavior will be locked and removed in later versions.
                                                                                                                                                                                                  • RuntimeClass enters the stable state. RuntimeClass provides a mechanism to support multiple runtimes in a cluster and expose information about the container runtime to the control plane.
                                                                                                                                                                                                  • kubectl debugging has reached the test state. kubectl debugging provides support for common debugging workflows.
                                                                                                                                                                                                  • Dockershim was marked as deprecated in Kubernetes 1.20. Currently, you can continue to use Docker in the cluster. This change is irrelevant to the container image used by clusters. You can still use Docker to build your images. For more information, see Dockershim Deprecation FAQ.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  References
                                                                                                                                                                                                  For more details about the performance comparison and function evolution between Kubernetes 1.21 and other versions, see the following documents:
                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parent topic: Kubernetes Release Notes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_bulletin_0027.html b/docs/cce/umn/cce_bulletin_0027.html
new file mode 100644
index 000000000..999eb38fd
--- /dev/null
+++ b/docs/cce/umn/cce_bulletin_0027.html
@@ -0,0 +1,20 @@
+
+
+
                                                                                                                                                                                                  Kubernetes 1.23 Release Notes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.23.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Resource Changes and Deprecations
                                                                                                                                                                                                  Kubernetes 1.23 Release Notes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • FlexVolume is deprecated. Use CSI.
                                                                                                                                                                                                  • HorizontalPodAutoscaler v2 is promoted to GA, and HorizontalPodAutoscaler API v2 is gradually stable in version 1.23. The HorizontalPodAutoscaler v2beta2 API is not recommended. Use the v2 API.
                                                                                                                                                                                                  • PodSecurity moves to beta, replacing the deprecated PodSecurityPolicy. PodSecurity is an admission controller that enforces pod security standards on pods in the namespace based on specific namespace labels that set the enforcement level. PodSecurity is enabled by default in version 1.23.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Kubernetes 1.22 Release Notes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • Ingresses no longer support networking.k8s.io/v1beta1 and extensions/v1beta1 APIs. If you use the API of an earlier version to manage ingresses, an application cannot be exposed to external services. Use networking.k8s.io/v1.
                                                                                                                                                                                                  • CustomResourceDefinitions no longer support the apiextensions.k8s.io/v1beta1 API. If you use the API of an earlier version to create a CRD, the creation will fail, which affects the controller that reconciles this CRD. Use apiextensions.k8s.io/v1.
                                                                                                                                                                                                  • ClusterRoles, ClusterRoleBindings, Roles, and RoleBindings no longer support the rbac.authorization.k8s.io/v1beta1 API. If you use the API of an earlier version to manage RBAC resources, application permissions control is affected and even cannot work in the cluster. Use rbac.authorization.k8s.io/v1.
                                                                                                                                                                                                  • The Kubernetes release cycle is changed from four releases a year to three releases a year.
                                                                                                                                                                                                  • StatefulSets support minReadySeconds.
                                                                                                                                                                                                  • During scale-in, pods are randomly selected and deleted based on the pod UID by default (LogarithmicScaleDown). This feature enhances the randomness of the pods to be deleted and alleviates the problems caused by pod topology spread constraints. For more information, see KEP-2185 and issue 96748.
                                                                                                                                                                                                  • The BoundServiceAccountTokenVolume feature is stable. This feature improves the token security of the service account and changes the method of mounting tokens to pods. Kubernetes clusters of v1.21 and later enable this approach by default.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  References
                                                                                                                                                                                                  For more details about the performance comparison and function evolution between Kubernetes 1.23 and other versions, see the following documents:
                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parent topic: Kubernetes Release Notes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_bulletin_0058.html b/docs/cce/umn/cce_bulletin_0058.html
new file mode 100644
index 000000000..21f3ffe6d
--- /dev/null
+++ b/docs/cce/umn/cce_bulletin_0058.html
@@ -0,0 +1,56 @@
+
+
+
                                                                                                                                                                                                  Kubernetes 1.25 Release Notes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This document describes the changes made in Kubernetes 1.25 compared with Kubernetes 1.23.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Indexes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  New Features
                                                                                                                                                                                                  Kubernetes 1.25
                                                                                                                                                                                                  • Pod Security Admission is stable. PodSecurityPolicy is deprecated.
                                                                                                                                                                                                    PodSecurityPolicy is replaced by Pod Security Admission. For details about the migration, see Migrate from PodSecurityPolicy to the Built-In PodSecurity Admission Controller.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • The ephemeral container is stable.
                                                                                                                                                                                                    An ephemeral container is a container that runs temporarily in an existing pod. It is useful for troubleshooting, especially when kubectl exec cannot be used to check a container that breaks down or its image lacks a debugging tool.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • Support for cgroups v2 enters the stable phase.
                                                                                                                                                                                                    Kubernetes supports cgroups v2. cgroups v2 provides some improvements over cgroup v1. For details, see About cgroup v2.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • SeccompDefault moves to beta.
                                                                                                                                                                                                    To enable this feature, add the startup parameter --seccomp-default=true to kubelet. In this way, seccomp is set to RuntimeDefault by default, improving system security. Clusters of v1.25 no longer support seccomp.security.alpha.kubernetes.io/pod and container.seccomp.security.alpha.kubernetes.io/annotation. Replace them with the securityContext.seccompProfile field in pods or containers. For details, see Configure a Security Context for a Pod or Container.
                                                                                                                                                                                                     
                                                                                                                                                                                                    After this feature is enabled, the system calls required by the application may be restricted by the runtime. Ensure that the debugging is performed in the test environment, so that application is not affected.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • The EndPort in the network policy moves to stable.
                                                                                                                                                                                                    EndPort in Network Policy is stable. This feature is incorporated in version 1.21. EndPort is added to NetworkPolicy. You can specify a port range.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • Local ephemeral storage capacity isolation is stable.
                                                                                                                                                                                                    This feature provides support for capacity isolation of local ephemeral storage between pods, such as EmptyDir. If a pod's consumption of shared resources exceeds the limit, it will be evicted.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • The CRD verification expression language moves to beta.
                                                                                                                                                                                                    This makes it possible to declare how to validate custom resources using Common Expression Language (CEL). For details, see Extend the Kubernetes API with CustomResourceDefinitions.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • KMS v2 APIs are introduced.
                                                                                                                                                                                                    The KMS v2 alpha1 API is introduced to add performance, rotation, and observability improvements. This API uses AES-GCM to replace AES-CBC and uses DEK to encrypt data at rest (Kubernetes Secrets). No additional operation is required during this process. Additionally, data can be read through AES-GCM and AES-CBC. For details, see Using a KMS provider for data encryption.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • Pod network readiness is introduced.
                                                                                                                                                                                                    Kubernetes 1.25 introduces Alpha support for PodHasNetwork. This status is in the status field of the pod. For details, see Pod network readiness.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • The two features used for application rollout are stable.
                                                                                                                                                                                                    • In Kubernetes 1.25, minReadySeconds for StatefulSets is stable. It allows each pod to wait for an expected period of time to slow down the rollout of a StatefulSet. For details, see Minimum ready seconds.
                                                                                                                                                                                                    • In Kubernetes 1.25, maxSurge for DaemonSets is stable. It allows a DaemonSet workload to run multiple instances of the same pod on one node during a rollout. This minimizes DaemonSet downtime for users. DaemonSet does not allow maxSurge and hostPort to be used at the same time because two active pods cannot share the same port on the same node. For details, see Perform a Rolling Update on a DaemonSet.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • Alpha support for running pods with user namespaces is provided.
                                                                                                                                                                                                    This feature maps the root user in a pod to a non-zero ID outside the container. In this way, the container runs as the root user and the node runs as a regular unprivileged user. This feature is still in the internal test phase. The UserNamespacesStatelessPodsSupport gate needs to be enabled, and the container runtime must support this function. For details, see Kubernetes 1.25: alpha support for running Pods with user namespaces.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Kubernetes 1.24
                                                                                                                                                                                                  • Dockershim is removed from kubelet.
                                                                                                                                                                                                    Dockershim was marked deprecated in Kubernetes 1.20 and officially removed from kubelet in Kubernetes 1.24. If you want to use Docker container, switch to cri-dockerd or other runtimes that support CRI, such as containerd and CRI-O.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                     
                                                                                                                                                                                                    Check whether there are agents or applications that depend on Docker Engine. For example, if docker ps, docker run, and docker inspect are used, ensure that multiple runtimes are compatible and switch to the standard CRI.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • Beta APIs are disabled by default.
                                                                                                                                                                                                    The Kubernetes community found 90% cluster administrators did not care about the beta APIs and left them enabled. However, the beta features are not recommended because these APIs enabled in the production environment by default incur risks. Therefore, in 1.24 and later versions, beta APIs are disabled by default, but the existing beta APIs will retain the original settings.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • OpenAPI v3 is supported.
                                                                                                                                                                                                    In Kubernetes 1.24 and later versions, OpenAPI V3 is enabled by default.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • Storage capacity tracking is stable.
                                                                                                                                                                                                    In Kubernetes 1.24 and later versions, the CSIStorageCapacity API supports exposing the available storage capacity. This ensures that pods are scheduled to nodes with sufficient storage capacity, which reduces pod scheduling delay caused by volume creation and mounting failures. For details, see Storage Capacity.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • gRPC container probe moves to beta.
                                                                                                                                                                                                    In Kubernetes 1.24 and later versions, the gRPC probe goes to beta. The feature gate GRPCContainerProbe is available by default. For details about how to use this probe, see Configure Probes.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • LegacyServiceAccountTokenNoAutoGeneration is enabled by default.
                                                                                                                                                                                                    The LegacyServiceAccountTokenNoAutoGeneration feature is in beta state. By default, this feature is enabled and no more secret token will be automatically generated for the service account. To use a token that never expires, create a secret and mount it. For details, see Service account token Secrets.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • IP address conflict is prevented.
                                                                                                                                                                                                    In Kubernetes 1.24, an IP address pool is soft reserved for the static IP addresses of Services. After you manually enable this function, Service IP addresses will be automatically from the IP address pool to minimize IP address conflict.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • Clusters are compiled based on Go 1.18.
                                                                                                                                                                                                    Kubernetes clusters of versions later than 1.24 are compiled based on Go 1.18. By default, the SHA-1 hash algorithm, such as SHA1WithRSA and ECDSAWithSHA1, is no longer supported for certificate signature verification. Use the certificate generated by the SHA256 algorithm instead.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • The maximum number of unavailable StatefulSet replicas is configurable.
                                                                                                                                                                                                    In Kubernetes 1.24 and later versions, the maxUnavailable parameter can be configured for StatefulSets so that pods can be stopped more quickly during a rolling update.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • Alpha support for non-graceful node shutdown is introduced.
                                                                                                                                                                                                    The non-graceful node shutdown is introduced as alpha in Kubernetes v1.24. A node shutdown is considered graceful only if kubelet's node shutdown manager can detect the upcoming node shutdown action. For details, see Non-graceful node shutdown handling.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Deprecations and Removals
                                                                                                                                                                                                  Kubernetes 1.25
                                                                                                                                                                                                  • The iptables chain ownership is cleared up.
                                                                                                                                                                                                    Kubernetes typically creates iptables chains to ensure data packets can be sent to the destination. These iptables chains and their names are for internal use only. These chains were never intended to be part of any Kubernetes API/ABI guarantees. For details, see Kubernetes's IPTables Chains Are Not API.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    In versions later than Kubernetes 1.25, Kubelet uses IPTablesCleanup to migrate the Kubernetes-generated iptables chains used by the components outside of Kubernetes in phases so that iptables chains such as KUBE-MARK-DROP, KUBE-MARK-MASQ, and KUBE-POSTROUTING will not be created in the NAT table. For more details, see Cleaning Up IPTables Chain Ownership.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • The cloud service vendors' in-tree storage drivers are removed.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Kubernetes 1.24
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • In Kubernetes 1.24 and later versions, Service.Spec.LoadBalancerIP is deprecated because it cannot be used for dual-stack protocols. Instead, use custom annotations.
                                                                                                                                                                                                  • In Kubernetes 1.24 and later versions, the --address, --insecure-bind-address, --port, and --insecure-port=0 parameters are removed from kube-apiserver.
                                                                                                                                                                                                  • In Kubernetes 1.24 and later versions, startup parameters --port=0 and --address are removed from kube-controller-manager and kube-scheduler.
                                                                                                                                                                                                  • In Kubernetes 1.24 and later versions, kube-apiserver --audit-log-version and --audit-webhook-version support only audit.k8s.io/v1. In Kubernetes 1.24, audit.k8s.io/v1[alpha|beta]1 is removed, and only audit.k8s.io/v1 can be used.
                                                                                                                                                                                                  • In Kubernetes 1.24 and later versions, the startup parameter --network-plugin is removed from kubelet. This Docker-specific parameter is available only when the container runtime environment is Docker and it is deleted with Dockershim.
                                                                                                                                                                                                  • In Kubernetes 1.24 and later versions, dynamic log clearance has been discarded and removed accordingly. A log filter is introduced to the logs of all Kubernetes system components to prevent sensitive information from being leaked through logs. However, this function may block logs and therefore is discarded. For more details, see Dynamic log sanitization and KEP-1753.
                                                                                                                                                                                                  • VolumeSnapshot v1beta1 CRD is discarded in Kubernetes 1.20 and removed in Kubernetes 1.24. Use VolumeSnapshot v1 instead.
                                                                                                                                                                                                  • In Kubernetes 1.24 and later versions, service annotation tolerate-unready-endpoints discarded in Kubernetes 1.11 is replaced by Service.spec.publishNotReadyAddresses.
                                                                                                                                                                                                  • In Kubernetes 1.24 and later versions, the metadata.clusterName field is discarded and will be deleted in the next version.
                                                                                                                                                                                                  • In Kubernetes 1.24 and later versions, the logic for kube-proxy to listen to NodePorts is removed. If NodePorts conflict with kernel net.ipv4.ip_local_port_range, TCP connections may fail occasionally, which leads to a health check failure or service exception. Before the upgrade, ensure that cluster NodePorts do not conflict with net.ipv4.ip_local_port_range of all nodes in the cluster. For more details, see Kubernetes PR.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Enhanced Kubernetes 1.25 on CCE
                                                                                                                                                                                                  During a version maintenance period, CCE periodically updates Kubernetes 1.25 and provides enhanced functions.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  For details about cluster version updates, see Release Notes for CCE Cluster Versions.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  References
                                                                                                                                                                                                  For more details about the performance comparison and function evolution between Kubernetes 1.25 and other versions, see the following documents: 
                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parent topic: Kubernetes Release Notes
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_bulletin_0301.html b/docs/cce/umn/cce_bulletin_0301.html
index 1c13941e5..577c110e4 100644
--- a/docs/cce/umn/cce_bulletin_0301.html
+++ b/docs/cce/umn/cce_bulletin_0301.html
@@ -1,270 +1,207 @@
 
 
 
                                                                                                                                                                                                  OS Patch Notes for Cluster Nodes
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Nodes in Hybrid Clusters
                                                                                                                                                                                                  CCE nodes in Hybrid clusters can run on EulerOS 2.5, EulerOS 2.9, CentOS 7.7 and Ubuntu 22.04. The following table lists the supported patches for these OSs.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Nodes in Hybrid Clusters
                                                                                                                                                                                                  CCE nodes in Hybrid clusters can run on EulerOS 2.5, EulerOS 2.9 and Ubuntu 22.04. You are not advised to use the CentOS 7.7 image to create nodes because the OS maintenance has stopped.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  The following table lists the supported patches for these OSs.
                                                                                                                                                                                                  
 
-
                                                                                                                                                                                                  Table 1 Node OS patches
                                                                                                                                                                                                  OS
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                                  Table 1 Node OS patches
                                                                                                                                                                                                  OS
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Cluster Version
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Cluster Version
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Latest Kernel
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Latest Kernel
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  EulerOS release 2.5
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  EulerOS release 2.5
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  v1.23
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.23
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  v1.21
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.21
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  v1.19
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.19
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  EulerOS release 2.9
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  EulerOS release 2.9
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  v1.23
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.23
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  v1.21
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.21
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  v1.19
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.19
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  CentOS Linux release 7.7
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  3.10.0-1160.76.1.el7.x86_64
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  v1.23
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  3.10.0-1160.76.1.el7.x86_64
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  v1.21
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  3.10.0-1160.76.1.el7.x86_64
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  v1.19
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  3.10.0-1160.76.1.el7.x86_64
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Ubuntu 22.04
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Ubuntu 22.04
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  5.15.0-53-generic
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  5.15.0-53-generic
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  
                                                                                                                                                                                                   
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
-
                                                                                                                                                                                                  Table 2 Mappings between BMS node OS versions and cluster versions
                                                                                                                                                                                                  OS Version
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
-
-
-
-
-
-
-
                                                                                                                                                                                                  Table 2 Mappings between BMS node OS versions and cluster versions
                                                                                                                                                                                                  OS Version
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Cluster Version
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Cluster Version
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Latest Kernel
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Latest Kernel
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  EulerOS release 2.9 (bare metal server)
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  EulerOS release 2.9 (bare metal server)
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  v1.23
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.23
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  
                                                                                                                                                                                                   
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
-
                                                                                                                                                                                                  
@@ -307,7 +307,7 @@
 
@@ -403,7 +403,7 @@
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Parent topic: Service Overview
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parent topic: Service Overview
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
diff --git a/docs/cce/umn/cce_productdesc_0003.html b/docs/cce/umn/cce_productdesc_0003.html
index 17963c180..4cb25457e 100644
--- a/docs/cce/umn/cce_productdesc_0003.html
+++ b/docs/cce/umn/cce_productdesc_0003.html
@@ -1,7 +1,7 @@
 
                                                                                                                                                                                                  Product Advantages
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Why CCE?
                                                                                                                                                                                                  CCE is a container service built on Docker and Kubernetes. A wealth of features enable you to run container clusters at scale. CCE eases containerization thanks to its reliability, performance, and open source engagement.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Why CCE?
                                                                                                                                                                                                  CCE is a container service built on Docker and Kubernetes. A wealth of features enables you to run container clusters at scale. CCE eases containerization thanks to its reliability, performance, and open source engagement.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Easy to Use
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  • Creating a Kubernetes cluster is as easy as a few clicks on the web console. You can deploy and manage VMs and BMSs together.
                                                                                                                                                                                                  • CCE automates deployment and O&M of containerized applications throughout their lifecycle.
                                                                                                                                                                                                  • You can resize clusters and workloads by setting auto scaling policies. In-the-moment load spikes are no longer headaches.
                                                                                                                                                                                                  • The console walks you through the steps to upgrade Kubernetes clusters.
                                                                                                                                                                                                  • CCE supports turnkey Helm charts.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  High Performance
                                                                                                                                                                                                  
@@ -26,7 +26,7 @@
 
                                                                                                                                                                                                  
@@ -83,7 +83,7 @@
 
                                                                                                                                                                                                  Docker supports CI/CD by allowing you to customize container images. You compile Dockerfiles to build container images and use CI systems for testing. The Ops team can deploy images into production environments and use CD systems for auto deployment.
                                                                                                                                                                                                  The use of Dockerfiles makes the DevOps process visible to everyone in a DevOps team. Developers can better understand both user needs and the O&M headaches faced by the Ops team. The Ops team can also have some knowledge of the must-met conditions to run the application. The knowledge is helpful when the Ops personnel deploy container images in production.
                                                                                                                                                                                                  Portability
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Docker ensures environmental consistency across development, testing, and production. Portable Docker containers work the same, regardless of their running environments. Physical machines, VMs, public clouds, private clouds, or even laptops, you name it. Apps are now free to migrate and run anywhere.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Docker ensures environmental consistency across development, testing, and production. Portable Docker containers work the same, regardless of their running environments, including physical machines, VMs, or even laptops. Apps are now free to migrate and run anywhere.
                                                                                                                                                                                                  Application update
                                                                                                                                                                                                  Docker images consist of layers. Each layer is only stored once and different images can contain the exact same layers. When transferring such images, those same layers get transferred only once. This makes distribution efficient. Updating a containerized application is also simple. Either edit the top-most writable layer in the final image or add layers to the base image. Docker joins hands with many open source projects to maintain a variety of high-quality official images. You can directly use them in the production environment or easily build new images based on them.
                                                                                                                                                                                                  
 
@@ -104,9 +104,9 @@
 
-
-
                                                                                                                                                                                                  Table 3 Mappings between OS versions and network model
                                                                                                                                                                                                  OS Version
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/docs/cce/umn/cce_faq_0000.html b/docs/cce/umn/cce_faq_0000.html
new file mode 100644
index 000000000..41b1c5292
--- /dev/null
+++ b/docs/cce/umn/cce_faq_0000.html
@@ -0,0 +1,41 @@
+
+
+
+  
                                                                                                                                                                                                  FAQs
                                                                                                                                                                                                  
+
+  
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
+
+
diff --git a/docs/cce/umn/cce_faq_00001.html b/docs/cce/umn/cce_faq_00001.html
new file mode 100644
index 000000000..09a74172d
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00001.html
@@ -0,0 +1,21 @@
+
+
+
                                                                                                                                                                                                  DNS FAQs
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
+
diff --git a/docs/cce/umn/cce_faq_00002.html b/docs/cce/umn/cce_faq_00002.html
deleted file mode 100644
index 06f222643..000000000
--- a/docs/cce/umn/cce_faq_00002.html
+++ /dev/null
@@ -1,74 +0,0 @@
-
-
-
                                                                                                                                                                                                  What Should I Do If the OOM Killer Is Triggered When a Container Uses Memory Resources More Than Limited?
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  If a node has sufficient memory resources, a container on this node can use more memory resources than requested, but no more than limited. If the memory allocated to a container exceeds the upper limit, the container is stopped first. If the container continuously uses memory resources more than limited, the container is terminated. If a stopped container is allowed to be restarted, kubelet will restart it, but other types of run errors will occur.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Scenario 1
                                                                                                                                                                                                  The node's memory has reached the memory limit reserved for the node. As a result, OOM killer is triggered.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Solution
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  You can either scale up the node or migrate the pods on the node to other nodes.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Scenario 2
                                                                                                                                                                                                  The upper limit of resources configured for the pod is too small. When the actual usage exceeds the limit, OOM killer is triggered.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Solution
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Set a higher upper limit for the workload.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Example
                                                                                                                                                                                                  A pod will be created and allocated memory that exceeds the limit. As shown in the following configuration file of the pod, the pod requests 50 MB memory and the memory limit is set to 100 MB.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Example YAML file (memory-request-limit-2.yaml):
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  apiVersion: v1
-kind: Pod
-metadata:
-  name: memory-demo-2
-spec:
-  containers:
-  - name: memory-demo-2-ctr
-    image: vish/stress
-    resources:
-      requests:
-        memory: 50Mi
-      limits:
-        memory: "100Mi"
-    args:
-    - -mem-total
-    - 250Mi
-    - -mem-alloc-size
-    - 10Mi
-    - -mem-alloc-sleep
-    - 1s
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  The args parameters indicate that the container attempts to allocate 250 MB memory, which exceeds the pod's upper limit (100 MB).
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Creating a pod:
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  kubectl create -f https://k8s.io/docs/tasks/configure-pod-container/memory-request-limit-2.yaml --namespace=mem-example 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Viewing the details about the pod:
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  kubectl get pod memory-demo-2 --namespace=mem-example 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  In this stage, the container may be running or be killed. If the container is not killed, repeat the previous command until the container is killed.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  NAME            READY     STATUS      RESTARTS   AGE 
-memory-demo-2   0/1       OOMKilled   1          24s
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Viewing detailed information about the container:
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  kubectl get pod memory-demo-2 --output=yaml --namespace=mem-example 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  This output indicates that the container is killed because the memory limit is exceeded.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  lastState:
-   terminated:
-     containerID: docker://7aae52677a4542917c23b10fb56fcb2434c2e8427bc956065183c1879cc0dbd2
-     exitCode: 137
-     finishedAt: 2020-02-20T17:35:12Z
-     reason: OOMKilled
-     startedAt: null
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  In this example, the container can be automatically restarted. Therefore, kubelet will start it again. You can run the following command several times to see how the container is killed and started:
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  kubectl get pod memory-demo-2 --namespace=mem-example
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  The preceding command output indicates how the container is killed and started back and forth:
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  stevepe@sperry-1:~/steveperry-53.github.io$ kubectl get pod memory-demo-2 --namespace=mem-example 
-NAME            READY     STATUS      RESTARTS   AGE 
-memory-demo-2   0/1       OOMKilled   1          37s
-stevepe@sperry-1:~/steveperry-53.github.io$ kubectl get pod memory-demo-2 --namespace=mem-example 
-NAME            READY     STATUS    RESTARTS   AGE 
-memory-demo-2   1/1       Running   2          40s
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Viewing the historical information of the pod:
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  kubectl describe pod memory-demo-2 --namespace=mem-example 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  The following command output indicates that the pod is repeatedly killed and started.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  ... Normal  Created   Created container with id 66a3a20aa7980e61be4922780bf9d24d1a1d8b7395c09861225b0eba1b1f8511 
-... Warning BackOff   Back-off restarting failed container
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Parent topic: Workload Abnormalities
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
diff --git a/docs/cce/umn/cce_faq_00004.html b/docs/cce/umn/cce_faq_00004.html
new file mode 100644
index 000000000..d491dd392
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00004.html
@@ -0,0 +1,17 @@
+
+
+
                                                                                                                                                                                                  What Is the Retry Mechanism When CCE Fails to Start a Pod?
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  CCE is a fully managed Kubernetes service and is fully compatible with Kubernetes APIs and kubectl.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  In Kubernetes, the spec of a pod contains a restartPolicy field. The value of restartPolicy can be Always, OnFailure, or Never. The default value is Always.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • Always: When a container fails, kubelet automatically restarts the container.
                                                                                                                                                                                                  • OnFailure: When a container stops running and the exit code is not 0 (indicating normal exit), kubelet automatically restarts the container.
                                                                                                                                                                                                  • Never: kubelet does not restart the container regardless of the container running status.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  restartPolicy applies to all containers in a pod.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  restartPolicy only refers to restarts of the containers by kubelet on the same node. When containers in a pod exit, kubelet restarts them with an exponential back-off delay (10s, 20s, 40s, …), which is capped at five minutes. Once a container has been running for 10 minutes without any problems, kubelet resets the restart backoff timer for the container.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  The settings of restartPolicy vary depending on the controller:
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • Replication Controller (RC) and DaemonSet: restartPolicy must be set to Always to ensure continuous running of the containers.
                                                                                                                                                                                                  • Job: restartPolicy must be set to OnFailure or Never to ensure that containers are not restarted after being executed.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parent topic: Container Configuration
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00005.html b/docs/cce/umn/cce_faq_00005.html
index e9d6419a2..5a2233ebc 100644
--- a/docs/cce/umn/cce_faq_00005.html
+++ b/docs/cce/umn/cce_faq_00005.html
@@ -1,14 +1,16 @@
 
                                                                                                                                                                                                  What Should I Do If Sandbox-Related Errors Are Reported When the Pod Remains in the Creating State?
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                  The pod remains in the creating state for a long time, and the sandbox-related errors are reported.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                  The pod remains in the creating state for a long time, and the sandbox-related errors are reported.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Failed create pod sandbox: rpc error: code = Unknown desc = [ failed to setup sandbox .....
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Solution
                                                                                                                                                                                                  Select a troubleshooting method for your cluster:
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Clusters of V1.13 or later
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  1. Sandbox errors are generally caused by the abnormal startup of the container component on the node. You can run the systemctl status canal command to check the container component and run the systemctl restart canal command to restart the component.
                                                                                                                                                                                                  2. All container components on the node are normal, but the loopback file of the CNI is missing. The error is as follows: network: failed to find plugin "loopback" in path [/opt/cni/bin]. You can copy a complete version of the loopback file from the current region or other regions which share the same cluster versions (minor releases can be ignored), and put the loopback file in the path /opt/cni/bin/. Then, restart the canal component.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Clusters of V1.13
                                                                                                                                                                                                  
+
                                                                                                                                                                                                   
                                                                                                                                                                                                  This method applies only to clusters of v1.13.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  1. Sandbox errors are generally caused by the abnormal startup of container components on the node. You can run the systemctl status canal command to check the container components and run the systemctl restart canal command to restart the abnormal component.
                                                                                                                                                                                                  2. All container components on the node are normal, but the loopback file of the CNI is missing. The error is as follows: network: failed to find plugin "loopback" in path [/opt/cni/bin]. You can copy a complete version of the loopback file from the current region or other regions which share the same cluster versions (minor releases can be ignored), and put the loopback file in the path /opt/cni/bin/. Then, restart the canal component.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Clusters earlier than V1.13
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  1. Sandbox errors are generally caused by the abnormal startup of the container components on the node. You can run the su paas -c '/var/paas/monit/bin/monit summary' command to check the container component and run the su paas -c '/var/paas/monit/bin/monit restart canal' command to restart the component.
                                                                                                                                                                                                  2. All container components on the node are normal, but the loopback file of the CNI is missing. The error is as follows: network: failed to find plugin "loopback" in path [/opt/cni/bin]. You can copy a complete version of the loopback file from the current region or other regions which share the same cluster versions (minor releases can be ignored), and put the loopback file in the path /opt/cni/bin/. Then, restart the canal component.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  1. Sandbox errors are generally caused by the abnormal startup of container components on the node. You can run the su paas -c '/var/paas/monit/bin/monit summary' command to check the container components and run the su paas -c '/var/paas/monit/bin/monit restart canal' command to restart the abnormal component.
                                                                                                                                                                                                  2. All container components on the node are normal, but the loopback file of the CNI is missing. The error is as follows: network: failed to find plugin "loopback" in path [/opt/cni/bin]. You can copy a complete version of the loopback file from the current region or other regions which share the same cluster versions (minor releases can be ignored), and put the loopback file in the path /opt/cni/bin/. Then, restart the canal component.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00006.html b/docs/cce/umn/cce_faq_00006.html
new file mode 100644
index 000000000..d516fc08d
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00006.html
@@ -0,0 +1,20 @@
+
+
+
                                                                                                                                                                                                  Common Questions
                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parent topic: FAQs
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00012.html b/docs/cce/umn/cce_faq_00012.html
index c1eac325c..616fddbb5 100644
--- a/docs/cce/umn/cce_faq_00012.html
+++ b/docs/cce/umn/cce_faq_00012.html
@@ -1,11 +1,11 @@
 
 
 
                                                                                                                                                                                                  What Should I Do If a Workload Is Stopped Caused by Pod Deletion?
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Cause:
                                                                                                                                                                                                  The metadata.enable field in the YAML file of the workload is false. As a result, the pod of the workload is deleted and the workload is in the stopped status.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Problem
                                                                                                                                                                                                  A workload is in Stopped state.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Problem
                                                                                                                                                                                                  The workload status is Stopped.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Cause:
                                                                                                                                                                                                  The metadata.enable field in the YAML file of the workload is false. As a result, the pod of the workload is deleted and the workload is in the stopped status.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Solution
                                                                                                                                                                                                  Delete the enable field or set it to true.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00015.html b/docs/cce/umn/cce_faq_00015.html
index 968cc74bd..3591b4574 100644
--- a/docs/cce/umn/cce_faq_00015.html
+++ b/docs/cce/umn/cce_faq_00015.html
@@ -1,13 +1,67 @@
 
 
-
                                                                                                                                                                                                  Failed to Pull an Image
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  If the workload details page displays an event indicating that image pulling fails, perform the following operations to locate the fault:
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Fault Locating
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  What Should I Do If a Pod Fails to Pull the Image?
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Fault Locating
                                                                                                                                                                                                  When a workload enters the state of "Pod not ready: Back-off pulling image "xxxxx", a Kubernetes event of PodsFailed to pull image or Failed to re-pull image will be reported. For details about how to view Kubernetes events, see Viewing Pod Events.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Check Item 1: Checking Whether imagePullSecret Is Specified When You Use kubectl to Create a Workload
                                                                                                                                                                                                  For example, when creating a deployment named nginx, check whether the YAML file contains the imagePullSecrets parameter, which indicates the secret name during image pulling.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  • To pull an image from SWR, set the imagePullSecrets parameter to default-secret.
                                                                                                                                                                                                  • To pull an image from a third-party image repository, set the imagePullSecrets parameter to the created secret name.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  The example shows the situation when you fail to pull an image when imagePullSecret is not configured in your YAML file.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  apiVersion: extensions/v1beta1
+
                                                                                                                                                                                                  Troubleshooting Process
                                                                                                                                                                                                  Determine the cause based on the event information, as listed in Table 1.
                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                  Table 3 Mappings between OS versions and network model
                                                                                                                                                                                                  OS Version
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Cluster Version
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Cluster Version
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  VPC Network
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  VPC Network
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Tunnel Network
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Tunnel Network
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Cloud Native Network 2.0
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Cloud Native Network 2.0
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Ubuntu 22.04
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Ubuntu 22.04
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  ×
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  ×
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  CentOS Linux release 7.7
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  v1.23
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  v1.21
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  v1.19
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  EulerOS release 2.9
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  EulerOS release 2.9
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  v1.23
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.23
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  v1.21
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.21
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  v1.19
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.19
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  EulerOS release 2.5
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  EulerOS release 2.5
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.25
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  v1.23
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.23
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  v1.21
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.21
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  v1.19
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  v1.19
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  
                                                                                                                                                                                                   
 
 
                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                  Table 1 FailedPullImage
                                                                                                                                                                                                  Event Information
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Cause and Solution
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Failed to pull image "xxx": rpc error: code = Unknown desc = Error response from daemon: Get xxx: denied: You may not login yet
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  You have not logged in to the image repository.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Check Item 1: Whether imagePullSecret Is Specified When You Use kubectl to Create a Workload
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Failed to pull image "nginx:v1.1": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io: no such host
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  The image address is incorrectly configured.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Check Item 2: Whether the Image Address Is Correct When a Third-Party Image Is Used
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Check Item 3: Whether an Incorrect Secret Is Used When a Third-Party Image Is Used
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Failed create pod sandbox: rpc error: code = Unknown desc = failed to create a sandbox for pod "nginx-6dc48bf8b6-l8xrw": Error response from daemon: mkdir xxxxx: no space left on device
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  The disk space is insufficient.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Check Item 4: Whether the Node Disk Space Is Insufficient
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Failed to pull image "xxx": rpc error: code = Unknown desc = error pulling image configuration: xxx x509: certificate signed by unknown authority
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  An unknown or insecure certificate is used by the third-party image repository from which the image is pulled.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Check Item 5: Whether the Remote Image Repository Uses an Unknown or Insecure Certificate
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Failed to pull image "xxx": rpc error: code = Unknown desc = context canceled
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  The image size is too large.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Check Item 6: Whether the Image Size Is Too Large
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Failed to pull image "docker.io/bitnami/nginx:1.22.0-debian-11-r3": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Check Item 7: Connection to the Image Repository
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  ERROR: toomanyrequests: Too Many Requests.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Or
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  you have reached your pull rate limit, you may increase the limit by authenticating an upgrading
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  The rate is limited because the number of image pull times reaches the upper limit.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Check Item 8: Whether the Number of Public Image Pull Times Reaches the Upper Limit
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                  Check Item 1: Whether imagePullSecret Is Specified When You Use kubectl to Create a Workload
                                                                                                                                                                                                  If the workload status is abnormal and a Kubernetes event is displayed indicating that the pod fails to pull the image, check whether the imagePullSecrets field exists in the YAML file.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Items to Check
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • If an image needs to be pulled from SWR, the name parameter must be set to default-secret.
                                                                                                                                                                                                    apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   name: nginx
@@ -29,33 +83,129 @@ spec:
         name: nginx
       imagePullSecrets:
       - name: default-secret
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Solution
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    When pulling an image from a third-party image repository, set imagePullSecrets to the created secret name.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  • If an image needs to be pulled from a third-party image repository, the imagePullSecrets parameter must be set to the created secret name.
                                                                                                                                                                                                    When you use kubectl to create a workload from a third-party image, specify the imagePullSecret field, in which name indicates the name of the secret used to pull the image.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Check Item 2: Checking Whether the Image Address Is Correct When a Third-Party Image Is Used
                                                                                                                                                                                                  CCE can create workloads using images pulled from a third-party image repository in addition to SWR and Docker Hub.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Check Item 2: Whether the Image Address Is Correct When a Third-Party Image Is Used
                                                                                                                                                                                                  CCE allows you to create workloads using images pulled from third-party image repositories.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Enter the third-party image address according to requirements. The format must be ip:port/path/name:version or name:version. If no tag is specified, latest is used by default.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  • For a private repository, enter an image address in the format of ip:port/path/name:version.
                                                                                                                                                                                                  • For an open-source Docker repository, enter an image address in the format of name:version. For example, nginx:latest.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  • For a private repository, enter an image address in the format of ip:port/path/name:version.
                                                                                                                                                                                                  • For an open-source Docker repository, enter an image address in the format of name:version, for example, nginx:latest.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  The following information is displayed when you fail to pull an image due to incorrect image address provided.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Failed to pull image "nginx:v1.1": rpc error:code = Unknown desc=Error response from daemon: manifest for nginx:v1.1 not found
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Failed to pull image "nginx:v1.1": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io: no such host
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Solution
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  You can either edit your YAML file to modify the image address or log in to the CCE console to replace the image on the Upgrade tag page of the workload details page.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  You can either edit your YAML file to change the image address or log in to the CCE console to replace the image on the Upgrade tab on the workload details page.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Check Item 3: Checking Whether an Incorrect Key Is Used or the Key Expires When a Third-Party Image Is Used
                                                                                                                                                                                                  CCE allows you to create workloads using images pulled from a third-party image repository in addition to SWR or Docker Hub.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Check Item 3: Whether an Incorrect Secret Is Used When a Third-Party Image Is Used
                                                                                                                                                                                                  Generally, a third-party image repository can be accessed only after authentication (using your account and password). CCE uses the secret authentication mode to pull images. Therefore, you need to create a secret for an image repository before pulling images from the repository.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Solution
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Generally, a third-party image repository can be accessed only after authentication. CCE uses the secret authentication mode to obtain images. Therefore, you need to create a secret for an image repository before pulling images from the repository.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  If the secret is incorrect or expires, images will fail to be pulled.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  If your secret is incorrect, images will fail to be pulled. In this case, create a new secret.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Check Item 4: Checking Whether Disk Space Is Insufficient
                                                                                                                                                                                                  After a node is created in a cluster of v1.7.3-r7 or a later version, a 100 GB data disk dedicated for Docker is bound to the node. If the data disk space is insufficient, image fails to be pulled.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  If the following information is contained in the Kubernetes event, the disk space on the node for storing images is full. You need to delete images or expand the disk capacity.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  You can run lvs to check the disk space on the node for storing images.
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  You can run the following command to delete an image:
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  docker rmi –f {Image ID}
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Perform the following steps to expend the disk capacity:
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  1. Expand the capacity of the Docker disk on the EVS console.
                                                                                                                                                                                                  2. Log in to the target node.
                                                                                                                                                                                                  3. Run the following commands on the node to add the new disk capacity to the Docker disk:
                                                                                                                                                                                                    pvresize /dev/vdb
+
                                                                                                                                                                                                    Check Item 4: Whether the Node Disk Space Is Insufficient
                                                                                                                                                                                                    If the Kubernetes event contains information "no space left on device", there is no disk space left for storing the image. As a result, the image will fail to be pulled. In this case, clear the image or expand the disk space to resolve this issue.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Failed create pod sandbox: rpc error: code = Unknown desc = failed to create a sandbox for pod "nginx-6dc48bf8b6-l8xrw": Error response from daemon: mkdir xxxxx: no space left on device
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Run the following command to obtain the disk space for storing images on a node:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    lvs
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Solution 1: Clearing images
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Perform the following operations to clear unused images:
                                                                                                                                                                                                    • Nodes that use containerd
                                                                                                                                                                                                      1. Obtain local images on the node.
                                                                                                                                                                                                        crictl images -v
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      2. Delete the images that are not required by image ID.
                                                                                                                                                                                                        crictl rmi Image ID
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    • Nodes that use Docker
                                                                                                                                                                                                      1. Obtain local images on the node.
                                                                                                                                                                                                        docker images
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      2. Delete the images that are not required by image ID.
                                                                                                                                                                                                        docker rmi Image ID
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                     
                                                                                                                                                                                                    Do not delete system images such as the cce-pause image. Otherwise, pods may fail to be created.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Solution 2: Expanding the disk capacity
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    To expand a disk capacity, perform the following steps:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                                                                    2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                                    3. Log in to the target node.
                                                                                                                                                                                                    4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                                      A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      • Overlayfs: No independent thin pool is allocated. Image data is stored in the dockersys disk.
                                                                                                                                                                                                        # lsblk
+NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/docker               # Space used by the container engine
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        pvresize /dev/sdb 
+lvextend -l+100%FREE -n vgpaas/dockersys
+resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                        # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda                                   8:0    0   50G  0 disk 
+└─sda1                                8:1    0   50G  0 part /
+sdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm                   # Thin pool space.
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • Run the following commands on the node to add the new disk capacity to the thinpool disk:
                                                                                                                                                                                                          pvresize /dev/sdb 
 lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                                          pvresize /dev/sdb 
+lvextend -l+100%FREE -n vgpaas/dockersys
+resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Check Item 5: Whether the Remote Image Repository Uses an Unknown or Insecure Certificate
                                                                                                                                                                                                    When a pod pulls an image from a third-party image repository that uses an unknown or insecure certificate, the image fails to be pulled from the node. The pod event list contains the event "Failed to pull the image" with the cause "x509: certificate signed by unknown authority".
                                                                                                                                                                                                    
+
                                                                                                                                                                                                     
                                                                                                                                                                                                    The security of EulerOS 2.9 images is enhanced. Some insecure or expired certificates are removed from the system. It is normal that this error is reported in EulerOS 2.9 but not or some third-party images on other types of nodes. You can also perform the following operations to rectify the fault.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Solution
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    1. Check the IP address and port number of the third-party image server for which the error message "unknown authority" is displayed.
                                                                                                                                                                                                      You can see the IP address and port number of the third-party image server for which the error is reported in the event information "Failed to pull image".
                                                                                                                                                                                                      Failed to pull image "bitnami/redis-cluster:latest": rpc error: code = Unknown desc = error pulling image configuration: Get https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/e8/e83853f03a2e792614e7c1e6de75d63e2d6d633b4e7c39b9d700792ee50f7b56/data?verify=1636972064-AQbl5RActnudDZV%2F3EShZwnqOe8%3D: x509: certificate signed by unknown authority
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The IP address of the third-party image server is production.cloudflare.docker.com, and the default HTTPS port number is 443.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    2. Load the root certificate of the third-party image server to the node where the third-party image is to be downloaded.
                                                                                                                                                                                                      Run the following commands on the EulerOS and CentOS nodes with {server_url}:{server_port} replaced with the IP address and port number obtained in Step 1, for example, production.cloudflare.docker.com:443:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      If the container engine of the node is containerd, replace systemctl restart docker with systemctl restart containerd.
                                                                                                                                                                                                      openssl s_client -showcerts -connect {server_url}:{server_port} < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/pki/ca-trust/source/anchors/tmp_ca.crt
+update-ca-trust
+systemctl restart docker
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Run the following command on Ubuntu nodes:
                                                                                                                                                                                                      openssl s_client -showcerts -connect {server_url}:{server_port} < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /usr/local/share/ca-certificates/tmp_ca.crt
+update-ca-trust
+systemctl restart docker
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Check Item 6: Whether the Image Size Is Too Large
                                                                                                                                                                                                    The pod event list contains the event "Failed to pull image". This may be caused by a large image size.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Failed to pull image "XXX": rpc error: code = Unknown desc = context canceled
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Log in to the node and run the docker pull command to manually pull the image. The image is successfully pulled.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Possible Causes
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    The default value of image-pull-progress-deadline is 1 minute. If the image pull progress is not updated within 1 minute, image pull is canceled. If the node performance is poor or the image size is too large, the image may fail to be pulled and the workload may fail to be started.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Solution
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    • (Recommended) Method 1: Log in to the node, run the docker pull command to manually pull the image, and check whether imagePullPolicy of the workload is IfNotPresent (default policy configuration). In this case, the image that has been pulled to the local host is used to create the workload.
                                                                                                                                                                                                    • Method 2: Modify the kubelet configuration parameters.
                                                                                                                                                                                                      For a cluster of v1.15 or later, run the following command:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      vi /opt/cloud/cce/kubernetes/kubelet/kubelet
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      For a cluster earlier than v1.15, run the following command:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      vi /var/paas/kubernetes/kubelet/kubelet
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Add --image-pull-progress-deadline=30m to the end of the DAEMON_ARGS parameter. 30m indicates 30 minutes. You can change the value as required. The added configuration and the existing configuration are separated by a space.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Run the following command to restart kubelet:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      systemctl restart kubelet
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Wait for a while and check whether the kubelet status is running.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      systemctl status kubelet
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      The workload is started properly, and the image is successfully pulled.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Check Item 7: Connection to the Image Repository
                                                                                                                                                                                                    Symptom
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    The following error message is displayed during workload creation:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Failed to pull image "docker.io/bitnami/nginx:1.22.0-debian-11-r3": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Possible Causes
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Failed to connect to the image repository due to the disconnected network. SWR allows you to pull images only from the official Docker repository. For image pulls from other repositories, you need to access the Internet.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Solution
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    • Bind a public IP address to the node which needs to pull the images.
                                                                                                                                                                                                    • Upload the image to SWR and then pull the image from SWR.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Check Item 8: Whether the Number of Public Image Pull Times Reaches the Upper Limit
                                                                                                                                                                                                    Symptom
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    The following error message is displayed during workload creation:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    ERROR: toomanyrequests: Too Many Requests.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Or
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    you have reached your pull rate limit, you may increase the limit by authenticating an upgrading: https://www.docker.com/increase-rate-limits.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Possible Causes
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Docker Hub sets the maximum number of container image pull requests. For details, see Understanding Your Docker Hub Rate Limit.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Solution
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Push the frequently used image to SWR and then pull the image from SWR.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00018.html b/docs/cce/umn/cce_faq_00018.html
index f60e604b5..af0e70118 100644
--- a/docs/cce/umn/cce_faq_00018.html
+++ b/docs/cce/umn/cce_faq_00018.html
@@ -1,64 +1,154 @@
 
 
-
                                                                                                                                                                                                  Failed to Restart a Container
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  On the details page of a workload, if an event is displayed indicating that the container fails to be restarted, perform the following operations to locate the fault:
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  What Should I Do If Container Startup Fails?
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Fault Locating
                                                                                                                                                                                                  On the details page of a workload, if an event is displayed indicating that the container fails to be started, perform the following steps to locate the fault:
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                                  2. Check the ID of the container where the workload pod exits abnormally.
                                                                                                                                                                                                    docker ps -a | grep $podName
                                                                                                                                                                                                    
 
                                                                                                                                                                                                  3. View the logs of the corresponding container.
                                                                                                                                                                                                    docker logs $containerID
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Rectify the fault of the workload based on logs.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                  4. Check the error logs.
                                                                                                                                                                                                    cat /var/log/messages | grep $containerID  | grep oom
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Check whether the system OOM is triggered based on the logs.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Fault Locating
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Check Item 1: Whether There Are Processes that Keep Running in the Container
                                                                                                                                                                                                  1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                                  2. View the container status.
                                                                                                                                                                                                    docker ps -a | grep $podName
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Troubleshooting Process
                                                                                                                                                                                                    Determine the cause based on the event information, as listed in Table 1.
                                                                                                                                                                                                    
+
+
                                                                                                                                                                                                    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                    Table 1 Container startup failure
                                                                                                                                                                                                    Log or Event
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Cause and Solution
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    The log contains exit(0).
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    No process exists in the container.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Check whether the container is running properly.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Check Item 1: Whether There Are Processes that Keep Running in the Container (Exit Code: 0)
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Event information: Liveness probe failed: Get http...
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    The log contains exit(137).
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Health check fails.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Check Item 2: Whether Health Check Fails to Be Performed (Exit Code: 137)
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Event information:
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Thin Pool has 15991 free data blocks which are less than minimum required 16383 free data blocks. Create more free space in thin pool or use dm.min_free_space option to change behavior
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    The disk space is insufficient. Clear the disk space.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Check Item 3: Whether the Container Disk Space Is Insufficient
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    The keyword OOM exists in the log.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    The memory is insufficient.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Check Item 4: Whether the Upper Limit of Container Resources Has Been Reached
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Check Item 5: Whether the Resource Limits Are Improperly Configured for the Container
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Address already in use
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    A conflict occurs between container ports in the pod.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Check Item 6: Whether the Container Ports in the Same Pod Conflict with Each Other
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    In addition to the preceding possible causes, there are some other possible causes:
                                                                                                                                                                                                    
+
+
                                                                                                                                                                                                    Figure 1 Troubleshooting process of the container restart failure
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Check Item 1: Whether There Are Processes that Keep Running in the Container (Exit Code: 0)
                                                                                                                                                                                                    1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                                    2. View the container status.
                                                                                                                                                                                                      docker ps -a | grep $podName
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Example:
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      If no running process in the container, the status code Exited (0) is displayed.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      If no running process exists in the container, the status code Exited (0) is displayed.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Check Item 2: Whether Health Check Fails to Be Performed
                                                                                                                                                                                                    The health check configured for a workload is performed on services periodically. If an exception occurs, the pod reports an event and the pod fails to be restarted.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    If the liveness-type (workload liveness probe) health check is configured for the workload and the number of health check failures exceeds the threshold, the containers in the pod will be restarted. On the workload details page, if K8s events contain Liveness probe failed: Get http..., the health check fails.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Check Item 2: Whether Health Check Fails to Be Performed (Exit Code: 137)
                                                                                                                                                                                                    The health check configured for a workload is performed on services periodically. If an exception occurs, the pod reports an event and the pod fails to be restarted.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    If the liveness-type (workload liveness probe) health check is configured for the workload and the number of health check failures exceeds the threshold, the containers in the pod will be restarted. On the workload details page, if Kubernetes events contain Liveness probe failed: Get http..., the health check fails.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    Solution
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    On the workload details page, choose Upgrade > Advanced Settings > Health Check to check whether the health check policy is properly set and whether services are normal.
                                                                                                                                                                                                    
+
                                                                                                                                                                                                    Click the workload name to go to the workload details page, click the Containers tab. Then select Health Check to check whether the policy is proper or whether services are running properly.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    Check Item 3: Whether the User Service Has a Bug
                                                                                                                                                                                                    Check whether the workload startup command is correctly executed or whether the workload has a bug.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                    1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                                    2. Check the ID of the container where the workload pod exits abnormally.
                                                                                                                                                                                                      docker ps -a | grep $podName
                                                                                                                                                                                                      
-
                                                                                                                                                                                                    3. View the logs of the corresponding container.
                                                                                                                                                                                                      docker logs $containerID
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Note: In the preceding command, containerID indicates the ID of the container that has exited.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Figure 1 Incorrect startup command of the container
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      As shown above, the container fails to be started due to an incorrect startup command. For other errors, rectify the bugs based on the logs.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Solution: Re-create a workload and configure a correct startup command.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Check Item 3: Whether the Container Disk Space Is Insufficient
                                                                                                                                                                                                      The following message refers to the thin pool disk that is allocated from the Docker disk selected during node creation. You can run the lvs command as user root to view the current disk usage.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Thin Pool has 15991 free data blocks which are less than minimum required 16383 free data blocks. Create more free space in thin pool or use dm.min_free_space option to change behavior
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Solution 1: Clearing images
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Perform the following operations to clear unused images:
                                                                                                                                                                                                      • Nodes that use containerd
                                                                                                                                                                                                        1. Obtain local images on the node.
                                                                                                                                                                                                          crictl images -v
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        2. Delete the images that are not required by image ID.
                                                                                                                                                                                                          crictl rmi Image ID
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • Nodes that use Docker
                                                                                                                                                                                                        1. Obtain local images on the node.
                                                                                                                                                                                                          docker images
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        2. Delete the images that are not required by image ID.
                                                                                                                                                                                                          docker rmi Image ID
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                       
                                                                                                                                                                                                      Do not delete system images such as the cce-pause image. Otherwise, pods may fail to be created.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Solution 2: Expanding the disk capacity
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      To expand a disk capacity, perform the following steps:
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                                                                      2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                                      3. Log in to the target node.
                                                                                                                                                                                                      4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                                        A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • Overlayfs: No independent thin pool is allocated. Image data is stored in the dockersys disk.
                                                                                                                                                                                                          # lsblk
+NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/docker               # Space used by the container engine
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          pvresize /dev/sdb 
+lvextend -l+100%FREE -n vgpaas/dockersys
+resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                          # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda                                   8:0    0   50G  0 disk 
+└─sda1                                8:1    0   50G  0 part /
+sdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm                   # Thin pool space.
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Run the following commands on the node to add the new disk capacity to the thinpool disk:
                                                                                                                                                                                                            pvresize /dev/sdb 
+lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          • Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                                            pvresize /dev/sdb 
+lvextend -l+100%FREE -n vgpaas/dockersys
+resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Check Item 4: Whether the Upper Limit of Container Resources Has Been Reached
                                                                                                                                                                                                      If the upper limit of container resources has been reached, OOM will be displayed in the event details as well as in the log:
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      cat /var/log/messages | grep 96feb0a425d6 | grep oom
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      When a workload is created, if the requested resources exceed the configured upper limit, the system OOM is triggered and the container exits unexpectedly.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Check Item 5: Whether the Container Disk Space Is Insufficient
                                                                                                                                                                                                      The following message refers to the Thin Pool disk that is allocated from the Docker disk selected during node creation. You can run the lvs command as user root to view the current disk usage.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Thin Pool has 15991 free data blocks which is less than minimum required 16383 free data blocks. Create more free space in thin pool or use dm.min_free_space option to change behavior
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      1. Release used disk space.
                                                                                                                                                                                                        docker rmi -f `docker images | grep 20202 | awk '{print $3}'` 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      2. Expand the disk capacity. For details, see the method of expanding the data disk capacity of a node.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Check Item 5: Whether the Resource Limits Are Improperly Configured for the Container
                                                                                                                                                                                                      If the resource limits set for the container during workload creation are less than required, the container fails to be restarted.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Check Item 6: Whether the Resource Limits Are Improperly Set for the Container
                                                                                                                                                                                                      If the resource limits set for the container during workload creation are less than required, the container fails to be restarted.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Back-off restarting failed container
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Solution
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Modify the container specifications.
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Check Item 7: Whether the Container Ports in the Same Pod Conflict with Each Other
                                                                                                                                                                                                      1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                                      2. Check the ID of the container where the workload pod exits abnormally.
                                                                                                                                                                                                        docker ps -a | grep $podName
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check Item 6: Whether the Container Ports in the Same Pod Conflict with Each Other
                                                                                                                                                                                                        1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                                        2. Check the ID of the container where the workload pod exits abnormally.
                                                                                                                                                                                                          docker ps -a | grep $podName
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        3. View the logs of the corresponding container.
                                                                                                                                                                                                          docker logs $containerID
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Rectify the fault of the workload based on logs. As shown in the following figure, container ports in the same pod conflict. As a result, the container fails to be started.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Figure 2 Container restart failure due to a container port conflict
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Figure 2 Container restart failure due to a container port conflict
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Re-create the workload and set a port number that is not used by any other pod.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Check Item 8: Whether the Container Startup Command Is Correctly Configured
                                                                                                                                                                                                        The error messages are as follows:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check Item 7: Whether the Container Startup Command Is Correctly Configured
                                                                                                                                                                                                        The error messages are as follows:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Log in to the CCE console. On the workload details page, click Upgrade > Advanced Settings > Lifecycle to see whether the startup command is correctly configured.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Click the workload name to go to the workload details page, click the Containers tab. Choose Lifecycle , click Startup Command, and ensure that the command is correct.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check Item 8: Whether the User Service Has a Bug
                                                                                                                                                                                                        Check whether the workload startup command is correctly executed or whether the workload has a bug.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Log in to the node where the abnormal workload is located.
                                                                                                                                                                                                        2. Check the ID of the container where the workload pod exits abnormally.
                                                                                                                                                                                                          docker ps -a | grep $podName
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. View the logs of the corresponding container.
                                                                                                                                                                                                          docker logs $containerID
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Note: In the preceding command, containerID indicates the ID of the container that has exited.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Figure 3 Incorrect startup command of the container
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          As shown in the figure above, the container fails to be started due to an incorrect startup command. For other errors, rectify the bugs based on the logs.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Create a new workload and configure a correct startup command.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
diff --git a/docs/cce/umn/cce_faq_00020.html b/docs/cce/umn/cce_faq_00020.html
new file mode 100644
index 000000000..134dbf10f
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00020.html
@@ -0,0 +1,31 @@
+
+
+
                                                                                                                                                                                                        How Do I Rectify Failures When the NVIDIA Driver Is Used to Start Containers on GPU Nodes?
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Did a Resource Scheduling Failure Event Occur on a Cluster Node?
                                                                                                                                                                                                        Symptom
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        A node is running properly and has GPU resources. However, the following error information is displayed:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        0/9 nodes are available: 9 insufficient nvidia.com/gpu
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Analysis
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Check whether the node is attached with NVIDIA label.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        2. Check whether the NVIDIA driver is running properly.
                                                                                                                                                                                                          Log in to the node where the add-on is running and view the driver installation log in the following path:
                                                                                                                                                                                                          /opt/cloud/cce/nvidia/nvidia_installer.log
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          View standard output logs of the NVIDIA container.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Filter the container ID by running the following command:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          docker ps –a | grep nvidia
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          View logs by running the following command:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          docker logs Container ID
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        What Should I Do If the NVIDIA Version Reported by a Service and the CUDA Version Do Not Match?
                                                                                                                                                                                                        Run the following command to check the CUDA version in the container:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        cat /usr/local/cuda/version.txt
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check whether the CUDA version supported by the NVIDIA driver version of the node where the container is located contains the CUDA version of the container.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Helpful Links
                                                                                                                                                                                                        What Should I Do If an Error Occurs When Deploying a Service on the GPU Node?
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Node Running
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_faq_00021.html b/docs/cce/umn/cce_faq_00021.html
new file mode 100644
index 000000000..7b1eeb057
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00021.html
@@ -0,0 +1,19 @@
+
+
+
                                                                                                                                                                                                        Node
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
+
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: FAQs
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_faq_00022.html b/docs/cce/umn/cce_faq_00022.html
new file mode 100644
index 000000000..c779829b1
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00022.html
@@ -0,0 +1,16 @@
+
+
+
                                                                                                                                                                                                        What Should I Do If a Node Fails to Connect to the Internet (Public Network)?
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        If a node fails to be connected to the Internet, perform the following operations:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check Item 1: Whether an EIP Has Been Bound to the Node
                                                                                                                                                                                                        Log in to the ECS console and check whether an EIP has been bound to the ECS corresponding to the node.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        If there is an IP address in the EIP column, an EIP has been bound. If there is no IP address in that column, bind one.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check Item 2: Whether a Network ACL Has Been Configured for the Node
                                                                                                                                                                                                        Log in to the VPC console. In the navigation pane, choose Access Control > Firewalls. Check whether a firewall has been configured for the subnet where the node is located and whether external access is restricted.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Network Fault
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_faq_00024.html b/docs/cce/umn/cce_faq_00024.html
new file mode 100644
index 000000000..60e958520
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00024.html
@@ -0,0 +1,21 @@
+
+
+
                                                                                                                                                                                                        Cluster
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
+
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: FAQs
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_faq_00025.html b/docs/cce/umn/cce_faq_00025.html
new file mode 100644
index 000000000..e8e469c4b
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00025.html
@@ -0,0 +1,12 @@
+
+
+
                                                                                                                                                                                                        How Can I Access a CCE Cluster?
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        You can use either of the following methods to access the cluster API Server:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • (Recommended) Through the cluster API. This access mode uses certificate authentication. It is suitable for API calls on scale thanks to its direct connection to the API Server. This is a recommended option.
                                                                                                                                                                                                        • API Gateway. This access mode uses token authentication. You need to obtain a toke using your account. This access mode applies to small-scale API calls. API gateway flow control may be triggered when APIs are called on scale.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: API & kubectl FAQs
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_faq_00027.html b/docs/cce/umn/cce_faq_00027.html
new file mode 100644
index 000000000..abc21c8eb
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00027.html
@@ -0,0 +1,48 @@
+
+
+
                                                                                                                                                                                                        How Do I Troubleshoot Problems Occurred When Adding Nodes to a CCE Cluster?
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Note
                                                                                                                                                                                                        • The node images in the same cluster must be the same. Pay attention to this when creating, adding, or accepting nodes in a cluster.
                                                                                                                                                                                                        • If you need to allocate user space from the data disk when creating a node, do not set the data storage path to any key directory. For example, to store data in the /home directory, set the directory to /home/test instead of /home.
                                                                                                                                                                                                           
                                                                                                                                                                                                          Do not set Path inside a node to the root directory /. Otherwise, the mounting fails. Set Path inside a node to any of the following:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • /opt/xxxx (excluding /opt/cloud)
                                                                                                                                                                                                          • /mnt/xxxx (excluding /mnt/paas)
                                                                                                                                                                                                          • /tmp/xxx
                                                                                                                                                                                                          • /var/xxx (excluding key directories such as /var/lib, /var/script, and /var/paas)
                                                                                                                                                                                                          • /xxxx (It cannot conflict with the system directory, such as bin, lib, home, root, boot, dev, etc, lost+found, mnt, proc, sbin, srv, tmp, var, media, opt, selinux, sys, and usr.)
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Do not set it to /home/paas, /var/paas, /var/lib, /var/script, /mnt/paas, or /opt/cloud. Otherwise, the system or node installation will fail.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check Item 1: Subnet Quota
                                                                                                                                                                                                        Symptom
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        New nodes cannot be added to a CCE cluster, and a message is displayed indicating that the subnet quota is insufficient.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Cause Analysis
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Example:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        VPC CIDR block: 192.168.66.0/24
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Subnet CIDR block: 192.168.66.0/24
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        In 192.168.66.0/24, all 251 private IP addresses have been used.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Expand the VPC.
                                                                                                                                                                                                          Log in to the console and choose Virtual Private Cloud from the service list. Click Edit CIDR Block in the Operation column of the target VPC.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        2. Change the subnet mask to 16 and click OK.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        3. Click the VPC name. On the Summary tab page, click the number next to Subnets on the right and click Create Subnet to create a subnet.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        4. Return to the page for adding a node on the CCE console, and select the newly created subnet.
                                                                                                                                                                                                           
                                                                                                                                                                                                          1. Adding subnets to the VPC does not affect the use of the existing 192.168.66.0/24 CIDR block.
                                                                                                                                                                                                            You can select a new subnet when creating a CCE node. The new subnet has a maximum of 251 private IP addresses. If the number of private IP addresses cannot meet service requirements, you can add more subnets.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          2. Subnets in the same VPC can communicate with each other.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check Item 2: EIP Quota
                                                                                                                                                                                                        Symptom
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        When a node is added, EIP is set to Automatically assign. The node cannot be created, and a message indicating that EIPs are insufficient is displayed.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Two methods are available to solve the problem.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • Method 1: Unbind the VMs bound with EIPs and add a node again.
                                                                                                                                                                                                          1. Log in to the management console.
                                                                                                                                                                                                          2. Choose Computing > Elastic Cloud Server.
                                                                                                                                                                                                          3. In the ECS list, locate the target ECS and click its name.
                                                                                                                                                                                                          4. On the ECS details page, click the EIPs tab. In the EIP list, click Unbind at the row of the target ECS and click Yes.
                                                                                                                                                                                                          5. Return to the page for adding a node on the CCE console, select Use existing for EIP, and add the node again.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        • Method 2: Increase the EIP quota.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Check Item 3: Security Group
                                                                                                                                                                                                        Symptom
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        A node cannot be added to a CCE cluster.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        You can click the cluster name to view the cluster details. In the Networking Configuration area, click the icon next to Default security group of the node to check whether the default security group is deleted and whether the security group rules comply with Configuring Cluster Security Group Rules.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        If your account has multiple clusters and you need to manage network security policies of nodes in a unified manner, you can specify custom security groups.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Node Creation
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_faq_00028.html b/docs/cce/umn/cce_faq_00028.html
new file mode 100644
index 000000000..5be272c0a
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00028.html
@@ -0,0 +1,21 @@
+
+
+
                                                                                                                                                                                                        Workload
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
+
diff --git a/docs/cce/umn/cce_faq_00029.html b/docs/cce/umn/cce_faq_00029.html
index 698051146..822945255 100644
--- a/docs/cce/umn/cce_faq_00029.html
+++ b/docs/cce/umn/cce_faq_00029.html
@@ -1,35 +1,35 @@
 
 
 
                                                                                                                                                                                                        Workload Abnormalities
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
 
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Parent topic: Reference
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Workload
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
 
diff --git a/docs/cce/umn/cce_faq_00030.html b/docs/cce/umn/cce_faq_00030.html
new file mode 100644
index 000000000..e9e78d3dd
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00030.html
@@ -0,0 +1,16 @@
+
+
+
                                                                                                                                                                                                        How Do I Change the Node Specifications in a CCE Cluster?
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Solution
                                                                                                                                                                                                         
                                                                                                                                                                                                        If the node whose specifications need to be changed is accepted into the cluster for management, remove the node from the cluster and then change the node specifications to avoid affecting services.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        1. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click the name of the node to display the ECS details page.
                                                                                                                                                                                                        2. In the upper right corner of the ECS details page, click Stop. After the ECS is stopped, choose More > Modify Specifications.
                                                                                                                                                                                                        3. On the Modify ECS Specifications page, select a flavor name and click Submit to finish the specification modification. Return to ECS list page and choose More > Start to start the ECS.
                                                                                                                                                                                                        4. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Locate the target node in the node list, and click Sync Server Data in the Operation column. After the synchronization is complete, you can view that the node specifications are the same as the modified specifications of the ECS.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Common Issues
                                                                                                                                                                                                        After the specifications of a node configured with CPU management policies are changed, the node may fail to be rebooted or workloads may fail to be created. In this case, see What Should I Do If I Fail to Restart or Create Workloads on a Node After Modifying the Node Specifications? to rectify the fault.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Specification Change
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_faq_00032.html b/docs/cce/umn/cce_faq_00032.html
new file mode 100644
index 000000000..eb9145c5d
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00032.html
@@ -0,0 +1,12 @@
+
+
+
                                                                                                                                                                                                        How Do I Upload My Images to CCE?
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        SoftWare Repository for Container (SWR) manages images for CCE. It provides the following ways to upload images:
                                                                                                                                                                                                        
+
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Image Repository FAQs
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_faq_00037.html b/docs/cce/umn/cce_faq_00037.html
new file mode 100644
index 000000000..6973bdd12
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00037.html
@@ -0,0 +1,23 @@
+
+
+
                                                                                                                                                                                                        Storage
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
+
diff --git a/docs/cce/umn/cce_faq_00038.html b/docs/cce/umn/cce_faq_00038.html
new file mode 100644
index 000000000..a69ee4df1
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00038.html
@@ -0,0 +1,75 @@
+
+
+
                                                                                                                                                                                                        What Are the Differences Among CCE Storage Classes in Terms of Persistent Storage and Multi-node Mounting?
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Container storage provides storage for container workloads. It supports multiple storage classes. A pod can use any amount of storage.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Currently, CCE supports local, EVS, SFS, SFS Turbo, and OBS volumes.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        The following table lists the differences among these storage classes.
                                                                                                                                                                                                        
+
+
                                                                                                                                                                                                        
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                        Table 1 Differences among storage classes
                                                                                                                                                                                                        Storage Class
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Persistent Storage
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Automatic Migration with Containers
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Multi-node Mounting
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Local disks
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Supported
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Not supported
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Not supported
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        EVS
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Supported
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Supported
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Not supported
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        OBS
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Supported
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Supported
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Supported. This type of volumes can be shared among multiple nodes or workloads.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        SFS
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Supported
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Supported
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Supported. This type of volumes can be shared among multiple nodes or workloads.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        SFS Turbo
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Supported
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Supported
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Supported. This type of volumes can be shared among multiple nodes or workloads.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Selecting a Storage Class
                                                                                                                                                                                                        You can use the following types of storage volumes when creating a workload. You are advised to store workload data on EVS volumes. If you store workload data on a local volume, the data cannot be restored when a fault occurs on the node.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        • Local volumes: Mount the file directory of the host where a container is located to a specified container path (corresponding to hostPath in Kubernetes). Alternatively, you can leave the source path empty (corresponding to emptyDir in Kubernetes). If the source path is left empty, a temporary directory of the host will be mounted to the mount point of the container. A specified source path is used when data needs to be persistently stored on the host, while emptyDir is used when temporary storage is needed. A ConfigMap is a type of resource that stores configuration data required by a workload. Its contents are user-defined. A secret is a type of resource that holds sensitive data, such as authentication and key information. Its contents are user-defined.
                                                                                                                                                                                                        • EVS volumes: Mount an EVS volume to a container path. When the container is migrated, the mounted EVS volume is migrated together. This storage class is applicable when data needs to be stored permanently.
                                                                                                                                                                                                        • SFS volumes: Create SFS volumes and mount them to a container path. The file system volumes created by the underlying SFS service can also be used. SFS volumes are applicable to persistent storage for frequent read/write in multiple workload scenarios, including media processing, content management, big data analysis, and workload analysis.
                                                                                                                                                                                                        • OBS volumes: Create OBS volumes and mount them to a container path. OBS volumes are applicable to scenarios such as cloud workload, data analysis, content analysis, and hotspot objects.
                                                                                                                                                                                                        • SFS Turbo volumes: Create SFS Turbo volumes and mount them to a container path. SFS Turbo volumes are fast, on-demand, and scalable, which makes them suitable for DevOps, containerized microservices, and enterprise office applications. 
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Parent topic: Storage
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        
+
diff --git a/docs/cce/umn/cce_faq_00039.html b/docs/cce/umn/cce_faq_00039.html
index d56a7a9cf..83c2251ed 100644
--- a/docs/cce/umn/cce_faq_00039.html
+++ b/docs/cce/umn/cce_faq_00039.html
@@ -1,26 +1,29 @@
 
 
 
                                                                                                                                                                                                        How Do I Rectify the Fault When the Cluster Status Is Unavailable?
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        If the cluster is Unavailable, perform the following operations to rectify the fault:
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Fault Locating
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        If the cluster is Unavailable, perform the following operations to rectify the fault:
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Fault Locating
                                                                                                                                                                                                        Troubleshooting methods are sorted based on the occurrence probability of the possible causes. You are advised to check the possible causes from high probability to low probability to quickly locate the cause of the problem.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        If the fault persists after a possible cause is rectified, check other possible causes.
                                                                                                                                                                                                        
+
+
                                                                                                                                                                                                        Figure 1 Fault locating
                                                                                                                                                                                                        
 
                                                                                                                                                                                                        
-
                                                                                                                                                                                                        Check Item 1: Whether the Security Group Is Modified
                                                                                                                                                                                                        1. Log in to the management console, choose Service List > Network > Virtual Private Cloud. In the navigation pane, choose Access Control > Security Groups to find the security group of the master node in the cluster.
                                                                                                                                                                                                          The name of this security group is in the format of cluster name-cce-control-ID.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                        2. Click the security group. On the details page that is displayed, ensure that the security group rules of the master node are the same as those marked by the red frames in the following figure.
                                                                                                                                                                                                          Figure 1 Viewing inbound rules of the security group
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Inbound rule parameter description:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • 4789: used for network access between containers.
                                                                                                                                                                                                          • 5443-5444: used by kubelet of the node to listen to kube-api of the master node.
                                                                                                                                                                                                          • 9443: used by canal of the node to listen to canal-api of the master node.
                                                                                                                                                                                                          • 8445: used by storage_driver of the node to access csms-storagemgr of the master node.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Figure 2 Viewing outbound rules of the security group
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 1: Whether the Security Group Is Modified
                                                                                                                                                                                                          1. Log in to the management console, and choose Service List > Networking > Virtual Private Cloud. In the navigation pane on the left, choose Access Control > Security Groups to find the security group of the master node in the cluster.
                                                                                                                                                                                                            The name of this security group is in the format of Cluster name-cce-control-ID.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          2. Click the security group. On the details page displayed, ensure that the security group rules of the master node are correct.
                                                                                                                                                                                                            For details about security, see Configuring Cluster Security Group Rules.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Check Item 2: Whether the DHCP Function of the Subnet Is Disabled
                                                                                                                                                                                                          1. On the CCE console, click the unavailable cluster. The details page is displayed. View the VPC and subnet where the cluster is located. Assume that the VPC and subnet names are vpc-test and subnet-test respectively.
                                                                                                                                                                                                          2. On the management console, choose Service List > Network > Virtual Private Cloud. Click the VPC name to check whether the DHCP function of the corresponding subnet is enabled.
                                                                                                                                                                                                            If the DHCP function is disabled, the IP address allocated by the subnet will be reclaimed. As a result, the network in the cluster is disconnected and the cluster is abnormal.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            In this case, enable the DHCP function again. After this function is enabled, the subnet allocates the original IP address to the original node and the cluster can automatically recover.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Currently, the VPC console no longer supports enabling or disabling DHCP for a VPC. You can change the configuration using APIs. For details, see the description of the dhcp_enable field in Updating Subnet Information.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Figure 3 DHCP description in the VPC API Reference
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 2: Whether There Are Residual Listeners and Backend Server Groups on the Load Balancer
                                                                                                                                                                                                          Reproducing the Problem
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          A cluster exception occurs when a LoadBalancer Service is being created or deleted. After the fault is rectified, the Service is deleted successfully, but there are residual listeners and backend server group.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. Pre-create a CCE cluster. In the cluster, use the official Nginx image to create workloads, preset load balancers, Services, and ingresses.
                                                                                                                                                                                                          2. Ensure that the cluster is running properly and the Nginx workload is stable.
                                                                                                                                                                                                          3. Create and delete 10 LoadBalancer Services every 20 seconds.
                                                                                                                                                                                                          4. An injection exception occurs in the cluster. For example, the etcd pod is unavailable or the cluster is hibernated.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Possible Cause
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          There are residual listeners and backend server groups on the load balancer.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Manually clear residual listeners and backend server groups.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. Log in to the management console and choose Network > Elastic Load Balance from the service list.
                                                                                                                                                                                                          2. In the load balancer list, click the name of the target load balancer to go to the details page. On the Listeners tab page, locate the target listener and delete it.
                                                                                                                                                                                                          3. On the Backend Server Groups tab page, locate the target backend server group and delete it.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Parent topic: Reference
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: Cluster Running
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
diff --git a/docs/cce/umn/cce_faq_00040.html b/docs/cce/umn/cce_faq_00040.html
new file mode 100644
index 000000000..7c8b06539
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00040.html
@@ -0,0 +1,11 @@
+
+
+
                                                                                                                                                                                                          How Do I Retrieve Data After a Cluster Is Deleted?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          After a cluster is deleted, the workload on the cluster will also be deleted and cannot be restored. Therefore, exercise caution when deleting a cluster.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: Cluster Running
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_faq_00041.html b/docs/cce/umn/cce_faq_00041.html
new file mode 100644
index 000000000..ed41ebde6
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00041.html
@@ -0,0 +1,12 @@
+
+
+
                                                                                                                                                                                                          How Do I Download kubeconfig for Connecting to a Cluster Using kubectl?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. Log in to the CCE console. Click the target cluster to go to its details page.
                                                                                                                                                                                                          2. In the Connection Information area, view the kubectl connection mode.
                                                                                                                                                                                                          3. In the window that is displayed, download the kubectl configuration file (kubeconfig.json).
                                                                                                                                                                                                            Figure 1 Downloading kubeconfig.json
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: API & kubectl FAQs
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_faq_00089.html b/docs/cce/umn/cce_faq_00089.html
new file mode 100644
index 000000000..cd3a44581
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00089.html
@@ -0,0 +1,13 @@
+
+
+
                                                                                                                                                                                                          Can I Add a Node Without a Data Disk?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          No. A data disk is mandatory.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          A data disk dedicated for kubelet and the container engine will be attached to a new node.  By default, CCE uses Logical Volume Manager (LVM) to manage data disks. With LVM, you can adjust the disk space ratio for different resources on a data disk.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If the data disk is uninstalled or damaged, the container engine will malfunction and the node becomes unavailable.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: Storage
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_faq_00090.html b/docs/cce/umn/cce_faq_00090.html
new file mode 100644
index 000000000..25eb120cf
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00090.html
@@ -0,0 +1,13 @@
+
+
+
                                                                                                                                                                                                          Is Management Scale of a Cluster Related to the Number of Master Nodes?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Management scale indicates the maximum number of nodes that can be managed by a cluster. If you select 50 nodes, the cluster can manage a maximum of 50 nodes.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The number of master nodes varies according to the cluster specification, but is not affected by the management scale.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          After the multi-master node mode is enabled, three master nodes will be created. If a master node is faulty, the cluster can still be available without affecting service functions.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: Cluster Creation
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_faq_00093.html b/docs/cce/umn/cce_faq_00093.html
new file mode 100644
index 000000000..5a71fb5fd
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00093.html
@@ -0,0 +1,15 @@
+
+
+
                                                                                                                                                                                                          Image Repository FAQs
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
+
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: FAQs
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_faq_00095.html b/docs/cce/umn/cce_faq_00095.html
new file mode 100644
index 000000000..315caf9f8
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00095.html
@@ -0,0 +1,25 @@
+
+
+
                                                                                                                                                                                                          Container Configuration
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
+
diff --git a/docs/cce/umn/cce_faq_00096.html b/docs/cce/umn/cce_faq_00096.html
deleted file mode 100644
index 7676182b1..000000000
--- a/docs/cce/umn/cce_faq_00096.html
+++ /dev/null
@@ -1,170 +0,0 @@
-
-
-
                                                                                                                                                                                                          How Do I Change the Mode of the Docker Device Mapper?
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Currently, private CCE clusters use Device Mapper as the Docker storage driver.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Device Mapper is developed based on the kernel framework and supports many advanced volume management technologies on Linux.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Docker Device Mapper storage driver leverages the thin provisioning and snapshot capabilities of this framework to manage images and containers.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          For CCE clusters in v1.7.3-r6 or earlier versions, the Docker Device Mapper is set to the loop-lvm mode by default. By default, Docker generates data and metadata files in the /var/lib/docker/devicemapper/devicemapper directory. The two files are attached to loop devices and used as block devices. After multiple containers are attached to the files, the performance deteriorates dramatically.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          The loop-lvm mode enables you to use Docker out of the box, without additional configuration. This mode is not recommended in the production environment. The Docker Device Mapper also supports the direct-lvm mode. This mode enables you to use raw partitions (no file systems). In the medium-load and high-density environments, this mode provides better performance.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          To ensure system stability, you need to set the Docker Device Mapper to the direct-lvm mode.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          CCE allows you to change the mode of the Device Mapper on VM nodes running on EulerOS.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                           
                                                                                                                                                                                                          • Changing the Docker Device Mapper mode on a node requires a data disk. Therefore, in the change process, the system automatically creates a 100 GB SATA disk and binds it to the node.
                                                                                                                                                                                                          • When the Docker Device Mapper mode on a node is changed to direct-lvm, the container and image data on the node will be deleted. Therefore, you must back up the container and image data of the node to a private image repository or Docker Hub repository before changing the mode.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Procedure
                                                                                                                                                                                                          1. Check whether the Docker Device Mapper mode on a node is direct-lvm.
                                                                                                                                                                                                            Method 1:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            1. Log in to a node on which you want to view the Docker Device Mapper mode.
                                                                                                                                                                                                            2. Query the configuration information under Storage-driver.
                                                                                                                                                                                                              docker info
                                                                                                                                                                                                              • If the values of the Data file and Metadata file parameters under Storage-driver are /dev/loopx, the Docker Device Mapper mode of the current node is loop-lvm. Change the mode by following 2.
                                                                                                                                                                                                                Example:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
-
                                                                                                                                                                                                              • If the values of the Data file and Metadata file parameters under Storage-driver are left blank and the value of Pool Name is vgpaas-thinpool, the Docker Device Mapper mode of the current node is direct-lvm. You do not need to change the mode.
                                                                                                                                                                                                                Example:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
-
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Method 2:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            1. Log in to a node on which you want to view the Docker Device Mapper mode.
                                                                                                                                                                                                            2. Check whether the following information is displayed:
                                                                                                                                                                                                              cat /etc/docker/daemon.json
                                                                                                                                                                                                              "dm.thinpooldev=/dev/mapper/vgpaas-thinpool"
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              • If the command output contains the preceding information, the Docker Device Mapper mode of the current node is direct-lvm. You do not need to change the mode.
                                                                                                                                                                                                              • If the command output does not contain the preceding information or a message indicating that a file such as daemon.json is unavailable is displayed, the Docker Device Mapper mode of the current node is not direct-lvm. Change the mode by following 2.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          2. (Optional) If no elastic IP address is bound to the node for which the Docker Device Mapper mode needs to be changed, bind an elastic IP address.
                                                                                                                                                                                                          3. Log in to the node with an elastic IP address as the root user.
                                                                                                                                                                                                          4. Create a configuration file.
                                                                                                                                                                                                            touch config.yaml
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          5. Copy the following content to the configuration file:
                                                                                                                                                                                                            user:
-  domainName: 
-  username: 
-  password: 
-  projectName: 
-apiGatewayIp: 
-iamHostname: 
-ecsHostname: 
-evsHostname: 
-swrAddr: 
-defaultPassword: 
-defaultPrivateKey: 
-hosts:
-  - host: <node_ip_01>
-    user: root
-    password: 
-    privateKey:
-    serverId: 
-  - host: <node_ip_02>
-    user: root
-    password: 
-    privateKey: 
-    serverId:
                                                                                                                                                                                                            
-
-
                                                                                                                                                                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                                            Table 1 Parameter description
                                                                                                                                                                                                            Parameter
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Description
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            domainName
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Tenant name
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            username
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            User name
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            password
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            User password, which is enclosed in quotation marks ('' '')
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            projectName
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Name of the project to which the to-be-configured node belongs
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            apiGatewayIp
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            IP address of an API gateway
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            iamHostname
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Endpoint of the IAM service
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            ecsHostname
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Endpoint of the ECS service
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            evsHostname
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Endpoint of the EVS service
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            swrAddr
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Address of a software repository
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            defaultPassword
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            (Optional) Default login password of a node. The value must be enclosed in quotation marks ('' '').
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            defaultPrivateKey
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            (Optional) Absolute path to the default key file for logging in to a node. The value must be enclosed in quotation marks ('' '').
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            hosts
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Host array structure [1]. You can set multiple nodes for which you want to change the Device Mapper mode. The following parameters must be included: user, password/privateKey, and serverId. For details about the host array structure, see Table 2.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
-
-
                                                                                                                                                                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                                            Table 2 Parameter description about the host array structure
                                                                                                                                                                                                            Parameter
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Description
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            host
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            IP address of the node for which you want to change the Device Mapper mode. This node must be in the same subnet as the current logged-in node.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            user
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            User name. Set this parameter to root.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            password
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Password for the root user on the node for which you want to change the Device Mapper mode. The value must be enclosed in quotation marks ('' '').
                                                                                                                                                                                                            
-
                                                                                                                                                                                                             NOTE: 
                                                                                                                                                                                                            Set either password or privateKey.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            privateKey
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Absolute path to the key file of the root user on the node for which you want to change the Device Mapper mode. The value must be enclosed in quotation marks ('' '').
                                                                                                                                                                                                            
-
                                                                                                                                                                                                             NOTE: 
                                                                                                                                                                                                            Set either password or privateKey.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            serverId
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            ID of the ECS corresponding to the node for which you want to change the Device Mapper mode
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          6. Modify the configuration of the nodes in the cluster.
                                                                                                                                                                                                            It takes about 3 to 5 minutes to configure a node.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            curl -k https://<swr-address>:20202/swr/v2/domains/op_svc_servicestage/namespaces/op_svc_servicestage/repositories/default/packages/cluster-versions/versions/base/file_paths/cceadm -1 -O;chmod u+x cceadm; ./cceadm batch-config-docker --conf=./config.yaml
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Replace <swr-address> with the address of a software repository, which is the same as the value of swrAddr in Table 1.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Parent topic: Reference
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
diff --git a/docs/cce/umn/cce_faq_00098.html b/docs/cce/umn/cce_faq_00098.html
index ae71b8e2f..b15b6d47b 100644
--- a/docs/cce/umn/cce_faq_00098.html
+++ b/docs/cce/umn/cce_faq_00098.html
@@ -1,44 +1,262 @@
 
 
-
                                                                                                                                                                                                          Failed to Schedule an Instance
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Fault Locating
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          What Should I Do If Pod Scheduling Fails?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Fault Locating
                                                                                                                                                                                                          If the pod is in the Pending state and the event contains pod scheduling failure information, locate the cause based on the event information. For details about how to view events, see How Do I Use Events to Fix Abnormal Workloads?
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Viewing K8s Event Information
                                                                                                                                                                                                          If the workload is in the Unready state and reports the "InstanceSchedulingFailed" event, check the workload's K8S events to identify the cause.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          As shown in the following figure, the K8s event is "0/163 nodes are available: 133 Insufficient memory", indicating that the memory is insufficient.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Complex scheduling failure information:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • no nodes available to schedule pods: No node resource is available for scheduling workload pods.
                                                                                                                                                                                                          • 0/163 nodes are available: 133 Insufficient memory: The node is available but the memory is insufficient.
                                                                                                                                                                                                          • 163 Insufficient cpu: The CPU is insufficient.
                                                                                                                                                                                                          • 49 Insufficient nvidia.com/gpu: The nvidia.com/gpu resources are insufficient.
                                                                                                                                                                                                          • 49 InsufficientResourceOnSingleGPU: GPU resources are insufficient.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Information interpretation:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • 0/163 nodes are available: There are 163 nodes in the cluster, and no node meets the scheduling rules.
                                                                                                                                                                                                          • 133 Insufficient memory: The memory of 133 nodes is insufficient.
                                                                                                                                                                                                          • 163 Insufficient cpu: The CPUs of 163 nodes are insufficient.
                                                                                                                                                                                                          • 49 Insufficient nvidia.com/gpu: The GPUs of 49 nodes are insufficient.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          The following is the fault locating procedure:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Troubleshooting Process
                                                                                                                                                                                                          Determine the cause based on the event information, as listed in Table 1.
                                                                                                                                                                                                          
+
+
                                                                                                                                                                                                          
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                          Table 1 Pod scheduling failure
                                                                                                                                                                                                          Event Information
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Cause and Solution
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          no nodes available to schedule pods.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          No node is available in the cluster.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 1: Whether a Node Is Available in the Cluster
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          0/2 nodes are available: 2 Insufficient cpu.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          0/2 nodes are available: 2 Insufficient memory.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Node resources (CPU and memory) are insufficient.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 2: Whether Node Resources (CPU and Memory) Are Sufficient
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          0/2 nodes are available: 1 node(s) didn't match node selector, 1 node(s) didn't match pod affinity rules, 1 node(s) didn't match pod affinity/anti-affinity.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The node and pod affinity configurations are mutually exclusive. No node meets the pod requirements.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 3: Affinity and Anti-Affinity Configuration of the Workload
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          0/2 nodes are available: 2 node(s) had volume node affinity conflict.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The EVS volume mounted to the pod and the node are not in the same AZ.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 4: Whether the Workload's Volume and Node Reside in the Same AZ
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          0/1 nodes are available: 1 node(s) had taints that the pod didn't tolerate.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Taints exist on the node, but the pod cannot tolerate these taints.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 5: Taint Toleration of Pods
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          0/7 nodes are available: 7 Insufficient ephemeral-storage.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The ephemeral storage space of the node is insufficient.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 6: Ephemeral Volume Usage
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          0/1 nodes are available: 1 everest driver not found at node
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The everest-csi-driver on the node is not in the running state.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 7: Whether everest Works Properly
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Failed to create pod sandbox: ...
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Create more free space in thin pool or use dm.min_free_space option to change behavior
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The node thin pool space is insufficient.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 8: Thin Pool Space
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          0/1 nodes are available: 1 Too many pods.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The number of pods scheduled to the node exceeded the maximum number allowed by the node.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 9: Number of Pods Scheduled onto the Node
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Check Item 1: Checking Whether a Node Is Available in the Cluster
                                                                                                                                                                                                          Log in to the CCE console. In the navigation pane, choose Resource Management > Nodes to check whether the node where the workload runs is in the available state.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          For example, the event "0/1 nodes are available: 1 node(s) were not ready, 1 node(s) were out of disk space" indicates that the pod fails to be scheduled due to no available node.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • Add a node and migrate the pods to the new available node to ensure that services are running properly. Then, rectify the fault on the unavailable node. For details about the troubleshooting process, see the methods in the node FAQs.
                                                                                                                                                                                                          • Create a new node or repair the faulty one.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Check Item 2: Checking Whether Node Resources (CPU and Memory) Are Sufficient
                                                                                                                                                                                                          If the requested workload resources exceed the available resources of the node where the workload runs, the node cannot provide the resources required to run new pods and pod scheduling onto the node will definitely fail.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          1. On the CCE console, choose Workloads > Deployments or StatefulSets in the navigation pane, click the workload name, and click Pods and then Events tabs to view pod events.
                                                                                                                                                                                                            The event "0/1 nodes are available: 1 Insufficient cpu" indicates that the pod fails to be scheduled due to insufficient node resources.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          2. In the navigation pane, choose Resource Management > Nodes to view available CPUs and memory of the node where the workload runs.
                                                                                                                                                                                                            In this example, 0.88 vCPUs and 0.8 GiB memory are available for the node.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          3. In the navigation pane, choose Workloads and click the workload name to view the workload's CPU request and memory request.
                                                                                                                                                                                                            In this example, the CPU request is 2 vCPUs and the memory request is 0.5 GiB. The CPU request exceeds the available CPU resources, which causes pod scheduling to fail.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 1: Whether a Node Is Available in the Cluster
                                                                                                                                                                                                          Log in to the CCE console and check whether the node status is Available. Alternatively, run the following command to check whether the node status is Ready:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          $ kubectl get node
+NAME           STATUS   ROLES    AGE   VERSION
+192.168.0.37   Ready    <none>   21d   v1.19.10-r1.0.0-source-121-gb9675686c54267
+192.168.0.71   Ready    <none>   21d   v1.19.10-r1.0.0-source-121-gb9675686c54267
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If the status of all nodes is Not Ready, no node is available in the cluster.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          
+
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 2: Whether Node Resources (CPU and Memory) Are Sufficient
                                                                                                                                                                                                          0/2 nodes are available: 2 Insufficient cpu. This means insufficient CPUs.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          0/2 nodes are available: 2 Insufficient memory. This means insufficient memory.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If the resources requested by the pod exceed the allocatable resources of the node where the pod runs, the node cannot provide the resources required to run new pods and pod scheduling onto the node will definitely fail.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If the number of resources that can be allocated to a node is less than the number of resources that a pod requests, the node does not meet the resource requirements of the pod. As a result, the scheduling fails.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          On the ECS console, modify node specifications to expand node resources.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Add nodes to the cluster. Scale-out is the common solution to insufficient resources.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Check Item 3: Checking the Affinity and Anti-Affinity Configuration of the Workload
                                                                                                                                                                                                          Inappropriate affinity policies will cause pod scheduling to fail.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          0/1 nodes are available: 1 node(s) didn't match pod affinity/anti-affintity, 1 node(s) didn't match pod anti-affinity rules.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 3: Affinity and Anti-Affinity Configuration of the Workload
                                                                                                                                                                                                          Inappropriate affinity policies will cause pod scheduling to fail.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Example:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          An anti-affinity relationship is established between workload 1 and workload 2. Workload 1 is deployed on node 1 while workload 2 is deployed on node 2.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          When you try to deploy workload 3 on node 1 and establish an affinity relationship with workload 2, a conflict occurs, resulting in a workload deployment failure.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          0/2 nodes are available: 1 node(s) didn't match node selector, 1 node(s) didn't match pod affinity rules, 1 node(s) didn't match pod affinity/anti-affinity.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • node selector indicates that the node affinity is not met.
                                                                                                                                                                                                          • pod affinity rules indicate that the pod affinity is not met.
                                                                                                                                                                                                          • pod affinity/anti-affinity indicates that the pod affinity/anti-affinity is not met.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • When adding workload-workload affinity and workload-node affinity policies, ensure that the two types of policies do not conflict each other. Otherwise, workload deployment will fail. For example, workload deployment will fail if the following conditions are met:
                                                                                                                                                                                                            Assumptions: An anti-affinity relationship is established between workload 1 and workload 2. Workload 1 is deployed on node 1 while workload 2 is deployed on node 2.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            When you try to deploy workload 3 on node 3 and establish an affinity relationship with workload 2, a conflict occurs, resulting in a workload deployment failure.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          • If the workload has a node affinity policy, make sure that supportContainer in the label of the affinity node is set to true. Otherwise, pods cannot be scheduled onto the affinity node and the following event is generated:
                                                                                                                                                                                                            No nodes are available that match all of the following predicates: MatchNode Selector, NodeNotSupportsContainer
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            If supportContainer is set to false, the scheduling fails. The following figure shows the error information.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            0/1 nodes are available: 1
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            • When adding workload-workload affinity and workload-node affinity policies, ensure that the two types of policies do not conflict each other. Otherwise, workload deployment will fail.
                                                                                                                                                                                                            • If the workload has a node affinity policy, make sure that supportContainer in the label of the affinity node is set to true. Otherwise, pods cannot be scheduled onto the affinity node and the following event is generated:
                                                                                                                                                                                                              No nodes are available that match all of the following predicates: MatchNode Selector, NodeNotSupportsContainer
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              If the value is false, the scheduling fails.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Check Item 4: Checking Whether the Workload's Volume and Node Reside in the Same AZ
                                                                                                                                                                                                          Pod scheduling fails if the workload's volume and node reside in different AZs.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          0/1 nodes are available: 1 NoVolumeZoneConflict.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 4: Whether the Workload's Volume and Node Reside in the Same AZ
                                                                                                                                                                                                          0/2 nodes are available: 2 node(s) had volume node affinity conflict. An affinity conflict occurs between volumes and nodes. As a result, the scheduling fails.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          This is because EVS disks cannot be attached to nodes across AZs. For example, if the EVS volume is located in AZ 1 and the node is located in AZ 2, scheduling fails.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The EVS volume created on CCE has affinity settings by default, as shown below.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: pvc-c29bfac7-efa3-40e6-b8d6-229d8a5372ac
+spec:
+  ...
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: failure-domain.beta.kubernetes.io/zone
+              operator: In
+              values:
+                - 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          In the AZ where the workload's node resides, create a new volume. Alternatively, create an identical workload and select an automatically assigned cloud storage volume.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          In the AZ where the workload's node resides, create a volume. Alternatively, create an identical workload and select an automatically assigned cloud storage volume.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 5: Taint Toleration of Pods
                                                                                                                                                                                                          0/1 nodes are available: 1 node(s) had taints that the pod didn't tolerate. This means the node is tainted and the pod cannot be scheduled to the node.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check the taints on the node. If the following information is displayed, taints exist on the node:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          $ kubectl describe node 192.168.0.37
+Name:               192.168.0.37
+...
+Taints:             key1=value1:NoSchedule
+...
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          In some cases, the system automatically adds a taint to a node. The current built-in taints include:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • node.kubernetes.io/not-ready: The node is not ready.
                                                                                                                                                                                                          • node.kubernetes.io/unreachable: The node controller cannot access the node.
                                                                                                                                                                                                          • node.kubernetes.io/memory-pressure: The node has memory pressure.
                                                                                                                                                                                                          • node.kubernetes.io/disk-pressure: The node has disk pressure. Follow the instructions described in Check Item 4: Whether the Node Disk Space Is Insufficient to handle it.
                                                                                                                                                                                                          • node.kubernetes.io/pid-pressure: The node is under PID pressure. 
                                                                                                                                                                                                          • node.kubernetes.io/network-unavailable: The node network is unavailable.
                                                                                                                                                                                                          • node.kubernetes.io/unschedulable: The node cannot be scheduled.
                                                                                                                                                                                                          • node.cloudprovider.kubernetes.io/uninitialized: If an external cloud platform driver is specified when kubelet is started, kubelet adds a taint to the current node and marks it as unavailable. After cloud-controller-manager initializes the node, kubelet deletes the taint.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          To schedule the pod to the node, use either of the following methods:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • If the taint is added by a user, you can delete the taint on the node. If the taint is automatically added by the system, the taint will be automatically deleted after the fault is rectified.
                                                                                                                                                                                                          • Specify a toleration for the pod containing the taint. For details, see Taints and Tolerations.
                                                                                                                                                                                                            apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  containers:
+  - name: nginx
+    image: nginx:alpine
+  tolerations:
+  - key: "key1"
+    operator: "Equal"
+    value: "value1"
+    effect: "NoSchedule" 
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 6: Ephemeral Volume Usage
                                                                                                                                                                                                          0/7 nodes are available: 7 Insufficient ephemeral-storage. This means insufficient ephemeral storage of the node.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check whether the size of the ephemeral volume in the pod is limited. If the size of the ephemeral volume required by the application exceeds the existing capacity of the node, the application cannot be scheduled. To solve this problem, change the size of the ephemeral volume or expand the disk capacity of the node.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          apiVersion: v1
+kind: Pod
+metadata:
+  name: frontend
+spec:
+  containers:
+  - name: app
+    image: images.my-company.example/app:v4
+    resources:
+      requests:
+        ephemeral-storage: "2Gi"
+      limits:
+        ephemeral-storage: "4Gi"
+    volumeMounts:
+    - name: ephemeral
+      mountPath: "/tmp"
+  volumes:
+    - name: ephemeral
+      emptyDir: {}
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          To obtain the total capacity (Capacity) and available capacity (Allocatable) of the temporary volume mounted to the node, run the kubectl describe node command, and view the application value and limit value of the temporary volume mounted to the node.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The following is an example of the output:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          ...
+Capacity:
+  cpu:                4
+  ephemeral-storage:  61607776Ki
+  hugepages-1Gi:      0
+  hugepages-2Mi:      0
+  localssd:           0
+  localvolume:        0
+  memory:             7614352Ki
+  pods:               40
+Allocatable:
+  cpu:                3920m
+  ephemeral-storage:  56777726268
+  hugepages-1Gi:      0
+  hugepages-2Mi:      0
+  localssd:           0
+  localvolume:        0
+  memory:             6180752Ki
+  pods:               40
+...
+Allocated resources:
+  (Total limits may be over 100 percent, i.e., overcommitted.)
+  Resource           Requests      Limits
+  --------           --------      ------
+  cpu                1605m (40%)   6530m (166%)
+  memory             2625Mi (43%)  5612Mi (92%)
+  ephemeral-storage  0 (0%)        0 (0%)
+  hugepages-1Gi      0 (0%)        0 (0%)
+  hugepages-2Mi      0 (0%)        0 (0%)
+  localssd           0             0
+  localvolume        0             0
+Events:              <none>
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 7: Whether everest Works Properly
                                                                                                                                                                                                          0/1 nodes are available: 1 everest driver not found at node. This means the everest-csi-driver of everest is not started properly on the node.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check the daemon named everest-csi-driver in the kube-system namespace and check whether the pod is started properly. If not, delete the pod. The daemon will restart the pod.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 8: Thin Pool Space
                                                                                                                                                                                                          A data disk dedicated for kubelet and the container engine will be attached to a new node.  If the data disk space is insufficient, the pod cannot be created.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Solution 1: Clearing images
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Perform the following operations to clear unused images:
                                                                                                                                                                                                          • Nodes that use containerd
                                                                                                                                                                                                            1. Obtain local images on the node.
                                                                                                                                                                                                              crictl images -v
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            2. Delete the images that are not required by image ID.
                                                                                                                                                                                                              crictl rmi Image ID
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          • Nodes that use Docker
                                                                                                                                                                                                            1. Obtain local images on the node.
                                                                                                                                                                                                              docker images
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            2. Delete the images that are not required by image ID.
                                                                                                                                                                                                              docker rmi Image ID
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                           
                                                                                                                                                                                                          Do not delete system images such as the cce-pause image. Otherwise, pods may fail to be created.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Solution 2: Expanding the disk capacity
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          To expand a disk capacity, perform the following steps:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                                                                          2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                                          3. Log in to the target node.
                                                                                                                                                                                                          4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                                            A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            • Overlayfs: No independent thin pool is allocated. Image data is stored in the dockersys disk.
                                                                                                                                                                                                              # lsblk
+NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/docker               # Space used by the container engine
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              pvresize /dev/sdb 
+lvextend -l+100%FREE -n vgpaas/dockersys
+resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            • Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                              # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda                                   8:0    0   50G  0 disk 
+└─sda1                                8:1    0   50G  0 part /
+sdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm                   # Thin pool space.
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              • Run the following commands on the node to add the new disk capacity to the thinpool disk:
                                                                                                                                                                                                                pvresize /dev/sdb 
+lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                                                                
+
                                                                                                                                                                                                              • Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                                                pvresize /dev/sdb 
+lvextend -l+100%FREE -n vgpaas/dockersys
+resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                                
+
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Check Item 9: Number of Pods Scheduled onto the Node
                                                                                                                                                                                                          0/1 nodes are available: 1 Too many pods. indicates excessive number of pods have been scheduled to the node.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          When creating a node, configure Max. Pods in Advanced Settings to specify the maximum number of pods that can run properly on the node. The default value varies with the node flavor. You can change the value as needed.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          On the Nodes page, obtain the Pods (Allocated/Total) value of the node, and check whether the number of pods scheduled onto the node has reached the upper limit. If so, add nodes or change the maximum number of pods.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          To change the maximum number of pods that can run on a node, do as follows:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • For nodes in the default node pool: Change the Max. Pods value when resetting the node.
                                                                                                                                                                                                          • For nodes in a customized node pool: Change the value of the node pool parameter max-pods. 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_faq_00099.html b/docs/cce/umn/cce_faq_00099.html
deleted file mode 100644
index faf98afb5..000000000
--- a/docs/cce/umn/cce_faq_00099.html
+++ /dev/null
@@ -1,261 +0,0 @@
-
-
-
                                                                                                                                                                                                          How Do I Use kubectl to Set the Workload Access Type to LoadBalancer (ELB)?
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          This section uses the Nginx workload as an example to describe how to set the workload access type to LoadBalancer (ELB).
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Prerequisites
                                                                                                                                                                                                          • An ELB has been created.
                                                                                                                                                                                                          • You have connected an Elastic Cloud Server (ECS) to the cluster by running the kubectl command.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Procedure
                                                                                                                                                                                                          1. Log in to the ECS on which the kubectl has been configured.
                                                                                                                                                                                                          2. Create and edit the nginx-deployment.yaml and nginx-elb-svc.yaml files.
                                                                                                                                                                                                            The file names are user-defined. nginx-deployment.yaml and nginx-elb-svc.yaml are merely example file names.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            vi nginx-deployment.yaml
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: nginx
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: nginx
-  strategy:
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        app: nginx
-    spec:
-      containers:
-      - image: nginx 
-        imagePullPolicy: Always
-        name: nginx
-      imagePullSecrets:
-      - name: default-secret
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            vi nginx-elb-svc.yaml
                                                                                                                                                                                                            
-
                                                                                                                                                                                                             
                                                                                                                                                                                                            Before enabling session stickness, ensure that the following conditions are met:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            • The workload protocol is TCP.
                                                                                                                                                                                                            • Anti-affinity has been configured between pods of the workload. That is, all pods of the workload are deployed on different nodes.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            • Automatically creating load balancer
                                                                                                                                                                                                              apiVersion: v1 
-kind: Service 
-metadata: 
-  annotations:   
-    kubernetes.io/elb.class: union
-    kubernetes.io/session-affinity-mode: SOURCE_IP
-    kubernetes.io/elb.subnet-id: 5083f225-9bf8-48fa-9c8b-67bd9693c4c0
-    kubernetes.io/elb.enterpriseID: debb7ae2-6d2f-4e6c-a0aa-1ccafd92b8eb
-    kubernetes.io/elb.autocreate: '{"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"traffic","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}'
-  labels: 
-    app: nginx 
-  name: nginx 
-spec: 
-  externalTrafficPolicy: Local
-  ports: 
-  - name: service0 
-    port: 80
-    protocol: TCP 
-    targetPort: 80
-  selector: 
-    app: nginx 
-  type: LoadBalancer
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            • Using existing load balancer
                                                                                                                                                                                                              apiVersion: v1 
-kind: Service 
-metadata: 
-  annotations:   
-    kubernetes.io/elb.class: union
-    kubernetes.io/session-affinity-mode: SOURCE_IP
-    kubernetes.io/elb.id: 3c7caa5a-a641-4bff-801a-feace27424b6
-    kubernetes.io/elb.subnet-id: 5083f225-9bf8-48fa-9c8b-67bd9693c4c0
-  labels: 
-    app: nginx 
-  name: nginx 
-spec: 
-  loadBalancerIP: 10.78.42.242
-  externalTrafficPolicy: Local
-  ports: 
-  - name: service0 
-    port: 80
-    protocol: TCP 
-    targetPort: 80
-  selector: 
-    app: nginx 
-  type: LoadBalancer
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            
-
-
                                                                                                                                                                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                                            Table 1 Key parameters
                                                                                                                                                                                                            Parameter
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Type
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Description
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            kubernetes.io/elb.class
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            String
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Mandatory and must be set to union if an enhanced load balancer is in use.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            kubernetes.io/session-affinity-mode
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            String
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Optional. If session stickness is enabled, add this parameter.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            The value SOURCE_IP indicates that listeners ensure session stickiness based on source IP addresses.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            kubernetes.io/elb.id
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            String
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Optional. This parameter is mandatory if an existing load balancer is used.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            It indicates the ID of an enhanced load balancer.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            kubernetes.io/elb.subnet-id
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            String
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Optional. This parameter is mandatory only if a load balancer will be automatically created. For clusters of v1.11.7-r0 or later, this parameter can be left unspecified.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            kubernetes.io/elb.enterpriseID
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            String
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Optional. This parameter is mandatory if a public/private network load balancer will be automatically created.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            This parameter indicates the name of the ELB enterprise project in which the ELB will be created.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            kubernetes.io/elb.autocreate
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            elb.autocreate object
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Optional. This parameter is mandatory if a public network load balancer will be automatically created. The system will create an enhanced load balancer and an EIP. This parameter is also mandatory if a private network load balancer will be automatically created. The system will create an enhanced load balancer.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Example:
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            • Automatically created public network load balancer:
                                                                                                                                                                                                              {"type":"public","bandwidth_name":"cce-bandwidth-1551163379627","bandwidth_chargemode":"traffic","bandwidth_size":5,"bandwidth_sharetype":"PER","eip_type":"5_bgp","name":"james"}
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            • Automatically created private network load balancer:
                                                                                                                                                                                                              {"type":"inner", "name": "A-location-d-test"}
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            loadBalancerIP
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            String
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Private IP address of a private network load balancer or public IP address of a public network load balancer.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            externalTrafficPolicy
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            String
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Optional. If session stickness is enabled, add this parameter so requests are transferred to a fixed node. If a LoadBalancer service with this parameter set to Local is created for a workload, the workload can be accessed only when the client is installed on the same node as the server.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            port
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Integer
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Access port that is registered on the load balancer and mapped to the cluster-internal IP address.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            targetPort
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            String
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Container port on the CCE console.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
-
-
                                                                                                                                                                                                            
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
                                                                                                                                                                                                            Table 2 elb.autocreate parameters
                                                                                                                                                                                                            Parameter
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Type
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Description
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            name
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            String
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Name of the load balancer that is automatically created.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            The value is a string of 1 to 64 characters that consist of letters, digits, underscores (_), and hyphens (-).
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            type
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            String
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Network type of the load balancer.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            • public: public network load balancer.
                                                                                                                                                                                                            • inner: private network load balancer.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            bandwidth_name
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            String
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Bandwidth name. The default value is cce-bandwidth-******.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            The value is a string of 1 to 64 characters that consist of letters, digits, underscores (_), hyphens (-), and periods (.).
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            bandwidth_chargemode
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            String
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Bandwidth billing mode.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            The value is traffic, indicating that the billing is based on traffic.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            bandwidth_size
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Integer
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Bandwidth size. Set this parameter based on the bandwidth range supported by the region.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            bandwidth_sharetype
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            String
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Bandwidth sharing mode.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            • PER: dedicated bandwidth.
                                                                                                                                                                                                            • WHOLE: shared bandwidth.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            eip_type
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            String
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            EIP type.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          3. Create a workload.
                                                                                                                                                                                                            kubectl create -f nginx-deployment.yaml
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            If information similar to the following is displayed, the workload is being created.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            deployment "nginx" created
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            kubectl get po
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            If information similar to the following is displayed, the workload is running.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            NAME                     READY     STATUS             RESTARTS   AGE
-etcd-0                   0/1       ImagePullBackOff   0          1h
-icagent-m9dkt            0/0       Running            0          3d
-nginx-2601814895-c1xhw   1/1       Running            0          6s
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          4. Create a service.
                                                                                                                                                                                                            kubectl create -f nginx-elb-svc.yaml
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            If information similar to the following is displayed, the service has been created.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            service "nginx" created
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            kubectl get svc
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            If information similar to the following is displayed, the service access type has been set successfully, and the workload is accessible.
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
-etcd-svc     ClusterIP      None             <none>        3120/TCP       1h
-kubernetes   ClusterIP      10.247.0.1       <none>        443/TCP        3d
-nginx        LoadBalancer   10.247.130.196   10.78.42.242   80:31540/TCP   51s
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          5. Enter the URL in the address box of the browser, for example, 10.78.42.242:31540. 10.78.42.242 indicates the IP address of the load balancer, and 31540 indicates the access port displayed on the CCE console.
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Parent topic: Reference
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          
-
diff --git a/docs/cce/umn/cce_faq_00106.html b/docs/cce/umn/cce_faq_00106.html
new file mode 100644
index 000000000..cad0145d9
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00106.html
@@ -0,0 +1,18 @@
+
+
+
                                                                                                                                                                                                          What Should I Do If Error Message "Auth is empty" Is Displayed When a Private Image Is Pulled?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Problem Description
                                                                                                                                                                                                          When you replace the image of a container in a created workload and use an uploaded image on the CCE console, an error message "Auth is empty, only accept X-Auth-Token or Authorization" is displayed when the uploaded image is pulled.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Failed to pull image "IP address:Port number /magicdoom/tidb-operator:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://IP address:Port number /v2/magicdoom/tidb-operator/manifests/latest: error parsing HTTP 400 response body: json: cannot unmarshal number into Go struct field Error.code of type errcode.ErrorCode: "{\"errors\":[{\"code\":400,\"message\":\"Auth is empty, only accept X-Auth-Token or Authorization.\"}]}"
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          You can select a private image to create an application on the CCE console. In this case, CCE automatically carries the secret. This problem will not occur during the upgrade.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          When you create a workload using an API, you can include the secret in Deployments to avoid this problem during the upgrade.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          imagePullSecrets:
+- name: default-secret
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: Others
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_faq_00107.html b/docs/cce/umn/cce_faq_00107.html
new file mode 100644
index 000000000..b38f30fbf
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00107.html
@@ -0,0 +1,24 @@
+
+
+
                                                                                                                                                                                                          Why Does a Container in a CCE Cluster Fail to Perform DNS Resolution?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Symptom
                                                                                                                                                                                                          A customer bound its domain name to the private domain names in the DNS service and also to a specific VPC. It is found that the ECSs in the VPC can properly resolve the private domain name but the containers in the VPC cannot.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Application Scenario
                                                                                                                                                                                                          Containers in a VPC cannot resolve domain names.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Solution
                                                                                                                                                                                                          According to the resolution rules of private domain names, the subnet DNS in the VPC must be set to the cloud DNS. You can find the details of the private network DNS service on its console.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The customer can perform domain name resolution on the ECSs in the VPC subnet, which indicates that the preceding configuration has been completed in the subnet.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          However, when the domain name resolution is performed in a container, the message "bad address" is displayed, indicating that the domain name cannot be resolved.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Log in to the CCE console and check the add-ons installed in the cluster.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If you find that the coredns add-on does not exist in Add-ons Installed, the coredns add-on may have been incorrectly uninstalled.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Install it and add the corresponding domain name and DNS service address to resolve the domain name.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: DNS FAQs
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_faq_00109.html b/docs/cce/umn/cce_faq_00109.html
new file mode 100644
index 000000000..5cdf966c9
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00109.html
@@ -0,0 +1,31 @@
+
+
+
                                                                                                                                                                                                          What Should I Do If an Error Occurs When Deploying a Service on the GPU Node?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Symptom
                                                                                                                                                                                                          The following exceptions occur when services are deployed on the GPU nodes in a CCE cluster:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. The GPU memory of containers cannot be queried.
                                                                                                                                                                                                          2. Seven GPU services are deployed, but only two of them can be accessed properly. Errors are reported during the startup of the remaining five services.
                                                                                                                                                                                                            • The CUDA versions of the two services that can be accessed properly are 10.1 and 10.0, respectively.
                                                                                                                                                                                                            • The CUDA versions of the failing services are also 10.0 and 10.1.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          3. Files named core.* are found in the GPU service containers. No such files existed in any of the previous deployments.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Fault Locating
                                                                                                                                                                                                          1. The driver version of the gpu add-on is too old. After a new driver is downloaded and installed, the fault is rectified.
                                                                                                                                                                                                          2. The workloads do not declare that GPU resources are required.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Suggested Solution
                                                                                                                                                                                                          After you install gpu-beta (gpu-device-plugin) on a node, nvidia-smi will be automatically installed. If an error is reported during GPU deployment, this issue is typically caused by an NVIDIA driver installation failure. Check whether the NVIDIA driver has been downloaded.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • GPU node:
                                                                                                                                                                                                            # If the add-on version is earlier than 2.0.0, run the following command:
+cd /opt/cloud/cce/nvidia/bin && ./nvidia-smi
+
+# If the add-on version is 2.0.0 or later and the driver installation path is changed, run the following command:
+cd /usr/local/nvidia/bin && ./nvidia-smi
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          • Container:
                                                                                                                                                                                                            cd /usr/local/nvidia/bin && ./nvidia-smi
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If GPU information is returned, the device is available and the add-on has been installed.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If the driver address is incorrect, uninstall the add-on, reinstall it, and configure the correct address.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                           
                                                                                                                                                                                                          You are advised to store the NVIDIA driver in the OBS bucket and set the bucket policy to public read.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Helpful Links
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: Workload Abnormalities
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_faq_00111.html b/docs/cce/umn/cce_faq_00111.html
new file mode 100644
index 000000000..935df823b
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00111.html
@@ -0,0 +1,18 @@
+
+
+
                                                                                                                                                                                                          Why Can't I Create a CCE Cluster?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Overview
                                                                                                                                                                                                          This section describes how to locate and rectify the fault if you fail to create a CCE cluster.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Details
                                                                                                                                                                                                          Possible causes:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. The Network Time Protocol daemon (ntpd) is not installed or fails to be installed, Kubernetes components fail to pass the pre-verification, or the disk partition is incorrect. The current solution is to create a cluster again. For details about how to locate the fault, see Locating the Failure Cause.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Locating the Failure Cause
                                                                                                                                                                                                          View the cluster logs to identify the cause and rectify the fault.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          1. Log in to the CCE console. In the navigation pane, click Operation Records above the cluster list to view operation records.
                                                                                                                                                                                                          2. Click the record of the Failed status to view error information.
                                                                                                                                                                                                          3. Rectify the fault based on the error information and create a cluster again.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: Cluster Creation
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_faq_00120.html b/docs/cce/umn/cce_faq_00120.html
index d5b1033f6..456c24301 100644
--- a/docs/cce/umn/cce_faq_00120.html
+++ b/docs/cce/umn/cce_faq_00120.html
@@ -1,62 +1,74 @@
 
 
-
                                                                                                                                                                                                          What Can I Do If My Cluster Status Is Available but the Node Status Is Unavailable?
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          If the cluster status is available but some nodes in the cluster are unavailable, perform the following operations to rectify the fault:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Fault Locating
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          What Should I Do If a Cluster Is Available But Some Nodes Are Unavailable?
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          If the cluster status is available but some nodes in the cluster are unavailable, perform the following operations to rectify the fault:
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Mechanism for Detecting Node Unavailability
                                                                                                                                                                                                          Kubernetes provides the heartbeat mechanism to help you determine node availability. For details about the mechanism and interval, see Heartbeats.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          Check Item 1: Whether the Node Is Overloaded
                                                                                                                                                                                                          Fault locating:
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          1. Log in to the CCE console. In the navigation pane, choose Resource Management > Nodes.
                                                                                                                                                                                                          2. Click the name of an unavailable node to go to the node details page.
                                                                                                                                                                                                          3. On the Monitoring tab page, click View Monitoring Details to go to the AOM console and view historical monitoring records.
                                                                                                                                                                                                            A too high CPU or memory usage of the node will result in an excessive network latency or trigger system OOM (see What Should I Do If the OOM Killer Is Triggered When a Container Uses Memory Resources More Than Limited?). Therefore, the node is displayed as unavailable.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Troubleshooting Process
                                                                                                                                                                                                            Troubleshooting methods are sorted based on the occurrence probability of the possible causes. You are advised to check the possible causes from high probability to low probability to quickly locate the cause of the problem.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            If the fault persists after a possible cause is rectified, check other possible causes.
                                                                                                                                                                                                            
+
+
                                                                                                                                                                                                            Figure 1 Troubleshooting process for an unavailable node
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Check Item 1: Whether the Node Is Overloaded
                                                                                                                                                                                                            Symptom
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            The node connection in the cluster is abnormal. Multiple nodes report write errors, but services are not affected.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Fault Locating
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            1. Log in to the CCE console, and click the cluster name to access the cluster console. In the navigation pane, choose Nodes. Click Monitor in the row of the unavailable node.
                                                                                                                                                                                                            2. On the top of the displayed page, click View More to go to the AOM console and view historical monitoring records.
                                                                                                                                                                                                              A too high CPU or memory usage of the node will result in a high network latency or trigger system OOM. Therefore, the node is displayed as unavailable.
                                                                                                                                                                                                              
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Solution
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            1. You are advised to migrate services to reduce the workloads on the node and set the resource upper limit for the workloads.
                                                                                                                                                                                                            2. You can also restart the node on the ECS console.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            1. You are advised to migrate services to reduce the workloads on the node and set the resource upper limit for the workloads.
                                                                                                                                                                                                            2. Clear data on the CCE nodes in the cluster.
                                                                                                                                                                                                            3. Limit the CPU and memory quotas of each container.
                                                                                                                                                                                                            4. Add more nodes to the cluster.
                                                                                                                                                                                                            5. You can also restart the node on the ECS console.
                                                                                                                                                                                                            6. Add nodes to deploy memory-intensive containers separately.
                                                                                                                                                                                                            7. Reset the node.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            After the node becomes available, the workload is restored.
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
-
                                                                                                                                                                                                            Check Item 2: Whether the ECS Is Deleted or Faulty
                                                                                                                                                                                                            1. Check whether the cluster is available.
                                                                                                                                                                                                              Log in to the CCE console, choose Resource Management > Clusters in the navigation pane. On the page displayed, check whether the cluster is available.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              • If the cluster is unavailable, contact technical support to rectify the fault.
                                                                                                                                                                                                              • If the cluster is available but some nodes in the cluster are unavailable, go to 2.
                                                                                                                                                                                                              
-
                                                                                                                                                                                                            2. Log in to the ECS console. In the navigation pane, choose Elastic Cloud Server to view the ECS status.
                                                                                                                                                                                                              • If the ECS status is Deleted, go back to the CCE console, choose Resource Management > Nodes in the navigation pane, delete the corresponding node, and then create another one.
                                                                                                                                                                                                              • If the ECS status is Stopped or Frozen, restore the ECS first. It takes about 3 minutes to restore the ECS.
                                                                                                                                                                                                              • If the ECS status is Faulty, restart the ECS. If the ECS is still faulty, contact technical support to rectify the fault.
                                                                                                                                                                                                              • If the ECS status is Running, log in to the ECS to locate the fault according to Check Item 6: Whether Internal Components Are Normal.
                                                                                                                                                                                                              
+
                                                                                                                                                                                                              Check Item 2: Whether the ECS Is Deleted or Faulty
                                                                                                                                                                                                              1. Check whether the cluster is available.
                                                                                                                                                                                                                Log in to the CCE console and check whether the cluster is available.
                                                                                                                                                                                                                
+
+
                                                                                                                                                                                                              2. Log in to the ECS console and view the ECS status.
                                                                                                                                                                                                                • If the ECS status is Deleted, go back to the CCE console, delete the corresponding node from the node list of the cluster, and then create another one.
                                                                                                                                                                                                                • If the ECS status is Stopped or Frozen, restore the ECS first. It takes about 3 minutes to restore the ECS.
                                                                                                                                                                                                                • If the ECS is Faulty, restart the ECS to rectify the fault.
                                                                                                                                                                                                                • If the ECS status is Running, log in to the ECS to locate the fault according to Check Item 7: Whether Internal Components Are Normal.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                              
 
                                                                                                                                                                                                              
-
                                                                                                                                                                                                              Check Item 3: Whether You Can Log In to the ECS
                                                                                                                                                                                                              1. Log in to the management console. Choose Service List > Computing > Elastic Cloud Server.
                                                                                                                                                                                                              2. In the ECS list, locate the newly created node (generally named in the format of cluster name-random number) in the cluster and click Remote Login in the Operation column.
                                                                                                                                                                                                              3. Check whether the node name displayed on the page is the same as that on the VM and whether the password or key can be used to log in to the node.
                                                                                                                                                                                                                Figure 1 Check the node name on the VM and whether the node can be logged in to
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                If the node names are inconsistent and the password and key cannot be used to log in to the node, Cloud-Init problems occurred when an ECS was created. In this case, restart the node and submit a service ticket to the ECS personnel to locate the root cause.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 3: Whether You Can Log In to the ECS
                                                                                                                                                                                                                1. Log in to the ECS console.
                                                                                                                                                                                                                2. Check whether the node name displayed on the page is the same as that on the VM and whether the password or key can be used to log in to the node.
                                                                                                                                                                                                                  If the node names are inconsistent and the password and key cannot be used to log in to the node, Cloud-Init problems occurred when an ECS was created. In this case, restart the node and submit a service ticket to the ECS personnel to locate the root cause.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Check Item 4: Whether the Security Group Is Modified
                                                                                                                                                                                                                1. Log in to the management console, and choose Service List > Network > Virtual Private Cloud. In the navigation pane, choose Access Control > Security Groups, and locate the security group of the master node.
                                                                                                                                                                                                                  The name of this security group is in the format of cluster name-cce-control-ID.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                2. Click the security group. On the details page displayed, ensure that the security group rules of the master node are the same as those in the following figure.
                                                                                                                                                                                                                  Figure 2 Viewing inbound rules of the security group
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Inbound rule parameter description:
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  • 4789: used for network access between containers.
                                                                                                                                                                                                                  • 5443-5444: used by kubelet of the node to listen to kube-api of the master node.
                                                                                                                                                                                                                  • 9443: used by canal of the node to listen to canal-api of the master node.
                                                                                                                                                                                                                  • 8445: used by storage_driver of the node to access csms-storagemgr of the master node.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Figure 3 Viewing outbound rules of the security group
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 4: Whether the Security Group Is Modified
                                                                                                                                                                                                                Log in to the VPC console. In the navigation pane, choose Access Control > Security Groups and locate the security group of the cluster master node.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The name of this security group is in the format of Cluster name-cce-control-ID. You can search for the security group by cluster name.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check whether the rules in the security group are modified. For details, see Configuring Cluster Security Group Rules.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Check Item 5: Whether the Disk Is Abnormal
                                                                                                                                                                                                                After a node is created in a cluster of v1.7.3-r7 or a later version, a 100 GB data disk dedicated for Docker is bound to the node. If the data disk is uninstalled or damaged, the Docker service becomes abnormal and the node becomes unavailable.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 5: Whether the Security Group Rules Contain the Security Group Policy for the Communication Between the Master Node and the Worker Node
                                                                                                                                                                                                                Check whether such a security group policy exists.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                When a node is added to an existing cluster, if an extended CIDR block is added to the VPC corresponding to the subnet and the subnet is an extended CIDR block, you need to add the following three security group rules to the master node security group (the group name is in the format of Cluster name-cce-control-Random number). These rules ensure that the nodes added to the cluster are available. (This step is not required if an extended CIDR block has been added to the VPC during cluster creation.)
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                For details about security, see Configuring Cluster Security Group Rules.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 6: Whether the Disk Is Abnormal
                                                                                                                                                                                                                A 100 GiB data disk dedicated for Docker is attached to the new node. If the data disk is uninstalled or damaged, the Docker service becomes abnormal and the node becomes unavailable.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Click the node name to check whether the data disk mounted to the node is uninstalled. If the disk is uninstalled, mount a data disk to the node again and restart the node. Then the node can be recovered.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Check Item 6: Whether Internal Components Are Normal
                                                                                                                                                                                                                1. Log in to the ECS where the unavailable node is located.
                                                                                                                                                                                                                  For details, see Logging In to a Linux ECS.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                2. Run the following command to check whether the PaaS components are normal:
                                                                                                                                                                                                                  For version 1.13, run the following command:
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  systemctl status kubelet
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  If this command fails to be run, contact technical support. If this command is successfully executed, the status of each component is displayed as active, as shown in the following figure.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Check Item 7: Whether Internal Components Are Normal
                                                                                                                                                                                                                  1. Log in to the ECS where the unavailable node is located. 
                                                                                                                                                                                                                  2. Run the following command to check whether the PaaS components are normal:
                                                                                                                                                                                                                    systemctl status kubelet
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    If the command is successfully executed, the status of each component is displayed as active, as shown in the following figure.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    If the component status is not active, run the following commands (using the faulty component canal as an example):
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    Run systemctl restart canal to restart the component.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                    After restarting the component, run systemctl status canal to check the status.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    For versions earlier than v1.13, run the following command:
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    su paas -c '/var/paas/monit/bin/monit summary'
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    If this command fails to be run, contact technical support. If this command is successfully executed, the status of each component is displayed, as shown in the following figure.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    If any service component is not in the Running state, restart the corresponding service. For example, the canal component is abnormal, as shown in the following figure.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    Run su paas -c '/var/paas/monit/bin/monit restart canal' to restart the canal component.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    After the restart, run su paas -c '/var/paas/monit/bin/monit summary' to query the status of the canal component.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    In that case, the status of each component is Running, as shown in the following figure.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  3. If the restart command fails to be run, run the following command to check the running status of the monitrc process:
                                                                                                                                                                                                                    ps -ef | grep monitrc
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                    • If the monitrc process exists, run the following command to kill this process. The monitrc process will be automatically restarted after it is killed.
                                                                                                                                                                                                                      kill -s 9  `ps -ef | grep monitrc | grep -v grep | awk '{print $2}'`
                                                                                                                                                                                                                      
-
                                                                                                                                                                                                                    • If the monitrc process does not exist or is not restarted after being killed, contact technical support.
                                                                                                                                                                                                                    
-
                                                                                                                                                                                                                  4. If the fault persists, collect logs in the /var/log/message and /var/paas/sys/log directories, submit a service ticket, and contact technical support.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If the monitrc process exists, run the following command to kill this process. The monitrc process will be automatically restarted after it is killed.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  kill -s 9  `ps -ef | grep monitrc | grep -v grep | awk '{print $2}'`
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 8: Whether the DNS Address Is Correct
                                                                                                                                                                                                                1. After logging in to the node, check whether any domain name resolution failure is recorded in the /var/log/cloud-init-output.log file.
                                                                                                                                                                                                                  cat /var/log/cloud-init-output.log | grep resolv
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If the command output contains the following information, the domain name cannot be resolved:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Could not resolve host:  Unknown error
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                2. On the node, ping the domain name that cannot be resolved in the previous step to check whether the domain name can be resolved on the node.
                                                                                                                                                                                                                  • If not, the DNS cannot resolve the IP address. Check whether the DNS address in the /etc/resolv.conf file is the same as that configured on the VPC subnet. In most cases, the DNS address in the file is incorrectly configured. As a result, the domain name cannot be resolved. Correct the DNS configuration of the VPC subnet and reset the node.
                                                                                                                                                                                                                  • If yes, the DNS address configuration is correct. Check whether there are other faults.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 9: Whether the vdb Disk on the Node Is Deleted
                                                                                                                                                                                                                If the vdb disk on a node is deleted, you can refer to this topic to restore the node.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 10: Whether the Docker Service Is Normal
                                                                                                                                                                                                                1. Run the following command to check whether the Docker service is running:
                                                                                                                                                                                                                  systemctl status docker
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If the command fails or the Docker service status is not active, locate the cause or contact technical support if necessary.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                2. Run the following command to check the number of containers on the node:
                                                                                                                                                                                                                  docker ps -a | wc -l
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If the command is suspended, the command execution takes a long time, or there are more than 1000 abnormal containers, check whether workloads are repeatedly created and deleted. If a large number of containers are frequently created and deleted, a large number of abnormal containers may occur and cannot be cleared in a timely manner.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  In this case, stop repeated creation and deletion of the workload or use more nodes to share the workload. Generally, the nodes will be restored after a period of time. If necessary, run the docker rm {container_id} command to manually clear abnormal containers.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Parent topic: Reference
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: Node Running
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_faq_00127.html b/docs/cce/umn/cce_faq_00127.html
new file mode 100644
index 000000000..1bb8525f8
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00127.html
@@ -0,0 +1,17 @@
+
+
+
                                                                                                                                                                                                                What Should I Do If No Node Creation Record Is Displayed When the Node Pool Is Being Expanding?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Symptom
                                                                                                                                                                                                                The node pool keeps being in the expanding state, but no node creation record is displayed in the operation record.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Troubleshooting
                                                                                                                                                                                                                Check and rectify the following faults:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • Whether the specifications configured for the node pool are insufficient.
                                                                                                                                                                                                                • Whether the ECS or memory quota of the tenant is insufficient.
                                                                                                                                                                                                                • The ECS capacity verification of the tenant may fail if too many nodes are created at a time.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Solution
                                                                                                                                                                                                                • If the resources of the ECS flavor cannot meet service requirements, use ECSs of another flavor.
                                                                                                                                                                                                                • If the ECS or memory quota is insufficient, increase the quota.
                                                                                                                                                                                                                • If the ECS capacity verification fails, perform the verification again.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: Node Pool
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00134.html b/docs/cce/umn/cce_faq_00134.html
index 12cea3fcb..d8db8c445 100644
--- a/docs/cce/umn/cce_faq_00134.html
+++ b/docs/cce/umn/cce_faq_00134.html
@@ -1,9 +1,87 @@
 
 
-
                                                                                                                                                                                                                Fault Locating and Troubleshooting for Abnormal Workloads
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                If a workload is running improperly, you can view events to determine the cause.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                On the CCE console, choose Workloads > Deployments or StatefulSets in the navigation pane and click the name of the faulty workload. On the workload details page, view the workload events.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Viewing events
                                                                                                                                                                                                                1. Log in to the CCE console. In the navigation pane on the left, choose Workloads > Deployments or Workloads > StatefulSets.
                                                                                                                                                                                                                2. In the workload list, click the name of the abnormal workload.
                                                                                                                                                                                                                3. On the Pods tab page, view the latest workload events.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                How Do I Use Events to Fix Abnormal Workloads?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If a workload is abnormal, you can first check the pod events to locate the fault and then rectify the fault by referring to Table 1.
                                                                                                                                                                                                                
+
+
                                                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                Table 1 Troubleshooting methods
                                                                                                                                                                                                                Event Information
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Pod Status
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Solution
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                PodsScheduling failed
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Pending
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                For details, see What Should I Do If Pod Scheduling Fails?.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                PodsFailed to pull image
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Failed to re-pull image
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                FailedPullImage
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                ImagePullBackOff
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                For details, see What Should I Do If a Pod Fails to Pull the Image?.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                PodsCreation failed
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Failed to restart container
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                CreateContainerError
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                CrashLoopBackOff
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                For details, see What Should I Do If Container Startup Fails?.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The pod status is Evicted, and the pod keeps being evicted.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Evicted
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                For details, see What Should I Do If a Pod Fails to Be Evicted?.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The storage volume fails to be mounted to the pod.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Pending
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                For details, see What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The pod stays Creating.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Creating
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                For details, see What Should I Do If a Workload Remains in the Creating State?.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The pod stays Terminating.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Terminating
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                For details, see What Should I Do If Pods in the Terminating State Cannot Be Deleted?.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The pod status is Stopped.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Stopped
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                For details, see What Should I Do If a Workload Is Stopped Caused by Pod Deletion?.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Viewing Pod Events
                                                                                                                                                                                                                Run the kubectl describe pod {pod-name} command to view pod events, or log in to the CCE console and view pod events on the workload details page.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                $ kubectl describe pod prepare-58bd7bdf9-fthrp
+...
+Events:
+  Type     Reason            Age   From               Message
+  ----     ------            ----  ----               -------
+  Warning  FailedScheduling  49s   default-scheduler  0/2 nodes are available: 2 Insufficient cpu.
+  Warning  FailedScheduling  49s   default-scheduler  0/2 nodes are available: 2 Insufficient cpu.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00140.html b/docs/cce/umn/cce_faq_00140.html
index df5868a41..85b497cfd 100644
--- a/docs/cce/umn/cce_faq_00140.html
+++ b/docs/cce/umn/cce_faq_00140.html
@@ -1,10 +1,31 @@
 
 
-
                                                                                                                                                                                                                Instance Eviction Exception
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                When a node is faulty, pods on the node are evicted to ensure workload availability. If the pods are not evicted when the node is faulty, perform the following steps:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Check Item 1: Whether Tolerations Have Been Configured on the Pod
                                                                                                                                                                                                                Use kubectl or choose More > Edit YAML next to the corresponding workload to check whether tolerations are installed on the workload. For details, see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                What Should I Do If a Workload Remains in the Creating State?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Symptom
                                                                                                                                                                                                                The workload remains in the creating state.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Check Item 2: Whether the Conditions for Stopping Pod Eviction Are Met
                                                                                                                                                                                                                If the number of nodes in a cluster is smaller than 50 and the number of faulty nodes accounts for over 55% of the total nodes, the pod eviction will be suspended. In this case, K8s will attempt to evict the workload on the faulty node. For details, see https://kubernetes.io/docs/concepts/architecture/nodes/.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Troubleshooting Process
                                                                                                                                                                                                                Troubleshooting methods are sorted based on the occurrence probability of the possible causes. You are advised to check the possible causes from high probability to low probability to quickly locate the cause of the problem.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the fault persists after a possible cause is rectified, check other possible causes.
                                                                                                                                                                                                                
+
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 1: Whether the cce-pause Image Is Deleted by Mistake
                                                                                                                                                                                                                Symptom
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                When creating a workload, an error message indicating that the sandbox cannot be created is displayed. This is because the cce-pause:3.1 image fails to be pulled.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Failed to create pod sandbox: rpc error: code = Unknown desc = failed to get sandbox image "cce-pause:3.1": failed to pull image "cce-pause:3.1": failed to pull and unpack image "docker.io/library/cce-pause:3.1": failed to resolve reference "docker.io/library/cce-pause:3.1": pulling from host **** failed with status code [manifests 3.1]: 400 Bad Request
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Possible Causes
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The image is a system image added during node creation. If the image is deleted by mistake, the workload cannot be created.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Solution
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. Log in to the faulty node.
                                                                                                                                                                                                                2. Decompress the cce-pause image installation package.
                                                                                                                                                                                                                  tar -xzvf /opt/cloud/cce/package/node-package/pause-*.tgz
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                3. Import the image.
                                                                                                                                                                                                                  • For a node which uses a Docker container runtime:
                                                                                                                                                                                                                    docker load ./pause/package/image/cce-pause-3.1.tar
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  • For a node which uses a containerd container runtime:
                                                                                                                                                                                                                    ctr -n k8s.io image import ./pause/package/image/cce-pause-3.1.tar
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                4. Create a workload.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 2: Modifying Node Specifications After the CPU Management Policy Is Enabled in the Cluster
                                                                                                                                                                                                                The kubelet option cpu-manager-policy defaults to static. This allows granting enhanced CPU affinity and exclusivity to pods with certain resource characteristics on the node. If you modify CCE node specifications on the ECS console, the original CPU information does not match the new CPU information. As a result, workloads on the node cannot be restarted or created.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. Log in to the CCE node (ECS) and delete the cpu_manager_state file.
                                                                                                                                                                                                                  Example command for deleting the file:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  rm -rf /mnt/paas/kubernetes/kubelet/cpu_manager_state
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                2. Restart the node or kubelet. The following is the kubelet restart command:
                                                                                                                                                                                                                  systemctl restart kubelet
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Verify that workloads on the node can be successfully restarted or created.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  For details, see What Should I Do If I Fail to Restart or Create Workloads on a Node After Modifying the Node Specifications?.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
diff --git a/docs/cce/umn/cce_faq_00141.html b/docs/cce/umn/cce_faq_00141.html
new file mode 100644
index 000000000..3f7eab49e
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00141.html
@@ -0,0 +1,17 @@
+
+
+
                                                                                                                                                                                                                Networking
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
+
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: FAQs
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00146.html b/docs/cce/umn/cce_faq_00146.html
new file mode 100644
index 000000000..eaada3f4c
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00146.html
@@ -0,0 +1,17 @@
+
+
+
                                                                                                                                                                                                                Network Planning
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
+
diff --git a/docs/cce/umn/cce_faq_00152.html b/docs/cce/umn/cce_faq_00152.html
new file mode 100644
index 000000000..a203470b8
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00152.html
@@ -0,0 +1,19 @@
+
+
+
                                                                                                                                                                                                                What Can I Do If an Error Is Reported When a Deployed Container Is Started After the JVM Startup Heap Memory Parameter Is Specified for ENTRYPOINT in Dockerfile?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Symptom
                                                                                                                                                                                                                After the JVM startup heap memory parameter is specified for ENTRYPOINT in the Dockerfile, an error message "invalid initial heap size" is displayed during the deployed container's startup, as shown in the following figure:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Answer
                                                                                                                                                                                                                Check the ENTRYPOINT settings. The following settings are incorrect:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                ENTRYPOINT ["java","-Xms2g -Xmx2g","-jar","xxx.jar"]
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                You can use either of the following methods to solve the problem:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • (Recommended) Write the container startup command in Workloads > Container Settings > Lifecycle > Startup Command, then the container can be started properly.
                                                                                                                                                                                                                • Change the format of the ENTRYPOINT startup command to the following:
                                                                                                                                                                                                                  ENTRYPOINT exec java -Xmx2g -Xms2g -jar xxxx.jar
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: Container Configuration
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00154.html b/docs/cce/umn/cce_faq_00154.html
new file mode 100644
index 000000000..90902637f
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00154.html
@@ -0,0 +1,14 @@
+
+
+
                                                                                                                                                                                                                Which Resource Quotas Should I Pay Attention To When Using CCE?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                CCE restricts only the number of clusters. However, when using CCE, you may also be using other cloud services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Virtual Private Cloud (VPC), Elastic Load Balance (ELB), and SoftWare Repository for Containers (SWR).
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                What Is a Quota?
                                                                                                                                                                                                                A quota is a limit on the quantity or capacity of a certain type of cloud service resources that you can use, for example, the maximum number of ECSs or EVS disks that you can create.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                You can request for an increase in quota if an existing quota cannot meet your service requirements.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: Cluster Creation
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00159.html b/docs/cce/umn/cce_faq_00159.html
new file mode 100644
index 000000000..865ca7b34
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00159.html
@@ -0,0 +1,11 @@
+
+
+
                                                                                                                                                                                                                When Is Pre-stop Processing Used?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Service processing takes a long time. Pre-stop processing makes sure that during an upgrade, a pod is killed only when the service in the pod has been processed.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: Container Configuration
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00163.html b/docs/cce/umn/cce_faq_00163.html
new file mode 100644
index 000000000..ddad82dbd
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00163.html
@@ -0,0 +1,15 @@
+
+
+
                                                                                                                                                                                                                Node Pool
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
+
diff --git a/docs/cce/umn/cce_faq_00186.html b/docs/cce/umn/cce_faq_00186.html
new file mode 100644
index 000000000..a0374946d
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00186.html
@@ -0,0 +1,25 @@
+
+
+
                                                                                                                                                                                                                Others
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
+
diff --git a/docs/cce/umn/cce_faq_00189.html b/docs/cce/umn/cce_faq_00189.html
new file mode 100644
index 000000000..e0f48e829
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00189.html
@@ -0,0 +1,20 @@
+
+
+
                                                                                                                                                                                                                What Should I Do If I Fail to Restart or Create Workloads on a Node After Modifying the Node Specifications?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Context
                                                                                                                                                                                                                The kubelet option cpu-manager-policy defaults to static, allowing pods with certain resource characteristics to be granted increased CPU affinity and exclusivity on the node. If you modify CCE node specifications on the ECS console, the original CPU information does not match the new CPU information. As a result, workloads on the node cannot be restarted or created.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                For more information, see Control CPU Management Policies on the Node.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Impact
                                                                                                                                                                                                                The clusters that have enabled a CPU management policy will be affected.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Solution
                                                                                                                                                                                                                1. Log in to the CCE node (ECS) and delete the cpu_manager_state file.
                                                                                                                                                                                                                  Example command for the file deletion:
                                                                                                                                                                                                                  rm -rf /mnt/paas/kubernetes/kubelet/cpu_manager_state
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                2. Restart the node or kubelet. The following is the kubelet restart command:
                                                                                                                                                                                                                  systemctl restart kubelet
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                3. Verify that workloads on the node can be successfully restarted or created.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: Specification Change
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00190.html b/docs/cce/umn/cce_faq_00190.html
deleted file mode 100644
index 9941e8ab1..000000000
--- a/docs/cce/umn/cce_faq_00190.html
+++ /dev/null
@@ -1,81 +0,0 @@
-
-
-
                                                                                                                                                                                                                How Do I Add a Second Data Disk to a Node in a CCE Cluster?
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                You can use the pre-installation script feature to configure CCE cluster nodes (ECSs).
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Before using this feature, write a script that can format data disks and save it to your OBS bucket. Then, inject a command line that will automatically execute the disk formatting script when the node is up. The script specifies the size of each docker data disk (for example, the default docker disk is 100 GB and the additional disk is 110 GB) and the mount path (/data/code) of the additional disk. In this example, the script is named formatdisk.sh. Note that the script must be run by the root user.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Example command line:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                cd /tmp;curl -k -X GET OBS bucket address /formatdisk.sh -1 -O;fdisk -l;sleep 30;bash -x formatdisk.sh 100 /data/code;fdisk -l
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Example script (formatdisk.sh):
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                dockerdisksize=$1
-mountdir=$2
-systemdisksize=40
-i=0
-while [ 20 -gt $i ]; do 
-    echo $i; 
-    if [ $(lsblk -o KNAME,TYPE | grep disk | grep -v nvme | awk '{print $1}' | awk '{ print "/dev/"$1}' |wc -l) -ge 3 ]; then 
-        break 
-    else 
-        sleep 5 
-    fi; 
-    i=$[i+1] 
-done 
-all_devices=$(lsblk -o KNAME,TYPE | grep disk | grep -v nvme | awk '{print $1}' | awk '{ print "/dev/"$1}')
-for device in ${all_devices[@]}; do
-    isRawDisk=$(lsblk -n $device 2>/dev/null | grep disk | wc -l)
-    if [[ ${isRawDisk} > 0 ]]; then
-        # is it partitioned ?
-        match=$(lsblk -n $device 2>/dev/null | grep -v disk | wc -l)
-        if [[ ${match} > 0 ]]; then
-            # already partited
-            [[ -n "${DOCKER_BLOCK_DEVICES}" ]] && echo "Raw disk ${device} has been partition, will skip this device"
-            continue
-        fi
-    else
-        isPart=$(lsblk -n $device 2>/dev/null | grep part | wc -l)
-        if [[ ${isPart} -ne 1 ]]; then
-            # not parted
-            [[ -n "${DOCKER_BLOCK_DEVICES}" ]] && echo "Disk ${device} has not been partition, will skip this device"
-            continue
-        fi
-        # is used ?
-        match=$(lsblk -n $device 2>/dev/null | grep -v part | wc -l)
-        if [[ ${match} > 0 ]]; then
-            # already used
-            [[ -n "${DOCKER_BLOCK_DEVICES}" ]] && echo "Disk ${device} has been used, will skip this device"
-            continue
-        fi
-        isMount=$(lsblk -n -o MOUNTPOINT $device 2>/dev/null)
-        if [[ -n ${isMount} ]]; then
-            # already used
-            [[ -n "${DOCKER_BLOCK_DEVICES}" ]] && echo "Disk ${device} has been used, will skip this device"
-            continue
-        fi
-        isLvm=$(sfdisk -lqL 2>>/dev/null | grep $device | grep "8e.*Linux LVM")
-        if [[ ! -n ${isLvm} ]]; then
-            # part system type is not Linux LVM
-            [[ -n "${DOCKER_BLOCK_DEVICES}" ]] && echo "Disk ${device} system type is not Linux LVM, will skip this device"
-            continue
-        fi
-    fi
-    block_devices_size=$(lsblk -n -o SIZE $device 2>/dev/null | awk '{ print $1}')
-    if [[ ${block_devices_size}"x" != "${dockerdisksize}Gx" ]] && [[ ${block_devices_size}"x" != "${systemdisksize}Gx" ]]; then
-echo "n
-p
-1
-
-
-w
-" | fdisk $device
-        mkfs -t ext4 ${device}1
-        mkdir -p $mountdir
-        echo "${device}1  $mountdir ext4  noatime  0 0" | tee -a /etc/fstab >/dev/null
-        mount $mountdir
-    fi
-done
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Parent topic: Reference
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
-
diff --git a/docs/cce/umn/cce_faq_00192.html b/docs/cce/umn/cce_faq_00192.html
new file mode 100644
index 000000000..526664a0e
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00192.html
@@ -0,0 +1,16 @@
+
+
+
                                                                                                                                                                                                                How Can Container IP Addresses Survive a Container Restart?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If Containers Will Run in a Single-Node Cluster
                                                                                                                                                                                                                Add hostNetwork: true to the spec.spec. in the YAML file of the workload to which the containers will belong.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If Containers Will Run in a Multi-Node Cluster
                                                                                                                                                                                                                Configure node affinity policies, in addition to perform the operations described in "If the Container Runs in a Single-Node Cluster". However, after the workload is created, the number of running pods cannot exceed the number of affinity nodes.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Expected Result
                                                                                                                                                                                                                After the previous settings are complete and the workload is running, the IP addresses of the workload's pods are the same as the node IP addresses. After the workload is restarted, these IP addresses will keep unchanged.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: Reference
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00194.html b/docs/cce/umn/cce_faq_00194.html
new file mode 100644
index 000000000..d9d5a413e
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00194.html
@@ -0,0 +1,16 @@
+
+
+
                                                                                                                                                                                                                How Do I Configure a DNS Policy for a Container?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                CCE uses dnsPolicy to identify different DNS policies for each pod. The value of dnsPolicy can be either of the following:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • None: No DNS policy is configured. In this mode, you can customize the DNS configuration, and dnsPolicy needs to be used together with dnsConfig to customize the DNS.
                                                                                                                                                                                                                • Default: The pod inherits the name resolution configuration from the node where the pod is running. The container's DNS configuration file is the DNS configuration file that the kubelet's --resolv-conf flag points to. In this case, a cloud DNS is used for CCE clusters.
                                                                                                                                                                                                                • ClusterFirst: In this mode, the DNS in the pod uses the DNS service configured in the cluster. That is, the kube-dns or CoreDNS service in the Kubernetes is used for domain name resolution. If the resolution fails, the DNS configuration of the host machine is used for resolution.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the type of dnsPolicy is not specified, ClusterFirst is used by default.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • If the type of dnsPolicy is set to Default, the name resolution configuration is inherited from the worker node where the pod is running.
                                                                                                                                                                                                                • If the type of dnsPolicy is set to ClusterFirst, DNS queries will be sent to the kube-dns service.
                                                                                                                                                                                                                  The kube-dns service responds to queries on the domains that use the configured cluster domain suffix as the root. All other queries (for example, www.kubernetes.io) are forwarded to the upstream name server inherited from the node. Before this feature was supported, stub domains were typically introduced by a custom resolver, instead of the upstream DNS. However, this causes the custom resolver itself to be the key path to DNS resolution, where scalability and availability issues can make the DNS functions unavailable to the cluster. This feature allows you to introduce custom resolvers without taking over the entire resolution path.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If a workload does not need to use CoreDNS in the cluster, you can use kubectl or call the APIs to set the dnsPolicy to Default.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: DNS FAQs
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00195.html b/docs/cce/umn/cce_faq_00195.html
new file mode 100644
index 000000000..73a112ff3
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00195.html
@@ -0,0 +1,29 @@
+
+
+
                                                                                                                                                                                                                How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The following is an example resolv.conf file for a container in a workload:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                In the preceding information:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • nameserver: IP address of the DNS. Set this parameter to the cluster IP address of CoreDNS.
                                                                                                                                                                                                                • search: domain name search list, which is a common suffix of Kubernetes.
                                                                                                                                                                                                                • ndots: If the number of dots (.) is less than the domain name, search is preferentially used for resolution.
                                                                                                                                                                                                                • timeout: timeout interval.
                                                                                                                                                                                                                • single-request-reopen: indicates that different source ports are used to send different types of requests.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                By default, when you create a workload on the CCE console, the preceding parameters are configured as follows:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                      dnsConfig:
+        options:
+          - name: timeout
+            value: '2'
+          - name: ndots
+            value: '5'
+          - name: single-request-reopen
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                These parameters can be optimized or modified based on service requirements.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Scenario 1: Slow External Domain Name Resolution
                                                                                                                                                                                                                Optimization Solution
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. If the workload does not need to access the Kubernetes Service in the cluster, see How Do I Configure a DNS Policy for a Container?.
                                                                                                                                                                                                                2. If the number of dots (.) in the domain name used by the working Service to access other Kubernetes Services is less than 2, set ndots to 2.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Scenario 2: External Domain Name Resolution Timeout
                                                                                                                                                                                                                Optimization Solution
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. Generally, the timeout of a Service must be greater than the value of timeout multiplied by attempts.
                                                                                                                                                                                                                2. If it takes more than 2s to resolve the domain name, you can set timeout to a larger value.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: DNS FAQs
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00197.html b/docs/cce/umn/cce_faq_00197.html
new file mode 100644
index 000000000..4e31fbb0e
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00197.html
@@ -0,0 +1,50 @@
+
+
+
                                                                                                                                                                                                                What Should I Do If Domain Name Resolution Fails?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 1: Whether the coredns Add-on Has Been Installed
                                                                                                                                                                                                                1. Log in to the CCE console and click the cluster.
                                                                                                                                                                                                                2. In the navigation pane, choose Add-ons. In the Add-ons Installed area, check whether the coredns add-on has been installed.
                                                                                                                                                                                                                3. If not, install the add-on. For details, see Why Does a Container in a CCE Cluster Fail to Perform DNS Resolution?.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 2: Whether the coredns Instance Reaches the Performance Limit
                                                                                                                                                                                                                CoreDNS QPS is positively correlated with the CPU usage. If the QPS is high, adjust the the coredns instance specifications based on the QPS. 
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. Log in to the CCE console and access the cluster console.
                                                                                                                                                                                                                2. In the navigation pane on the left, choose Add-ons. In Add-ons Installed, find the coredns add-on corresponding to the cluster and ensure that the add-on status is Running.
                                                                                                                                                                                                                3. Click the coredns add-on name to view the add-on list.
                                                                                                                                                                                                                4. Click Monitor of the the coredns add-on to view the CPU and memory usage.
                                                                                                                                                                                                                  If the add-on performance reaches the bottleneck, adjust the coredns add-on specifications.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 3: Whether the External Domain Name Resolution Is Slow or Times Out
                                                                                                                                                                                                                If the domain name resolution failure rate is lower than 1/10000, optimize parameters by referring to How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out? or add a retry policy in the service.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 4: Whether UnknownHostException Occurs
                                                                                                                                                                                                                When service requests in the cluster are sent to an external DNS server, a domain name resolution error occurs due to occasional UnknownHostException. UnknownHostException is a common exception. When this exception occurs, check whether there is any domain name-related error or whether you have entered a correct domain name.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                To locate the fault, perform the following steps:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. Check the host name carefully (spelling and extra spaces).
                                                                                                                                                                                                                2. Check the DNS settings. Before running the application, run the ping hostname command to ensure that the DNS server has been started and running. If the host name is new, you need to wait for a period of time before the DNS server is accessed.
                                                                                                                                                                                                                3. Check the CPU and memory usage of the coredns add-on to determine whether the performance bottleneck has been reached. For details, see Check Item 2: Whether the coredns Instance Reaches the Performance Limit.
                                                                                                                                                                                                                4. Check whether traffic limiting is performed on the coredns add-on. If traffic limiting is triggered, the processing time of some requests may be prolonged. In this case, you need to adjust the coredns add-on specifications.
                                                                                                                                                                                                                  Log in to the node where the coredns add-on is installed and view the following content:
                                                                                                                                                                                                                  cat /sys/fs/cgroup/cpu/kubepods/pod<pod_uid>/<coredns container ID>/cpu.stat
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • <pod uid> indicates the pod UID of the coredns add-on, which can be obtained by running the following command:
                                                                                                                                                                                                                    kubectl get po <pod name> -nkube-system -ojsonpath='{.metadata.uid}{"\n"}'
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    In the preceding command, <pod name> indicates the name of the coredns add-on running on the current node.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  • <coredns container ID> must be a complete container ID, which can be obtained by running the following command:
                                                                                                                                                                                                                    docker ps --no-trunc | grep k8s_coredns | awk '{print $1}'
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Example:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  cat /sys/fs/cgroup/cpu/kubepods/pod27f58662-3979-448e-8f57-09b62bd24ea6/6aa98c323f43d689ac47190bc84cf4fadd23bd8dd25307f773df25003ef0eef0/cpu.stat
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Pay attention to the following metrics:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • nr_throttled: number of times that traffic is limited.
                                                                                                                                                                                                                  • throttled_time: total duration of traffic limiting, in nanoseconds.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the host name and DNS settings are correct, you can use the following optimization policies.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Optimization policies:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. Change the coredns cache time.
                                                                                                                                                                                                                2. Configure the stub domain.
                                                                                                                                                                                                                3. Modify the value of ndots.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                 
                                                                                                                                                                                                                • Increasing the cache time of coredns helps resolve the same domain name for the N time, reducing the number of cascading DNS requests.
                                                                                                                                                                                                                • Configuring the stub domain can reduce the number of DNS request links.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                How to modify:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. Modifying the coredns cache time and configuring the stub domain:
                                                                                                                                                                                                                  Restart the coredns add-on after you modify the configurations.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                2. Modifying ndots:
                                                                                                                                                                                                                  How Do I Optimize the Configuration If the External Domain Name Resolution Is Slow or Times Out?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Example:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                        dnsConfig:
+        options:
+          - name: timeout
+            value: '2'
+          - name: ndots
+            value: '5'
+          - name: single-request-reopen
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  You are advised to change the value of ndots to 2.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: DNS FAQs
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00199.html b/docs/cce/umn/cce_faq_00199.html
index cb3a4467e..f7c0c7f1c 100644
--- a/docs/cce/umn/cce_faq_00199.html
+++ b/docs/cce/umn/cce_faq_00199.html
@@ -1,22 +1,20 @@
 
 
-
                                                                                                                                                                                                                What Should I Do If a Pod Is in the Evicted State?
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Problem
                                                                                                                                                                                                                Workload pods in the cluster fail and are being redeployed constantly.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                After the following command is run, the command output shows that many pods are in the evicted state.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                kubectl get pods
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Possible Cause
                                                                                                                                                                                                                When a node is abnormal, Kubernetes evicts pods on the node. This problem is often caused by insufficient resources.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Solution
                                                                                                                                                                                                                Check resource usage and locate the fault.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Run the following command to delete the evicted pods:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                kubectl get pods | grep Evicted | awk '{print $1}' | xargs kubectl delete pod 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Reference
                                                                                                                                                                                                                Kubelet does not delete evicted pods
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                What Is the Image Pull Policy for Containers in a CCE Cluster?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                A container image is required to create a container. Images may be stored locally or in a remote image repository.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The imagePullPolicy field in the Kubernetes configuration file is used to describe the image pull policy. This field has the following value options:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • Always: Always force a pull.
                                                                                                                                                                                                                  imagePullPolicy: Always
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                • IfNotPresent: The image is pulled only if it is not already present locally.
                                                                                                                                                                                                                  imagePullPolicy: IfNotPresent
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                • Never: The image is assumed to exist locally. No attempt is made to pull the image.
                                                                                                                                                                                                                  imagePullPolicy: Never
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Description
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. If this field is set to Always, the image is pulled from the remote repository each time a container is started or restarted.
                                                                                                                                                                                                                  If imagePullPolicy is left blank, the policy defaults to Always.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                2. If the policy is set to IfNotPreset:
                                                                                                                                                                                                                  1. If the required image does not exist locally, it will be pulled from the remote repository.
                                                                                                                                                                                                                  2. If the content, except the tag, of the required image is the same as that of the local image, and the image with that tag exists only in the remote repository, Kubernetes will not pull the image from the remote repository.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Parent topic: Workload Abnormalities
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: Others
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_faq_00200.html b/docs/cce/umn/cce_faq_00200.html
new file mode 100644
index 000000000..522299947
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00200.html
@@ -0,0 +1,44 @@
+
+
+
                                                                                                                                                                                                                What Should I Do If a Storage Volume Cannot Be Mounted or the Mounting Times Out?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Troubleshooting Process
                                                                                                                                                                                                                Troubleshooting methods are sorted based on the occurrence probability of the possible causes. You are advised to check the possible causes from high probability to low probability to quickly locate the cause of the problem.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the fault persists after a possible cause is rectified, check other possible causes.
                                                                                                                                                                                                                
+
+
                                                                                                                                                                                                                Figure 1 Troubleshooting for storage volume mounting failure or mounting timeout
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 1: Whether EVS Volumes Are Mounted Across AZs
                                                                                                                                                                                                                Symptom
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Mounting an EVS volume to a StatefulSet times out.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Fault Locating
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If your node is in AZ 1 but the volume to be mounted is in AZ 2, the mounting times out and the volume cannot be mounted.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Solution
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Create a volume in the same AZ as the node and mount the volume.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 2: Whether Multiple Permission Configurations Exist in the Storage Volume
                                                                                                                                                                                                                If the volume to be mounted stores too many data and involves permission-related configurations, the file permissions need to be modified one by one, which results in mounting timeout.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Fault Locating
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • Check whether the securityContext field contains runAsuser and fsGroup. securityContext is a Kubernetes field that defines the permission and access control settings of pods or containers.
                                                                                                                                                                                                                • Check whether the startup commands contain commands used to obtain or modify file permissions, such as ls, chmod, and chown.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Solution
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Determine whether to modify the settings based on your service requirements.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 3: Whether There Is More Than One Replica for a Deployment with EVS Volumes
                                                                                                                                                                                                                Symptom
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The pod fails to be created, and an event indicating that the storage fails to be added is reported.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Multi-Attach error for volume "pvc-62a7a7d9-9dc8-42a2-8366-0f5ef9db5b60" Volume is already used by pod(s) testttt-7b774658cb-lc98h
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Fault Locating
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check whether the number of replicas of the Deployment is greater than 1.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the Deployment uses an EVS volume, the number of replicas can only be 1. If you specify more than two pods for the Deployment on the backend, CCE does not restrict the creation of the Deployment. However, if these pods are scheduled to different nodes, some pods cannot be started because the EVS volumes used by the pods cannot be mounted to the nodes.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Solution
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Set the number of replicas of the Deployment that uses an EVS volume to 1 or use other volume types.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 4: Whether the EVS Disk File System Is Damaged
                                                                                                                                                                                                                Symptom
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The pod fails to be created, and information similar to the following is displayed, indicating that the disk file system is damaged.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                MountVolume.MountDevice failed for volume "pvc-08178474-c58c-4820-a828-14437d46ba6f" : rpc error: code = Internal desc = [09060def-afd0-11ec-9664-fa163eef47d0] /dev/sda has file system, but it is detected to be damaged
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Solution
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Back up the disk in EVS and run the following command to restore the file system:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                fsck -y {Drive letter}
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: Workload Abnormalities
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00201.html b/docs/cce/umn/cce_faq_00201.html
new file mode 100644
index 000000000..799e0a69c
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00201.html
@@ -0,0 +1,73 @@
+
+
+
                                                                                                                                                                                                                How Do I Collect Logs of Nodes in a CCE Cluster?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The following tables list log files of CCE nodes.
                                                                                                                                                                                                                
+
+
                                                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                Table 1 Node logs
                                                                                                                                                                                                                Name
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Path
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                kubelet log
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • For clusters of v1.21 or later: /var/log/cce/kubernetes/kubelet.log
                                                                                                                                                                                                                • For clusters of v1.19 or earlier: /var/paas/sys/log/kubernetes/kubelet.log
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                kube-proxy log
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • For clusters of v1.21 or later: /var/log/cce/kubernetes/kube-proxy.log
                                                                                                                                                                                                                • For clusters of v1.19 or earlier: /var/paas/sys/log/kubernetes/kube-proxy.log
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                yangtse log (networking)
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • For clusters of v1.21 or later: /var/log/cce/yangtse
                                                                                                                                                                                                                • For clusters of v1.19 or earlier: /var/paas/sys/log/yangtse
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                canal log
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • For clusters of v1.21 or later: /var/log/cce/canal
                                                                                                                                                                                                                • For clusters of v1.19 or earlier: /var/paas/sys/log/canal
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                System logs
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                /var/log/messages
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
+
                                                                                                                                                                                                                
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                Table 2 Add-on logs
                                                                                                                                                                                                                Name
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Path
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                everest log
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • For v2.1.41 or later:
                                                                                                                                                                                                                  • everest-csi-driver: /var/log/cce/kubernetes
                                                                                                                                                                                                                  • everest-csi-controller: /var/paas/sys/log/kubernetes
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                • For version earlier than v2.1.41:
                                                                                                                                                                                                                  • everest-csi-driver: /var/log/cce/everest-csi-driver
                                                                                                                                                                                                                  • everest-csi-controller: /var/paas/sys/log/everest-csi-controller
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                npd log
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • For v1.18.16 or later: /var/paas/sys/log/kubernetes
                                                                                                                                                                                                                • For versions earlier than v1.18.16: /var/paas/sys/log/cceaddon-npd
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                cce-hpa-controller log
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • For v1.3.12 or later: /var/paas/sys/log/kubernetes
                                                                                                                                                                                                                • For versions earlier than v1.3.12: /var/paas/sys/log/ccehpa-controller
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: Node Running
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00202.html b/docs/cce/umn/cce_faq_00202.html
index 2b5f6e78d..e04dc6bb7 100644
--- a/docs/cce/umn/cce_faq_00202.html
+++ b/docs/cce/umn/cce_faq_00202.html
@@ -1,23 +1,23 @@
 
 
-
                                                                                                                                                                                                                What Should I Do If a Service Released in a Workload Cannot Be Accessed from Public Networks?
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                A workload can be accessed from public networks through a load balancer. LoadBalancer provides higher reliability than EIP-based NodePort because an EIP is no longer bound to a single node. The LoadBalancer access type is applicable to the scenario in which a Service exposed to public networks is required.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                The LoadBalancer access address consists of the IP address and port number of the public network ELB, for example, 10.117.117.117:80.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Fault Locating
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                How Do I Locate a Workload Networking Fault?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Troubleshooting Process
                                                                                                                                                                                                                Troubleshooting methods are sorted based on the occurrence probability of the possible causes. You are advised to check the possible causes from high probability to low probability to quickly locate the cause of the problem.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the fault persists after a possible cause is rectified, check other possible causes.
                                                                                                                                                                                                                
+
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Check Item 1: Container and Container Port
                                                                                                                                                                                                                Log in to the CCE console or use kubectl to query the IP address of the pod. Then, log in to the node or container in the cluster and run the curl command to manually call the API. Check whether the expected result is returned.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 1: Container and Container Port
                                                                                                                                                                                                                Log in to the CCE console or use kubectl to query the IP address of the pod. Then, log in to the node or container in the cluster and run the curl command to manually call the API. Check whether the expected result is returned.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                If <container IP address>:<port> cannot be accessed, you are advised to log in to the application container and access <127.0.0.1>:<port> to locate the fault.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Common issues:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                1. The container port is incorrectly configured (the container does not listen to the access port).
                                                                                                                                                                                                                2. The URL does not exist (no related path exists in the container).
                                                                                                                                                                                                                3. A Service exception (a Service bug in the container) occurs.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. The container port is incorrectly configured (the container does not listen to the access port).
                                                                                                                                                                                                                2. The URL does not exist (no related path exists in the container).
                                                                                                                                                                                                                3. A Service exception (a Service bug in the container) occurs.
                                                                                                                                                                                                                4. Check whether the cluster network kernel component is abnormal (container tunnel network model: openswitch kernel component; VPC network model: ipvlan kernel component).
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Check Item 2: Node IP Address and Node Port
                                                                                                                                                                                                                Only NodePort or LoadBalancer Services can be accessed using the node IP address and node port.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                • NodePort Services:
                                                                                                                                                                                                                  The access port of a node is the port exposed externally by the node.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                • LoadBalancer Service:
                                                                                                                                                                                                                  You can view the node port of a LoadBalancer Service by editing the YAML file.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Example:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                nodePort: 30637 is the port exposed externally by the node, targetPort: 80 is the port exposed by the container, and port: 123 is the port exposed by the ELB.
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                After finding the node port, access <IP address>:<port> of the node where the container is located and check whether the expected result is returned.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                nodePort: 30637 indicates the exposed node port. targetPort: 80 indicates the exposed pod port. port: 123 is the exposed Service port. LoadBalancer Services also use this port to configure the ELB listener.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                After finding the node port (nodePort), access <IP address>:<port> of the node where the container is located and check whether the expected result is returned.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Common issues:
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                1. The service port is not allowed in the inbound rules of the node.
                                                                                                                                                                                                                2. A custom route is incorrectly configured for the node.
                                                                                                                                                                                                                3. The label of the pod does not match that of the Service (created using kubectl or API).
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
@@ -25,14 +25,23 @@
 
                                                                                                                                                                                                                Possible causes:
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                • The backend server group of the port or URL does not meet the expectation.
                                                                                                                                                                                                                • The security group on the node has not exposed the related protocol or port to the ELB.
                                                                                                                                                                                                                • The health check of the layer-4 load balancing is not enabled.
                                                                                                                                                                                                                • The certificate used for Services of layer-7 load balancing has expired.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Common issues:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                1. The health check function is disabled (enabled by default) when a layer-4 load balancing Service is released. As a result, a new backend server group fails to be added when you update the backend server groups.
                                                                                                                                                                                                                2. For UDP access, the ICMP port of the node has not been allowed in the inbound rules.
                                                                                                                                                                                                                3. The label of the pod does not match that of the Service (created using kubectl or API).
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                1. When exposing a layer-4 ELB load balancer, if you have not enabled health check on the console, the load balancer may route requests to abnormal nodes.
                                                                                                                                                                                                                2. For UDP access, the ICMP port of the node has not been allowed in the inbound rules.
                                                                                                                                                                                                                3. The label of the pod does not match that of the Service (created using kubectl or API).
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                Check Item 4: NAT Gateway + Port
                                                                                                                                                                                                                Generally, no EIP is configured for the backend server of NAT. Otherwise, exceptions such as network packet loss may occur.
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 5: Whether the Security Group of the Node Where the Container Is Located Allows Access
                                                                                                                                                                                                                Log in to the management console, choose Service List > Networking > Virtual Private Cloud. On the Network console, choose Access Control > Security Groups, locate the security group rule of the CCE cluster, and modify and harden the security group rule.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • CCE cluster:
                                                                                                                                                                                                                  The security group name of the node is {Cluster name}-cce-node-{Random characters}.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                • CCE Turbo cluster:
                                                                                                                                                                                                                  The security group name of the node is {Cluster name}-cce-node-{Random characters}.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  The name of the security group associated with the containers is {Cluster name}-cce-eni-{Random characters}.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check the following:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • IP address, port, and protocol of an external request to access the workloads in the cluster. They must be allowed in the inbound rule of the cluster security group.
                                                                                                                                                                                                                • IP address, port, and protocol of a request by a workload to visit external applications outside the cluster. They must be allowed in the outbound rule of the cluster security group.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                For details about security group configuration, see Configuring Cluster Security Group Rules.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Parent topic: Reference
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: Network Fault
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
                                                                                                                                                                                                                
 
diff --git a/docs/cce/umn/cce_faq_00203.html b/docs/cce/umn/cce_faq_00203.html
new file mode 100644
index 000000000..8d974ab77
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00203.html
@@ -0,0 +1,16 @@
+
+
+
                                                                                                                                                                                                                Why Does the Browser Return Error Code 404 When I Access a Deployed Application?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                CCE does not return any error code when you fail to access your applications using a browser. Check your services first.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                404 Not Found
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the error code shown in the following figure is returned, it indicates that the ELB cannot find the corresponding forwarding policy. Check the forwarding policies.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Figure 1 404:ALB
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If the error code shown in the following figure is returned, it indicates that errors occur on Nginx (your services). In this case, check your services.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Figure 2 404:nginx/1.**.*
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: Network Fault
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00204.html b/docs/cce/umn/cce_faq_00204.html
new file mode 100644
index 000000000..9672679c9
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00204.html
@@ -0,0 +1,23 @@
+
+
+
                                                                                                                                                                                                                What Should I Do If a Container Fails to Access the Internet?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If a container cannot access the Internet, check whether the node where the container is located can access the Internet. Then check whether the network configuration of the container is correct. For example, check whether the DNS configuration can resolve the domain name.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 1: Whether the Node Can Access the Internet
                                                                                                                                                                                                                1. Log in to the ECS console.
                                                                                                                                                                                                                2. Check whether the ECS corresponding to the node has been bound to an EIP or has a NAT gateway configured.
                                                                                                                                                                                                                  An EIP has been bound, as shown in Figure 1. If no EIP is displayed, bind an EIP to the ECS.
                                                                                                                                                                                                                  Figure 1 Node with an EIP bound
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 2: Whether a Network ACL Has Been Configured for the Node
                                                                                                                                                                                                                1. Log in to the VPC console.
                                                                                                                                                                                                                2. In the navigation pane on the left, choose Access Control > Network ACLs.
                                                                                                                                                                                                                3. Check whether a network ACL has been configured for the subnet where the node is located and whether external access is restricted.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Check Item 3: Whether the DNS Configuration of the Container Is Correct
                                                                                                                                                                                                                Run the cat /etc/resolv.conf command command in the container to check the DNS configuration. An example is as follows:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                nameserver 10.247.x.x
+search default.svc.cluster.local svc.cluster.local cluster.local
+options ndots:5
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                If nameserver is set to 10.247.x.x, DNS is connected to the CoreDNS of the cluster. Ensure that the CoreDNS of the cluster is running properly. If another IP address is displayed, an in-cloud or on-premises DNS server is used. Ensure that the domain name resolution is correct.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: Network Fault
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00205.html b/docs/cce/umn/cce_faq_00205.html
new file mode 100644
index 000000000..24c977bb7
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00205.html
@@ -0,0 +1,21 @@
+
+
+
                                                                                                                                                                                                                Network Fault
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
+
diff --git a/docs/cce/umn/cce_faq_00207.html b/docs/cce/umn/cce_faq_00207.html
new file mode 100644
index 000000000..890abf2c6
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00207.html
@@ -0,0 +1,23 @@
+
+
+
                                                                                                                                                                                                                API & kubectl FAQs
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
+
diff --git a/docs/cce/umn/cce_faq_00208.html b/docs/cce/umn/cce_faq_00208.html
new file mode 100644
index 000000000..7ba66267c
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00208.html
@@ -0,0 +1,16 @@
+
+
+
                                                                                                                                                                                                                Can the Resources Created Using APIs or kubectl Be Displayed on the CCE Console?
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                The CCE console does not support the display of the following Kubernetes resources: DaemonSets, ReplicationControllers, ReplicaSets, and endpoints.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                To query these resources, run the kubectl commands.
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                In addition, Deployments, StatefulSets, Services, and pods can be displayed on the console only when the following conditions are met:
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                • Deployments and StatefulSets: At least one label uses app as its key.
                                                                                                                                                                                                                • Pods: Pods are displayed on the Pods tab page in the workload details only after a Deployment or StatefulSet has been created.
                                                                                                                                                                                                                • Services: Services are displayed on the Access Mode tab page in the Deployment or StatefulSet details.
                                                                                                                                                                                                                  The Services displayed on this tab page are associated with the workload.
                                                                                                                                                                                                                  1. At lease one label of the workload uses app as its key.
                                                                                                                                                                                                                  2. The label of a Service is the same as that of the workload.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                Parent topic: API & kubectl FAQs
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
                                                                                                                                                                                                                
+
diff --git a/docs/cce/umn/cce_faq_00209.html b/docs/cce/umn/cce_faq_00209.html
index 737595510..574bb80d7 100644
--- a/docs/cce/umn/cce_faq_00209.html
+++ b/docs/cce/umn/cce_faq_00209.html
@@ -1,16 +1,52 @@
 
 
-
                                                                                                                                                                                                                What Should I Do If An Evicted Pod Exists?
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                Pod actions are classified into the following two types:
                                                                                                                                                                                                                
-
                                                                                                                                                                                                                • kube-controller-manager periodically checks the status of all nodes. If a node is in the NotReady state for a period of time, all pods on the node are evicted.
                                                                                                                                                                                                                • kubelet periodically checks the memory and disk resources of the node. If the resources are insufficient, pods are evicted based on the priority. Check results will be recorded in kubelet logs of the node. You can run the following command to search for the information:
                                                                                                                                                                                                                  cat /var/paas/sys/log/kubernetes/kubelet.log | grep -i Evicted -C3
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  What Should I Do If a Pod Fails to Be Evicted?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  What Is Eviction
                                                                                                                                                                                                                  When an exception occurs on a node, Kubernetes evicts the pods on the node to ensure the workload availability.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  In Kubernetes, both kube-controller-manager and kubelet can evict pods.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • Eviction implemented by kube-controller-manager
                                                                                                                                                                                                                    kube-controller-manager consists of multiple controllers, and eviction is implemented by the node controller. The controller periodically checks the status of all nodes. When a node is in the NotReady state for a period of time, all pods on the node are evicted.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    kube-controller-manager provides the following startup parameters to control evictions:
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    • pod-eviction-timeout: an interval when a node is down, after which pods on that node are evicted. The default interval is 5 minutes.
                                                                                                                                                                                                                    • node-eviction-rate: a rate at which nodes are evicted, which is implemented by the token bucket traffic control algorithm. The default value is 0.1, indicating that 0.1 nodes are evicted per second. Note that this rate is not the rate at which pods are evicted, but the rate at which nodes are evicted. That is, one node is cleared every 10 seconds.
                                                                                                                                                                                                                    • secondary-node-eviction-rate: secondary eviction rate. When a large number of nodes are down in the cluster, the eviction rate decreases. The default value is 0.01.
                                                                                                                                                                                                                    • unhealthy-zone-threshold: threshold for a zone to be considered unhealthy. This parameter determines when to enable the secondary eviction rate. The default value is 0.55. That is, if the percentage of down nodes in a zone exceeds 55%, the zone is unhealthy.
                                                                                                                                                                                                                    • large-cluster-size-threshold: threshold for a cluster to be considered large. When the number of nodes in a zone exceeds this threshold, the zone is considered as a large cluster. If the percentage of down nodes in a large cluster exceeds 55%, the eviction rate is reduced to 0.01. If the cluster is a small one, the eviction rate is reduced to 0.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  • Eviction implemented by kubelet
                                                                                                                                                                                                                    If resources of a node are to be used up, kubelet executes the eviction policy based on the pod priority, resource usage, and resource request. If pods have the same priority, the pod that uses the most resources or requests for the most resources will be evicted first.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    kube-controller-manager evicts all pods on a node, whereas kubelet evicts certain pods on a node. Pods to be evicted are determined by the pod QoS. kubelet periodically checks the memory and disk resources of the node. If the resources are insufficient, pods are evicted based on the priority.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    There are soft eviction thresholds and hard eviction thresholds.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    • Soft eviction threshold: A grace period is set for node resources. kubelet will reclaim node resources associated with this threshold if that grace period is exceeded. If the node resource usage reaches this threshold but falls below it before the grace period is exceeded, kubelet will not evict pods on the node.
                                                                                                                                                                                                                    • Hard eviction threshold: Pods are immediately evicted once this threshold is reached.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    kubelet provides the following parameters to control evictions:
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    • eviction-soft: soft eviction thresholds. If, for example, memory.available is less than 1.5 GiB, pods will be evicted only after the grace period specified by eviction-soft-grace-period is exceeded.
                                                                                                                                                                                                                    • eviction-soft-grace-period: an eviction grace period. It is used to terminate the grace period of a pod to be evicted by eviction-soft. The default value is 90 seconds.
                                                                                                                                                                                                                    • eviction-max-pod-grace-period: the maximum allowed grace period to use when terminating pods in response to a soft eviction threshold being met
                                                                                                                                                                                                                    • eviction-pressure-transition-period: a duration for which kubelet has to wait before transitioning out of an eviction pressure condition. The default value is 5 minutes. If the time exceeds the threshold, the node is set to memory pressure or disk pressure, and then pod eviction is started.
                                                                                                                                                                                                                    • eviction-minimum-reclaim: the minimum number of resources that must be reclaimed in each eviction
                                                                                                                                                                                                                    • eviction-hard: hard eviction thresholds. If, for example, memory.available is less than 1 GiB, the pod will be evicted.
                                                                                                                                                                                                                    
 
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Fault Locating
                                                                                                                                                                                                                  If the pods are not evicted when the node is faulty, perform the following steps to locate the fault:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  After the following command is run, the command output shows that many pods are in the Evicted state.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  kubectl get pods
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Check results will be recorded in kubelet logs of the node. You can run the following command to search for the information:
                                                                                                                                                                                                                  cat /var/paas/sys/log/kubernetes/kubelet.log | grep -i Evicted -C3
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Troubleshooting Process
                                                                                                                                                                                                                  Troubleshooting methods are sorted based on the occurrence probability of the possible causes. You are advised to check the possible causes from high probability to low probability to quickly locate the cause of the problem.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If the fault persists after a possible cause is rectified, check other possible causes.
                                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                                  Figure 1 Troubleshooting process for pod eviction exception
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Check Item 1: Whether Tolerations Have Been Configured on the Pod
                                                                                                                                                                                                                  Use kubectl, or locate the row containing the target workload and choose More > Edit YAML in the Operation column to check whether tolerance is configured for the workload. For details, see Taints and Tolerations.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Check Item 2: Whether the Conditions for Stopping Pod Eviction Are Met
                                                                                                                                                                                                                  If the number of nodes in a cluster is smaller than 50 and the number of faulty nodes accounts for over 55% of the total nodes, the pod eviction will be suspended. In this case, Kubernetes will not attempt to evict the workload on the faulty node. For details, see Rate limits on eviction.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Check Item 3: Whether the Allocated Resources of the Container Are the Same as Those of the Node
                                                                                                                                                                                                                  An evicted container is frequently scheduled to the original node.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Possible Causes
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  A node evicts a container based on the node resource usage. The evicted container is scheduled based on the allocated node resources. Eviction and scheduling are based on different rules. Therefore, an evicted container may be scheduled to the original node again.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Properly allocate resources to each container.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Check Item 4: Whether the Pod Fails Continuously and Is Redeployed
                                                                                                                                                                                                                  A pod in the workload fails and is being redeployed constantly.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Analysis
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  After a pod is evicted and scheduled to a new node, if pods in that node are also being evicted, the pod will be evicted again. Pods may be evicted repeatedly.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  If the eviction is triggered by kube-controller-manager, a pod in the Terminating state is left. It is automatically deleted only after the node where the container is located is restored. If the node has been deleted or cannot be restored due to other reasons, you can forcibly delete the pod.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  If the eviction is triggered by kubelet, a pod in the Evicted state is left. It is only used for subsequent fault locating and can be directly deleted.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Common issues:
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Why is an evicted container frequently scheduled to the original node?
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Answer: A node evicts a container based on the node resource usage. The evicted container is scheduled based on the allocated node resources. Eviction and scheduling are based on different rules. Therefore, an evicted container may be scheduled to the original node again.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  This problem can be solved by properly allocating resources to each container.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If a pod is evicted by kube-controller-manager, it would be in the Terminating state. This pod will be automatically deleted only after the node where the container is located is restored. If the node has been deleted or cannot be restored due to other reasons, you can forcibly delete the pod.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If a pod is evicted by kubelet, it would be in the Evicted state. This pod is only used for subsequent fault locating and can be directly deleted.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Run the following command to delete the evicted pods:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  kubectl get pods <namespace> | grep Evicted | awk '{print $1}' | xargs kubectl delete pod <namespace> 
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  In the preceding command, <namespace> indicates the namespace name. Configure it based on your requirements.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  References
                                                                                                                                                                                                                  Kubelet does not delete evicted pods
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00210.html b/docs/cce/umn/cce_faq_00210.html
index 1978504a8..76f2418a6 100644
--- a/docs/cce/umn/cce_faq_00210.html
+++ b/docs/cce/umn/cce_faq_00210.html
@@ -1,17 +1,21 @@
 
 
 
                                                                                                                                                                                                                  What Should I Do If Pods in the Terminating State Cannot Be Deleted?
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                                  When a node is in the Unavailable state, CCE migrates container pods on the node and sets the pods running on the node to the Terminating state.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  After the node is restored, the pods in the Terminating state are automatically deleted.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Some pods are in the Terminating state occasionally.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  The pods cannot be deleted by running the kubectl delete pods command.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  kubectl delete pods httpd-app-6df58645c6-cxgcm
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                                  When a node is in the Unavailable state, CCE migrates container pods on the node and sets the pods running on the node to the Terminating state.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  After the node is restored, the pods in the Terminating state are automatically deleted.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  However, some pods remain in the Terminating state.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  #kubectl get pod -n aos
+NAME                              READY      STATUS         RESTARTS   AGE
+aos-apiserver-5f8f5b5585-s9l92     1/1       Terminating    0          3d1h
+aos-cmdbserver-789bf5b497-6rwrg    1/1       Running        0          3d1h
+aos-controller-545d78bs8d-vm6j9    1/1       Running        3          3d1h
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Running kubectl delete pods <podname> -n <namespace> cannot delete the pods.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  kubectl delete pods aos-apiserver-5f8f5b5585-s9l92 -n aos
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  You can run the following command to forcibly delete the pods created in any ways:
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  kubectl delete pods <pod> --grace-period=0 --force
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Therefore, you can run the following command to delete the pod httpd-app-6df58645c6-cxgcm:
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  kubectl delete pods httpd-app-6df58645c6-cxgcm --grace-period=0 --force
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  You can run the following command to forcibly delete the pods created in any ways:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  kubectl delete pods <pod> --grace-period=0 --force
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Therefore, run the following command to delete the pod:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  kubectl delete pods aos-apiserver-5f8f5b5585-s9l92 --grace-period=0 --force
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_faq_00213.html b/docs/cce/umn/cce_faq_00213.html
new file mode 100644
index 000000000..c42efe071
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00213.html
@@ -0,0 +1,37 @@
+
+
+
                                                                                                                                                                                                                  What Should I Do If a Scheduled Task Cannot Be Restarted After Being Stopped for a Period of Time?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If a scheduled task is stopped during running, before its restart, the system calculates the difference between the last time the task was successfully executed and the current time and compares the time difference with the scheduled task period multiplied by 100. If the time difference is greater than the period multiplied by 100, the scheduled task will not be triggered again. For details, see CronJob Limitations.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  For example, assume that a cron job is set to create a job every minute from 08:30:00 and the startingDeadlineSeconds field is not set. If the cron job controller stops running from 08:29:00 to 10:21:00, the job will not be started because the time difference between 08:29:00 and 10:21:00. 00 exceeds 100 minutes, that is, the number of missed scheduling times exceeds 100 (in the example, a scheduling period is 1 minute).
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If the startingDeadlineSeconds field is set, the controller calculates the number of missed jobs in the last x seconds (x indicates the value of startingDeadlineSeconds). For example, if startingDeadlineSeconds is set to 200, the controller counts the number of jobs missed in the last 200 seconds. In this case, if the cron job controller stops running from 08:29:00 to 10:21:00, the job will start again at 10:22:00, because only three scheduling requests are missed in the last 200 seconds (in the example, one scheduling period is 1 minute).
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  Configure the startingDeadlineSeconds parameter in a cron job. This parameter can be created or modified only by using kubectl or APIs.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Example YAML:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: hello
+spec:
+  startingDeadlineSeconds: 200
+  schedule: "* * * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: hello
+            image: busybox:1.28
+            imagePullPolicy: IfNotPresent
+            command:
+            - /bin/sh
+            - -c
+            - date; echo Hello
+          restartPolicy: OnFailure
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If you create a cron job again, you can temporarily avoid this issue.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Others
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00215.html b/docs/cce/umn/cce_faq_00215.html
new file mode 100644
index 000000000..1c217e3ae
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00215.html
@@ -0,0 +1,15 @@
+
+
+
                                                                                                                                                                                                                  Chart and Add-on
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
+
diff --git a/docs/cce/umn/cce_faq_00218.html b/docs/cce/umn/cce_faq_00218.html
new file mode 100644
index 000000000..6557e3693
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00218.html
@@ -0,0 +1,18 @@
+
+
+
                                                                                                                                                                                                                  What Should I Do If the Host Cannot Be Found When Files Need to Be Uploaded to OBS During the Access to the CCE Service from a Public Network?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  When a Service deployed on CCE attempts to upload files to OBS after receiving an access request from an offline machine, an error message is displayed, indicating that the host cannot be found. The following figure shows the error message:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Fault Locating
                                                                                                                                                                                                                  After receiving the HTTP request, the Service transfers files to OBS through the proxy.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If too many files are transferred, a large number of resources are consumed. Currently, the proxy is assigned 128 MiB memory. According to pressure test results, resource consumption is large, resulting in request failure.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  The test results show that all traffic passes through the proxy. Therefore, if the service volume is large, more resources need to be allocated.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  1. File transfer involves a large number of packet copies, which occupies a large amount of memory. You are advised to increase the proxy memory based on the actual scenario and then try to access the Service and upload files again.
                                                                                                                                                                                                                  2. In addition, you can remove the Service from the mesh because the proxy only forwards packets and does not perform any other operations. If requests pass through the ingress gateway, the grayscale release function of the Service is not affected.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Storage
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00224.html b/docs/cce/umn/cce_faq_00224.html
new file mode 100644
index 000000000..84e18c244
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00224.html
@@ -0,0 +1,27 @@
+
+
+
                                                                                                                                                                                                                  How Do I Expand the Storage Capacity of a Container?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Scenario
                                                                                                                                                                                                                  The default storage size of a container is 10 GB. If a large volume of data is generated in the container, expand the capacity using the method described in this topic.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  1. Log in to the CCE console and click the name of the target cluster in the cluster list.
                                                                                                                                                                                                                  2. Choose Nodes from the navigation pane.
                                                                                                                                                                                                                  3. Select the target node and choose More > Reset Node in the Operation column.
                                                                                                                                                                                                                     
                                                                                                                                                                                                                    Resetting a node may make unavailable the node-specific resources (such as local storage and workloads scheduled to this node). Exercise caution when performing this operation to avoid impact on running services.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  4. Click Yes.
                                                                                                                                                                                                                  5. Reconfigure node parameters.
                                                                                                                                                                                                                    If you need to adjust the container storage space, pay attention to the following configurations:
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    Storage Settings: Click Expand next to the data disk to set the following parameters:
                                                                                                                                                                                                                    • Allocate Disk Space: storage space used by the container engine to store the Docker/containerd working directory, container image data, and image metadata. Defaults to 90% of the data disk.
                                                                                                                                                                                                                    • Allocate Pod Basesize: CCE allows you to set an upper limit for the disk space occupied by each workload pod (including the space occupied by container images). This setting prevents the pods from taking all the disk space available, which may cause service exceptions. It is recommended that the value be smaller than or equal to 80% of the container engine space.
                                                                                                                                                                                                                       
                                                                                                                                                                                                                      • The capability of customizing pod basesize is related to the node OS and container storage rootfs.
                                                                                                                                                                                                                        • When the rootfs uses Device Mapper, the node supports custom pod basesize. The default storage space of a single container is 10 GiB.
                                                                                                                                                                                                                        • When the rootfs uses OverlayFS, most nodes do not support custom pod basesize. The storage space of a single container is not limited and defaults to the container engine space.
                                                                                                                                                                                                                          Only EulerOS 2.9 nodes in clusters of 1.19.16, 1.21.3, 1.23.3, and later versions support custom pod basesize.
                                                                                                                                                                                                                          
+
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      • In the case of using Docker on EulerOS 2.9 nodes, basesize will not take effect if CAP_SYS_RESOURCE or privileged is configured for a container.
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  6. After the node is reset, log in to the node and run the following command to access the container and check whether the container storage capacity has been expanded:
                                                                                                                                                                                                                    docker exec -it container_id /bin/sh or kubectl exec -it container_id /bin/sh
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    df -h
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Reference
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00230.html b/docs/cce/umn/cce_faq_00230.html
new file mode 100644
index 000000000..1a07cc41c
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00230.html
@@ -0,0 +1,21 @@
+
+
+
                                                                                                                                                                                                                  How Do I Set the umask Value for a Container?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                                  A container is started in tailf /dev/null mode and the directory permission is 700 after the startup script is manually executed. If the container is started by Kubernetes itself without tailf, the obtained directory permission is 751.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  The reason is that the umask values set in the preceding two startup modes are different. Therefore, the permissions on the created directories are different.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  The umask value is used to set the default permission for a newly created file or directory. If the umask value is too small, group users or other users will have excessive permissions, posing security threats to the system. Therefore, the default umask value for all users is set to 0077. That is, the default permission on directories created by users is 700, and the default permission on files is 600.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  You can add the following content to the startup script to set the permission on the created directory to 700:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  1. 1. Add umask 0077 to the /etc/bashrc file and all files in /etc/profile.d/. 
                                                                                                                                                                                                                  2. Run the following command:
                                                                                                                                                                                                                    echo "umask 0077" >> $FILE
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                     
                                                                                                                                                                                                                    FILE indicates the file name, for example, echo "umask 0077" >> /etc/bashrc.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  3. Set the owner and group of the /etc/bashrc file and all files in /etc/profile.d/ to root.
                                                                                                                                                                                                                  4. Run the following command:
                                                                                                                                                                                                                    chown root.root $FILE
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Container Configuration
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00235.html b/docs/cce/umn/cce_faq_00235.html
new file mode 100644
index 000000000..ed3798d17
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00235.html
@@ -0,0 +1,145 @@
+
+
+
                                                                                                                                                                                                                  How Can I Achieve Compatibility Between ExtendPathMode and Kubernetes client-go?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Scenario
                                                                                                                                                                                                                  The Kubernetes pod structure does not contain ExtendPathMode. Therefore, when a user calls the API for creating a pod or deployment by using client-go, the created pod does not contain ExtendPathMode. CCE provides a solution to ensure compatibility with the Kubernetes client-go.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                   
                                                                                                                                                                                                                  • When creating a pod, you need to add kubernetes.io/extend-path-mode to annotation of the pod.
                                                                                                                                                                                                                  • When creating a Deployment, you need to add kubernetes.io/extend-path-mode to kubernetes.io/extend-path-mode in the template.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  The following is an example YAML of creating a pod. After the kubernetes.io/extend-path-mode keyword is added to annotation, the containername, name, and mountpath fields are matched, and the corresponding extendpathmode is added to volumeMount.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  apiVersion: v1
+kind: Pod
+metadata:
+  name: test-8b59d5884-96vdz
+  generateName: test-8b59d5884-
+  namespace: default
+  selfLink: /api/v1/namespaces/default/pods/test-8b59d5884-96vdz
+  labels:
+    app: test
+    pod-template-hash: 8b59d5884
+  annotations:
+    kubernetes.io/extend-path-mode: '[{"containername":"container-0","name":"vol-156738843032165499","mountpath":"/tmp","extendpathmode":"PodUID"}]'
+    metrics.alpha.kubernetes.io/custom-endpoints: '[{"api":"","path":"","port":"","names":""}]'
+  ownerReferences:
+    - apiVersion: apps/v1
+      kind: ReplicaSet
+      name: test-8b59d5884
+      uid: 2633020b-cd23-11e9-8f83-fa163e592534
+      controller: true
+      blockOwnerDeletion: true
+spec:
+  volumes:
+    - name: vol-156738843032165499
+      hostPath:
+        path: /tmp
+        type: ''
+    - name: default-token-4s959
+      secret:
+        secretName: default-token-4s959
+        defaultMode: 420
+  containers:
+    - name: container-0
+      image: 'nginx:latest'
+      env:
+        - name: PAAS_APP_NAME
+          value: test
+        - name: PAAS_NAMESPACE
+          value: default
+        - name: PAAS_PROJECT_ID
+          value: b6315dd3d0ff4be5b31a963256794989
+      resources:
+        limits:
+          cpu: 250m
+          memory: 512Mi
+        requests:
+          cpu: 250m
+          memory: 512Mi
+      volumeMounts:
+        - name: vol-156738843032165499
+          mountPath: /tmp
+          extendPathMode: PodUID
+        - name: default-token-4s959
+          readOnly: true
+          mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+      terminationMessagePath: /dev/termination-log
+      terminationMessagePolicy: File
+      imagePullPolicy: Always
+  restartPolicy: Always
+  terminationGracePeriodSeconds: 30
+  dnsPolicy: ClusterFirst
+  serviceAccountName: default
+  serviceAccount: default
+  nodeName: 192.168.0.24
+  securityContext: {}
+  imagePullSecrets:
+    - name: default-secret
+    - name: default-secret
+  affinity: {}
+  schedulerName: default-scheduler
+  tolerations:
+    - key: node.kubernetes.io/not-ready
+      operator: Exists
+      effect: NoExecute
+      tolerationSeconds: 300
+    - key: node.kubernetes.io/unreachable
+      operator: Exists
+      effect: NoExecute
+      tolerationSeconds: 300
+  priority: 0
+  dnsConfig:
+    options:
+      - name: timeout
+        value: ''
+      - name: ndots
+        value: '5'
+      - name: single-request-reopen
+  enableServiceLinks: true
                                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                  Table 1 Descriptions of key parameters
                                                                                                                                                                                                                  Parameter
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Type
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Description
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  containername
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  String
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Name of a container.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  name
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  String
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Name of a volume.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  mountpath
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  String
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Mount path.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  extendpathmode
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  String
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  A third-level directory is added to the created volume directory/subdirectory to facilitate the obtaining of a single pod output file.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  The following types are supported. 
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • None: The extended path is not configured.
                                                                                                                                                                                                                  • PodUID: ID of a pod.
                                                                                                                                                                                                                  • PodName: Name of a pod.
                                                                                                                                                                                                                  • PodUID/ContainerName: ID of a pod or name of a container.
                                                                                                                                                                                                                  • PodName/ContainerName: Name of a pod or container.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Storage
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00255.html b/docs/cce/umn/cce_faq_00255.html
new file mode 100644
index 000000000..748314a06
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00255.html
@@ -0,0 +1,13 @@
+
+
+
                                                                                                                                                                                                                  What Should I Do If Health Check Probes Occasionally Fail?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  When the liveness and readiness probes fail to perform the health check, locate the service fault first.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Common causes are as follows:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • The service processing takes a long time. As a result, the response times out.
                                                                                                                                                                                                                  • The Tomcat connection setup and waiting time are too long (for example, too many connections or threads). As a result, the response times out.
                                                                                                                                                                                                                  • The performance of the node where the container is located, such as the disk I/O, reaches the bottleneck. As a result, the service processing times out.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Container Configuration
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00260.html b/docs/cce/umn/cce_faq_00260.html
new file mode 100644
index 000000000..1586781a0
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00260.html
@@ -0,0 +1,54 @@
+
+
+
                                                                                                                                                                                                                  How Do I Evenly Distribute Multiple Pods to Each Node?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  The kube-scheduler component in Kubernetes is responsible pod scheduling. For each newly created pod or other unscheduled pods, kube-scheduler selects an optimal node from them to run on. kube-scheduler selects a node for a pod in a 2-step operation: filtering and scoring. In the filtering step, all nodes where it is feasible to schedule the pod are filtered out. In the scoring step, kube-scheduler ranks the remaining nodes to choose the most suitable pod placement. Finally, kube-scheduler schedules the pod to the node with the highest score. If there is more than one node with the equal scores, kube-scheduler selects one of them at random.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  BalancedResourceAllocation is only one of the scoring priorities. Other scoring items may also cause uneven distribution. For details about scheduling, see Kubernetes Scheduler and Scheduling Policies.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  You can configure pod anti-affinity policies to evenly distribute pods onto different nodes.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Example:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: nginx
+  namespace: default
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+        - name: container-0
+          image: nginx:alpine
+          resources:
+            limits:
+              cpu: 250m
+              memory: 512Mi
+            requests:
+              cpu: 250m
+              memory: 512Mi
+      affinity:
+        podAntiAffinity:                   # Workload anti-affinity
+          preferredDuringSchedulingIgnoredDuringExecution:    # Ensure that the following conditions are met:
+            - podAffinityTerm:
+                labelSelector:                       # Select the label of the pod, which is anti-affinity with the workload.
+                  matchExpressions:
+                    - key: app
+                      operator: In
+                      values:
+                        - nginx
+                namespaces:
+                  - default
+                topologyKey: kubernetes.io/hostname     # It takes effect on the node.
+      imagePullSecrets:
+        - name: default-secret
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Scheduling Policies
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00261.html b/docs/cce/umn/cce_faq_00261.html
new file mode 100644
index 000000000..07cab403f
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00261.html
@@ -0,0 +1,17 @@
+
+
+
                                                                                                                                                                                                                  How Do I Set an FQDN for Accessing a Specified Container in the Same Namespace?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Context
                                                                                                                                                                                                                  When creating a workload, users can specify a container, pod, and namespace as an FQDN for accessing the container in the same namespace.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  FQDN stands for Fully Qualified Domain Name, which contains both the host name and domain name. These two names are combined using a period (.).
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  For example, if the host name is bigserver and the domain name is mycompany.com, the FQDN is bigserver.mycompany.com.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  Solution 1: Use the domain name for service discovery. The host name and namespace must be pre-configured. The domain name of the registered service is in the format of service name.namespace name.svc.cluster.local. The limitation of this solution is that the registration center must be deployed using containers.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution 2: Use the host network to deploy containers and then configure affinity between the containers and a node in the cluster. In this way, the service address (that is, the node address) of the containers can be determined. The registered address is the IP address of the node where the service is located. This solution allows you to deploy the registration center using VMs, whereas the disadvantage is that the host network is not as efficient as the container network.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Container Configuration
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00262.html b/docs/cce/umn/cce_faq_00262.html
new file mode 100644
index 000000000..e19369cdd
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00262.html
@@ -0,0 +1,20 @@
+
+
+
                                                                                                                                                                                                                  How Do I Prevent a Container on a Node from Being Evicted?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Context
                                                                                                                                                                                                                  During workload scheduling, two containers on a node may compete for resources. As a result, kubelet evicts both containers. This section describes how to set a policy to retain one of the containers.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  kubelet uses the following criteria to evict a pod:
                                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                                  Pods of different QoS classes are evicted in the following sequence:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  BestEffort -> Burstable -> Guaranteed
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • BestEffort pods: These pods have the lowest priority. They will be the first to be killed if the system runs out of memory.
                                                                                                                                                                                                                  • Burstable pods: These pods will be killed if the system runs out of memory and no BestEffort pods exist.
                                                                                                                                                                                                                  • Guaranteed pods: These pods will be killed if the system runs out of memory and no Burstable or BestEffort pods exist.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                   
                                                                                                                                                                                                                  • If processes in a pod are killed because of excessive resource usage (while the node resources are still sufficient), the system tends to restart the container or create a pod.
                                                                                                                                                                                                                  • If resources are sufficient, you can assign the QoS class of Guaranteed to all pods. In this way, more compute resources are used to improve service performance and stability, reducing troubleshooting time and costs.
                                                                                                                                                                                                                  • To improve resource utilization, assign the QoS class of Guaranteed to service pods and Burstable or BestEffort to other pods (for example, filebeat).
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Scheduling Policies
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00263.html b/docs/cce/umn/cce_faq_00263.html
new file mode 100644
index 000000000..7ca137156
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00263.html
@@ -0,0 +1,42 @@
+
+
+
                                                                                                                                                                                                                  What Should I Do If the vdb Disk of a Node Is Damaged and the Node Cannot Be Recovered After Reset?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                                  The vdb disk of a node is damaged and the node cannot be recovered after reset.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Error Scenarios
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • On a normal node, delete the LV and VG. The node is unavailable.
                                                                                                                                                                                                                  • Reset an abnormal node, and a syntax error is reported. The node is unavailable.
                                                                                                                                                                                                                    The following figure shows the details.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Fault Locating
                                                                                                                                                                                                                  If the volume group (VG) on the node is deleted or damaged and cannot be identified, you need to manually restore the VG first to prevent your data disks from being formatted by mistake during the reset.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  1. Log in to the node.
                                                                                                                                                                                                                  2. Create a PV and a VG again. In this example, the following error message is displayed:
                                                                                                                                                                                                                    root@host1:~# pvcreate /dev/vdb
+Device /dev/vdb excluded by a filter
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    This is because the added disk is created on another VM and has a partition table. The current VM cannot identify the partition table of the disk. You need to run the parted commands for three times to re-create the partition table.
                                                                                                                                                                                                                    root@host1:~# parted /dev/vdb
+GNU Parted 3.2
+Using /dev/vdb
+Welcome to GNU Parted! Type 'help' to view a list of commands.
+(parted) mklabel msdos
+Warning: The existing disk label on /dev/vdb will be destroyed and all data on this disk will be lost. Do you want to continue?
+Yes/No? yes
+(parted) quit
+Information: You may need to update /etc/fstab.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    Run pvcreate again. When the system asks you whether to erase the DOS signature, enter y. The disk is created as a PV.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    root@host1:~# pvcreate /dev/vdb
+WARNING: dos signature detected on /dev/vdb at offset 510. Wipe it? [y/n]: y
+Wiping dos signature on /dev/vdb.
+Physical volume "/dev/vdb" successfully created
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  3. Create a VG.
                                                                                                                                                                                                                    Check the Docker disks of the node. If the disks are /dev/vdb and /dev/vdc, run the following command:
                                                                                                                                                                                                                    root@host1:~# vgcreate vgpaas /dev/vdb /dev/vdc
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    If there is only the /dev/vdb disk, run the following command:
                                                                                                                                                                                                                    root@host1:~# vgcreate vgpaas /dev/vdb
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    After the creation is complete, reset the node.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Node Running
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00265.html b/docs/cce/umn/cce_faq_00265.html
index 1eae63f91..b0e255b4e 100644
--- a/docs/cce/umn/cce_faq_00265.html
+++ b/docs/cce/umn/cce_faq_00265.html
@@ -1,19 +1,741 @@
 
 
-
                                                                                                                                                                                                                  How Do I Harden the VPC Security Group Rules for CCE Cluster Nodes?
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  CCE is a universal container platform. Its default security group rules apply to common scenarios. Based on security requirements, you can harden the security group rules set for CCE clusters on the Security Groups page of Network Console.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                   
                                                                                                                                                                                                                  To view security groups, log in to the CCE console, choose Service List > Network > Virtual Private Cloud, and choose Access Control > Security Groups in the navigation pane.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Configuring Cluster Security Group Rules
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  CCE is a universal container platform. Its default security group rules apply to common scenarios. When a cluster is created, a security group is automatically created for the master node and worker node, separately. The security group name of the master node is {Cluster name}-cce-control-{Random ID}, and the security group name of the worker node is {Cluster name}-cce-node-{Random ID}. If a CCE Turbo cluster is used, an additional ENI security group named {Cluster name}-cce-eni-{Random ID} will be created.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  You can log in to the management console, choose Service List > Networking > Virtual Private Cloud > Access Control > Security Groups, locate the security group of the cluster, and modify the security group rules as required.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  The default security group rules of the clusters using different networks are as follows:
                                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                                   
                                                                                                                                                                                                                  Modifying or deleting rules in a security group may affect cluster running. Exercise caution when performing this operation. If you need to modify security group rules, do not modify the rules of the port on which CCE running depends.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  The security group name of a master node is {Cluster name}-cce-control-{Random ID}. The security group name of a worker node is {Cluster name}-cce-node-{Random ID}.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Enable the following ports in security groups:
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  For {Cluster name}-cce-control-{Random ID}:
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  • The source IP addresses defined in the security group rules must be permitted.
                                                                                                                                                                                                                  • 4789: used for network access between containers.
                                                                                                                                                                                                                  • 5443 and 5444: ports to which kube-apiserver of the master node listens. The two ports must permit requests from VPC and container CIDR blocks and control plane CIDR blocks of the hosting mesh.
                                                                                                                                                                                                                  • 9443: used by canal of the node to listen to canal-api of the master node.
                                                                                                                                                                                                                  • 8445: used by storage_driver of the node to access csms-storagemgr of the master node.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  For {Cluster name}-cce-node-{Random ID}:
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  • The source IP addresses defined in the security group rules must be permitted.
                                                                                                                                                                                                                  • 4789: used for network access between containers.
                                                                                                                                                                                                                  • 10250: used by the master node to proactively access kubelet of the node (for example, by running kubectl exec {pod}).
                                                                                                                                                                                                                  • 30000 to 32767 must permit requests from VPC, container, and ELB CIDR blocks.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Security Group Rules of a Cluster Using a VPC Network
                                                                                                                                                                                                                  Security group of a worker node
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  A security group named {Cluster name}-cce-node-{Random ID} is automatically created for each worker node. For details about the default ports, see Table 1.
                                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                  Table 1 Default ports in the security group for a worker node that uses a VPC network
                                                                                                                                                                                                                  Direction
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Port
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Default Source Address
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Description
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Modifiable
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Modification Suggestion
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Inbound rules
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All UDP ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  VPC CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access between worker nodes and between worker nodes and the master node.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All TCP ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ICMP ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Security group of the master node
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow the master node to access worker nodes.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port range: 30000 to 32767
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access from NodePort.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Yes
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access from VPC, container, and ELB CIDR blocks.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  UDP port range: 30000 to 32767
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Container CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access between nodes and containers.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Security group of worker nodes
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access between worker nodes.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 22
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow SSH access to ECSs.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Recommended
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Outbound rule
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic on all ports by default. You are advised to retain this setting.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Yes
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If you want to harden security by allowing traffic only on specific ports, remember to allow such ports. For details, see Hardening Outbound Rules.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Security group of the master node
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  A security group named {Cluster name}-cce-control-{Random ID} is automatically created for the master node. For details about the default ports, see Table 2.
                                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                  Table 2 Default ports in the security group for the master node that uses a VPC network
                                                                                                                                                                                                                  Direction
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Port
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Default Source Address
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Description
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Modifiable
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Modification Suggestion
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Inbound rules
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 5444
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  VPC CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access from kube-apiserver, which provides lifecycle management for Kubernetes resources.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 5444
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Container CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 9443
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  VPC CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow the network add-on of a worker node to access the master node.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 5443
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow kube-apiserver of the master node to listen to worker nodes.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Recommended
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  The port must allow traffic from the CIDR blocks of the VPC, container, and the control plane of the hosted service mesh.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 8445
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  VPC CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow the storage add-on of a worker node to access the master node.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  IP addresses of this security group
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic from all IP addresses of this security group.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Outbound rule
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic on all ports by default.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Security Group Rules of a Cluster Using the Tunnel Network
                                                                                                                                                                                                                  Security group of a worker node
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  A security group named {Cluster name}-cce-node-{Random ID} is automatically created for each worker node. For details about the default ports, see Table 3.
                                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                  Table 3 Default ports in the security group for a worker node that uses the tunnel network
                                                                                                                                                                                                                  Direction
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Port
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Default Source Address
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Description
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Modifiable
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Modification Suggestion
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Inbound rules
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  UDP port 4789
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access between containers.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 10250
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  CIDR block of the master node
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow the master node to access kubelet on a worker node, for example, by running kubectl exec {pod}.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port range: 30000 to 32767
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access from NodePort.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Yes
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access from VPC, container, and ELB CIDR blocks.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  UDP port range: 30000 to 32767
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 22
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow SSH access to ECSs.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Recommended
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  IP addresses of this security group
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic from all IP addresses of this security group.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Outbound rule
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic on all ports by default. You are advised to retain this setting.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Yes
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If you want to harden security by allowing traffic only on specific ports, remember to allow such ports. For details, see Hardening Outbound Rules.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Security group of the master node
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  A security group named {Cluster name}-cce-control-{Random ID} is automatically created for the master node. For details about the default ports, see Table 4.
                                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                  Table 4 Default ports in the security group for the master node that uses the Tunnel network
                                                                                                                                                                                                                  Direction
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Port
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Default Source Address
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Description
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Modifiable
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Modification Suggestion
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Inbound rules
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  UDP port 4789
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access between containers.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 5444
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  VPC CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access from kube-apiserver, which provides lifecycle management for Kubernetes resources.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 5444
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Container CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 9443
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  VPC CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow the network add-on of a worker node to access the master node.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 5443
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow kube-apiserver of the master node to listen to worker nodes.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Recommended
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  The port must allow traffic from the CIDR blocks of the VPC, container, and the control plane of the hosted service mesh.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 8445
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  VPC CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow the storage add-on of a worker node to access the master node.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  IP addresses of this security group
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic from all IP addresses of this security group.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Outbound rule
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic on all ports by default.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Security Group Rules of a CCE Turbo Cluster Using the Cloud Native Network 2.0
                                                                                                                                                                                                                  Security group of a worker node
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  A security group named {Cluster name}-cce-node-{Random ID} is automatically created for each worker node. For details about the default ports, see Table 5.
                                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                  Table 5 Default ports in the security group for a worker node
                                                                                                                                                                                                                  Direction
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Port
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Default Source Address
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Description
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Modifiable
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Modification Suggestion
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Inbound rules
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 10250
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  CIDR block of the master node
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow the master node to access kubelet on a worker node, for example, by running kubectl exec {pod}.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port range: 30000 to 32767
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access from NodePort.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Yes
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access from VPC, container, and ELB CIDR blocks.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  UDP port range: 30000 to 32767
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 22
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow SSH access to ECSs.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Recommended
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  IP addresses of this security group
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic from all IP addresses of this security group.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Subnet CIDR block of the master node
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic from all source IP addresses in the subnet CIDR block of the master node.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Outbound rule
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic on all ports by default. You are advised to retain this setting.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Yes
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If you want to harden security by allowing traffic only on specific ports, remember to allow such ports. For details, see Hardening Outbound Rules.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Security group of the master node
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  A security group named {Cluster name}-cce-control-{Random ID} is automatically created for the master node. For details about the default ports, see Table 6.
                                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                  Table 6 Default ports in the security group for the master node
                                                                                                                                                                                                                  Direction
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Port
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Default Source Address
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Description
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Modifiable
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Modification Suggestion
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Inbound rules
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 5444
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access from kube-apiserver, which provides lifecycle management for Kubernetes resources.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 5444
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  VPC CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 9443
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  VPC CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow the network add-on of a worker node to access the master node.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 5443
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow kube-apiserver of the master node to listen to worker nodes.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Recommended
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  The port must allow traffic from the CIDR blocks of the VPC, container, and the control plane of the hosted service mesh.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 8445
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  VPC CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow the storage add-on of a worker node to access the master node.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  IP addresses of this security group
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic from all IP addresses of this security group.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Subnet CIDR block of the master node
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic from all source IP addresses in the subnet CIDR block of the master node.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Outbound rule
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic on all ports by default.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Security group of an ENI
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  An additional security group named {Cluster name}-cce-eni-{Random ID} is created for a CCE Turbo cluster. For details about the default ports, see Table 7.
                                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                  Table 7 Default ports in the security group for an ENI
                                                                                                                                                                                                                  Direction
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Port
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Default Source Address
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Description
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Modifiable
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Modification Suggestion
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Inbound rules
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  IP addresses of this security group
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic from all IP addresses of this security group.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  VPC CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic from all IP addresses of the VPC CIDR block.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Outbound rule
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All ports
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses: 0.0.0.0/0
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic on all ports by default.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  No
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  N/A
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Hardening Outbound Rules
                                                                                                                                                                                                                  By default, all security groups created by CCE allow all the outbound traffic. You are advised to retain this configuration. If you want to harden security by allowing traffic only on specific ports, remember to allow ports listed in the following table.
                                                                                                                                                                                                                  
+
+
                                                                                                                                                                                                                  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
                                                                                                                                                                                                                  Table 8 Ports that must be allowed in outbound rules for a worker node
                                                                                                                                                                                                                  Port
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allowed CIDR
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Description
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  UDP port 53
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  DNS server of the subnet
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow traffic on the port for domain name resolution.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  UDP port 4789 (required only for clusters that use the Tunnel network)
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  All IP addresses
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access between containers.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 5443
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  CIDR block of the master node
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow kube-apiserver of the master node to listen to worker nodes.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 5444
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  CIDR blocks of the VPC and container
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow access from kube-apiserver, which provides lifecycle management for Kubernetes resources.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 6443
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  CIDR block of the master node
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  None
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 8445
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  VPC CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow the storage add-on of a worker node to access the master node.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  TCP port 9443
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  VPC CIDR block
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Allow the network add-on of a worker node to access the master node.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Parent topic: Reference
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Network Planning
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
diff --git a/docs/cce/umn/cce_faq_00266.html b/docs/cce/umn/cce_faq_00266.html
index e7bbece03..665f710ae 100644
--- a/docs/cce/umn/cce_faq_00266.html
+++ b/docs/cce/umn/cce_faq_00266.html
@@ -1,16 +1,16 @@
 
 
 
                                                                                                                                                                                                                  What Is the Relationship Between Clusters, VPCs, and Subnets?
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  A VPC is similar to a private local area network (LAN) managed by a home gateway whose IP address is 192.168.0.0/16. A VPC is a private network built on the cloud and provides basic network environment for running elastic cloud servers (ECSs), elastic load balancers (ELBs), and middleware. Networks of different scales can be configured based on service requirements. Generally, you can set the CIDR block to 10.0.0.0/8–24, 172.16.0.0/12–24, or 192.168.0.0/16–24. The largest CIDR block is 10.0.0.0/8, which corresponds to a class A network.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  A VPC can be divided into multiple subnets. Security groups are configured to determine whether these subnets can communicate with each other. This ensures that subnets can be isolated from each other, so that you can deploy different services on different subnets.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  A cluster consists of one or more ECSs (also known as nodes) in the same VPC. It provides a computing resource pool for running containers.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  As shown in Figure 1, a region may comprise of multiple VPCs. A VPC consists of one or more subnets. The subnets communicate with each other through a subnet gateway. A cluster is created in a subnet. There are three scenarios:
                                                                                                                                                                                                                  • Different clusters are created in different VPCs.
                                                                                                                                                                                                                  • Different clusters are created in the same subnet.
                                                                                                                                                                                                                  • Different clusters are created in different subnets.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  A Virtual Private Cloud (VPC) is similar to a private local area network (LAN) managed by a home gateway whose IP address is 192.168.0.0/16. A VPC is a private network built on the cloud and provides basic network environment for running elastic cloud servers (ECSs), elastic load balances (ELBs), and middleware. Networks of different scales can be configured based on service requirements. Generally, you can set the CIDR block to 10.0.0.0/8–24, 172.16.0.0/12–24, or 192.168.0.0/16–24. The largest CIDR block is 10.0.0.0/8, which corresponds to a class A network.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  A VPC can be divided into multiple subnets. Security groups are configured to determine whether these subnets can communicate with each other. This ensures that subnets can be isolated from each other, so that you can deploy different services on different subnets.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  A cluster is one or a group of cloud servers (also known as nodes) in the same VPC. It provides computing resource pools for running containers.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  As shown in Figure 1, a region may comprise of multiple VPCs. A VPC consists of one or more subnets. The subnets communicate with each other through a subnet gateway. A cluster is created in a subnet. There are three scenarios:
                                                                                                                                                                                                                  • Different clusters are created in different VPCs.
                                                                                                                                                                                                                  • Different clusters are created in the same subnet.
                                                                                                                                                                                                                  • Different clusters are created in different subnets.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Figure 1 Relationship between clusters, VPCs, and subnets
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Figure 1 Relationship between clusters, VPCs, and subnets
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Parent topic: Reference
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Network Planning
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
diff --git a/docs/cce/umn/cce_faq_00278.html b/docs/cce/umn/cce_faq_00278.html
new file mode 100644
index 000000000..2c8fef3ff
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00278.html
@@ -0,0 +1,23 @@
+
+
+
+  
                                                                                                                                                                                                                  Cluster Creation
                                                                                                                                                                                                                  
+
+  
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
+
+
diff --git a/docs/cce/umn/cce_faq_00279.html b/docs/cce/umn/cce_faq_00279.html
new file mode 100644
index 000000000..ca9e9299d
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00279.html
@@ -0,0 +1,21 @@
+
+
+
+  
                                                                                                                                                                                                                  Cluster Running
                                                                                                                                                                                                                  
+
+  
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
+
+
diff --git a/docs/cce/umn/cce_faq_00280.html b/docs/cce/umn/cce_faq_00280.html
new file mode 100644
index 000000000..182f097e8
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00280.html
@@ -0,0 +1,19 @@
+
+
+
+  
                                                                                                                                                                                                                  Node Creation
                                                                                                                                                                                                                  
+
+  
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
+
+
diff --git a/docs/cce/umn/cce_faq_00281.html b/docs/cce/umn/cce_faq_00281.html
new file mode 100644
index 000000000..8464c8735
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00281.html
@@ -0,0 +1,29 @@
+
+
+
+  
                                                                                                                                                                                                                  Node Running
                                                                                                                                                                                                                  
+
+  
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
+
+
diff --git a/docs/cce/umn/cce_faq_00282.html b/docs/cce/umn/cce_faq_00282.html
new file mode 100644
index 000000000..c0785b1c9
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00282.html
@@ -0,0 +1,21 @@
+
+
+
+  
                                                                                                                                                                                                                  Specification Change
                                                                                                                                                                                                                  
+
+  
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
+
+
diff --git a/docs/cce/umn/cce_faq_00284.html b/docs/cce/umn/cce_faq_00284.html
new file mode 100644
index 000000000..f332780e9
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00284.html
@@ -0,0 +1,25 @@
+
+
+
+  
                                                                                                                                                                                                                  Scheduling Policies
                                                                                                                                                                                                                  
+
+  
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
+
+
diff --git a/docs/cce/umn/cce_faq_00289.html b/docs/cce/umn/cce_faq_00289.html
new file mode 100644
index 000000000..39c443ed0
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00289.html
@@ -0,0 +1,20 @@
+
+
+
                                                                                                                                                                                                                  What Is a Headless Service When I Create a StatefulSet?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  The inter-pod discovery service of CCE corresponds to the headless Service of Kubernetes. Headless Services specify None for the cluster IP (spec:clusterIP) in YAML, which means no cluster IP is allocated.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Differences Between Headless Services and Common Services
                                                                                                                                                                                                                  • Common Services:
                                                                                                                                                                                                                    One Service may be backed by multiple endpoints (pods). A client accesses the cluster IP address and the request is forwarded to the real server based on the iptables or IPVS rules to implement load balancing. For example, a Service has two endpoints, but only the Service address is returned during DNS query. The iptables or IPVS rules determine the real server that the client accesses. The client cannot access the specified endpoint.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • Headless Services:
                                                                                                                                                                                                                    When a headless Service is accessed, the actual endpoint (pod IP addresses) is returned. The headless Service points directly to each endpoint, that is, each pod has a DNS domain name. In this way, pods can access each other, achieving inter-pod discovery and access.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Headless Service Application Scenarios
                                                                                                                                                                                                                  If there is no difference between multiple pods of a workload, you can use a common Service and use the cluster kube-proxy to implement load balancing, for example, an Nginx Deployment.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  However, in some application scenarios, pods of a workload have different roles. For example, in a Redis cluster, each Redis pod is different. They have a master/slave relationship and need to communicate with each other. In this case, a common Service cannot access a specified pod through the cluster IP address. Therefore, you need to allow the headless Service to directly access the real IP address of the pod to implement mutual access among pods.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Headless Services work with StatefulSet to deploy stateful applications, such as Redis and MySQL.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Others
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00292.html b/docs/cce/umn/cce_faq_00292.html
new file mode 100644
index 000000000..db14cc360
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00292.html
@@ -0,0 +1,21 @@
+
+
+
+  
                                                                                                                                                                                                                  Reference
                                                                                                                                                                                                                  
+
+  
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
+
+
diff --git a/docs/cce/umn/cce_faq_00293.html b/docs/cce/umn/cce_faq_00293.html
new file mode 100644
index 000000000..b398260e0
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00293.html
@@ -0,0 +1,11 @@
+
+
+
                                                                                                                                                                                                                  Why Cannot a Pod Be Scheduled to a Node?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  1. Check whether the node and Docker are normal. For details, see Check Item 7: Whether Internal Components Are Normal.
                                                                                                                                                                                                                  2. If the node and Docker are normal, check whether an affinity policy is configured for the pod. For details, see Check Item 3: Affinity and Anti-Affinity Configuration of the Workload.
                                                                                                                                                                                                                  3. Check whether the resources on the node are sufficient. If the resources are insufficient, expand the capacity or add nodes.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Others
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00296.html b/docs/cce/umn/cce_faq_00296.html
new file mode 100644
index 000000000..38719ece1
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00296.html
@@ -0,0 +1,24 @@
+
+
+
                                                                                                                                                                                                                  What Should I Do If I/O Suspension Occasionally Occurs When SCSI EVS Disks Are Used?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                                  When SCSI EVS disks are used and containers are created and deleted on a CentOS node, the disks are frequently mounted and unmounted. The read/write rate of the system disk may instantaneously surge. As a result, the system is suspended, affecting the normal node running.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  When this problem occurs, the following information is displayed in the dmesg log:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Attached SCSI disk
+task jdb2/xxx blocked for more than 120 seconds.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Example:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Possible Cause
                                                                                                                                                                                                                  After a PCI device is hot added to BUS 0, the Linux OS kernel will traverse all the PCI bridges mounted to BUS 0 for multiple times, and these PCI bridges cannot work properly during this period. During this period, if the PCI bridge used by the device is updated, due to a kernel defect, the device considers that the PCI bridge is abnormal, and the device enters a fault mode and cannot work normally. If the front end is writing data into the PCI configuration space for the back end to process disk I/Os, the write operation may be deleted. As a result, the back end cannot receive notifications to process new requests on the I/O ring. Finally, the front-end I/O suspension occurs.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  This problem is caused by a Linux kernel defect. For details, see the defects in Linux distributions.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Impact
                                                                                                                                                                                                                  CentOS Linux kernels of versions earlier than 3.10.0-1127.el7 are affected.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  Upgrade the kernel to a later version by resetting the node.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Node Running
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00307.html b/docs/cce/umn/cce_faq_00307.html
new file mode 100644
index 000000000..69425acb2
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00307.html
@@ -0,0 +1,59 @@
+
+
+
                                                                                                                                                                                                                  How Do I Fix an Abnormal Container or Node Due to No Thin Pool Disk Space?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Problem Description
                                                                                                                                                                                                                  When the disk space of a thin pool on a node is about to be used up, the following exceptions occasionally occur:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Files or directories fail to be created in the container, the file system in the container is read-only, the node is tainted disk-pressure, or the node is unavailable.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  You can run the docker info command on the node to view the used and remaining thin pool space to locate the fault. The following figure is an example.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Possible Cause
                                                                                                                                                                                                                  When Docker device mapper is used, although you can configure the basesize parameter to limit the size of the /home directory of a single container (to 10 GB by default), all containers on the node still share the thin pool of the node for storage. They are not completely isolated. When the sum of the thin pool space used by certain containers reaches the upper limit, other containers cannot run properly.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  In addition, after a file is deleted in the /home directory of the container, the thin pool space occupied by the file is not released immediately. Therefore, even if basesize is set to 10 GB, the thin pool space occupied by files keeps increasing until 10 GB when files are created in the container. The space released after file deletion will be reused only after a while. If the number of service containers on the node multiplied by basesize is greater than the thin pool space size of the node, there is a possibility that the thin pool space has been used up.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  When the thin pool space of a node is used up, some services can be migrated to other nodes to quickly recover services. But you are advised to use the following solutions to resolve the root cause:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution 1:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Properly plan the service distribution and data plane disk space to avoid the scenario where the number of service containers multiplied by basesize is greater than the thin pool size of the node. To expand the thin pool size, perform the following steps:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  1. Expand the capacity of the data disk on the EVS console.
                                                                                                                                                                                                                  2. Log in to the CCE console and click the cluster. In the navigation pane, choose Nodes. Click More > Sync Server Data in the row containing the target node.
                                                                                                                                                                                                                  3. Log in to the target node.
                                                                                                                                                                                                                  4. Run the lsblk command to check the block device information of the node.
                                                                                                                                                                                                                    A data disk is divided depending on the container storage Rootfs:
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    • Overlayfs: No independent thin pool is allocated. Image data is stored in the dockersys disk.
                                                                                                                                                                                                                      # lsblk
+NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda                   8:0    0   50G  0 disk 
+└─sda1                8:1    0   50G  0 part /
+sdb                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys  253:0    0   90G  0 lvm  /var/lib/docker               # Space used by the container engine
+└─vgpaas-kubernetes 253:1    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet  # Space used by Kubernetes
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      pvresize /dev/sdb 
+lvextend -l+100%FREE -n vgpaas/dockersys
+resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                    • Devicemapper: A thin pool is allocated to store image data.
                                                                                                                                                                                                                      # lsblk
+NAME                                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+sda                                   8:0    0   50G  0 disk 
+└─sda1                                8:1    0   50G  0 part /
+sdb                                   8:16   0  200G  0 disk 
+├─vgpaas-dockersys                  253:0    0   18G  0 lvm  /var/lib/docker    
+├─vgpaas-thinpool_tmeta             253:1    0    3G  0 lvm                   
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm                   # Thin pool space.
+│   ...
+├─vgpaas-thinpool_tdata             253:2    0   67G  0 lvm  
+│ └─vgpaas-thinpool                 253:3    0   67G  0 lvm  
+│   ...
+└─vgpaas-kubernetes                 253:4    0   10G  0 lvm  /mnt/paas/kubernetes/kubelet
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                      • Run the following commands on the node to add the new disk capacity to the thinpool disk:
                                                                                                                                                                                                                        pvresize /dev/sdb 
+lvextend -l+100%FREE -n vgpaas/thinpool
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      • Run the following commands on the node to add the new disk capacity to the dockersys disk:
                                                                                                                                                                                                                        pvresize /dev/sdb 
+lvextend -l+100%FREE -n vgpaas/dockersys
+resize2fs /dev/vgpaas/dockersys
                                                                                                                                                                                                                        
+
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution 2:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Create and delete files in service containers in the local storage (such as emptyDir and hostPath) or cloud storage directory mounted to the container. Such files do not occupy the thin pool space.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution 3:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If the OS uses OverlayFS, services can be deployed on such nodes to prevent the problem that the disk space occupied by files created or deleted in the container is not released immediately.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Node Running
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00309.html b/docs/cce/umn/cce_faq_00309.html
new file mode 100644
index 000000000..063c59537
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00309.html
@@ -0,0 +1,21 @@
+
+
+
+  
                                                                                                                                                                                                                  Cluster Deletion
                                                                                                                                                                                                                  
+
+  
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
+
+
diff --git a/docs/cce/umn/cce_faq_00311.html b/docs/cce/umn/cce_faq_00311.html
new file mode 100644
index 000000000..00f938665
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00311.html
@@ -0,0 +1,21 @@
+
+
+
                                                                                                                                                                                                                  Why Is "Error from server (Forbidden)" Displayed When I Use kubectl?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                                  When you use kubectl to create or query Kubernetes resources, the following output is returned:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  # kubectl get deploy Error from server (Forbidden): deployments.apps is forbidden: User "0c97ac3cb280f4d91fa7c0096739e1f8" cannot list resource "deployments" in API group "apps" in the namespace "default"
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Possible Cause
                                                                                                                                                                                                                  This user has no permissions to operate Kubernetes resources.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  Assign permissions to the user.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  1. Log in to the CCE console. In the navigation pane, choose Permissions.
                                                                                                                                                                                                                  2. Select a cluster for which you want to add permissions from the drop-down list on the right.
                                                                                                                                                                                                                  3. Click Add Permissions in the upper right corner.
                                                                                                                                                                                                                  4. Confirm the cluster name and select the namespace to assign permissions for. For example, select All namespaces, the target user or user group, and select the permissions.
                                                                                                                                                                                                                     
                                                                                                                                                                                                                    If you do not have IAM permissions, you cannot select users or user groups when configuring permissions for other users or user groups. In this case, you can enter a user ID or user group ID. 
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    Permissions can be customized as required. After selecting Custom for Permission Type, click Add Custom Role on the right of the Custom parameter. In the dialog box displayed, enter a name and select a rule. After the custom rule is created, you can select a value from the Custom drop-down list box.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  5. Click OK.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: API & kubectl FAQs
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00314.html b/docs/cce/umn/cce_faq_00314.html
new file mode 100644
index 000000000..7b1518d79
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00314.html
@@ -0,0 +1,12 @@
+
+
+
                                                                                                                                                                                                                  Why Are Pods Not Evenly Distributed to Nodes?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  The kube-scheduler component in Kubernetes is responsible for pod scheduling. For each newly created pod or other unscheduled pods, kube-scheduler selects an optimal node from them to run on. kube-scheduler selects a node for a pod in a 2-step operation: filtering and scoring. In the filtering step, all nodes where it is feasible to schedule the pod are filtered out. In the scoring step, kube-scheduler ranks the remaining nodes to choose the most suitable pod placement. Finally, kube-scheduler schedules the pod to the node with the highest score. If there is more than one node with the equal scores, kube-scheduler selects one of them at random.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  BalancedResourceAllocation is only one of the scoring priorities. Other scoring items may also cause uneven distribution. For details about scheduling, see Kubernetes Scheduler and Scheduling Policies.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Scheduling Policies
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00316.html b/docs/cce/umn/cce_faq_00316.html
new file mode 100644
index 000000000..c7c555ef7
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00316.html
@@ -0,0 +1,13 @@
+
+
+
                                                                                                                                                                                                                  Can CCE PVCs Detect Underlying Storage Faults?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  CCE PersistentVolumeClaims (PVCs) are implemented as they are in Kubernetes. A PVC is defined as a storage declaration and is decoupled from underlying storage. It is not responsible for detecting underlying storage details. Therefore, CCE PVCs cannot detect underlying storage faults.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Cloud Eye allows users to view cloud service metrics. These metrics are built-in based on cloud service attributes. After users enable a cloud service on the cloud platform, Cloud Eye automatically associates its built-in metrics. Users can track the cloud service status by monitoring these metrics.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  It is recommended that users who have storage fault detection requirements use Cloud Eye to monitor underlying storage and send alarm notifications.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Storage
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00319.html b/docs/cce/umn/cce_faq_00319.html
new file mode 100644
index 000000000..fd9d28ae6
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00319.html
@@ -0,0 +1,20 @@
+
+
+
                                                                                                                                                                                                                  What Can I Do If a Layer Is Missing During Image Pull?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                                  When containerd is used as the container engine, there is a possibility that the image layer is missing when an image is pulled to a node. As a result, the workload container fails to be created.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Possible Cause
                                                                                                                                                                                                                  Docker earlier than v1.10 supports the layer whose mediaType is application/octet-stream. However, containerd does not support application/octet-stream. As a result, the layer is not pulled.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  You can use either of the following methods to solve this problem:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • Use Docker v1.11 or later to repackage the image.
                                                                                                                                                                                                                  • Manually pull the image.
                                                                                                                                                                                                                    1. Log in to the node.
                                                                                                                                                                                                                    2. Run the following command to pull the image:
                                                                                                                                                                                                                      ctr -n k8s.io images pull --user u:p images
                                                                                                                                                                                                                      
+
                                                                                                                                                                                                                    3. Use the newly pulled image to create a workload.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Others
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00321.html b/docs/cce/umn/cce_faq_00321.html
new file mode 100644
index 000000000..70dc40b49
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00321.html
@@ -0,0 +1,16 @@
+
+
+
                                                                                                                                                                                                                  How Do I Rectify the Error Reported When Running the kubectl top node Command?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                                  The error message "Error from server (ServiceUnavailable): the server is currently unable to handle the request (get nodes.metrics.k8s.io)" is displayed after the kubectl top node command is executed.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Possible Causes
                                                                                                                                                                                                                  "Error from server (ServiceUnavailable)" indicates that the cluster is not connected. In this case, you need to check whether the network between kubectl and the master node in the cluster is normal.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  • If the kubectl command is executed outside the cluster, check whether the cluster is bound to an EIP. If yes, download the kubeconfig file and run the kubectl command again.
                                                                                                                                                                                                                  • If the kubectl command is executed on a node in the cluster, check the security group of the node and check whether the TCP/UDP communication between the worker node and master node is allowed. For details about the security group, see Configuring Cluster Security Group Rules.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: API & kubectl FAQs
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00322.html b/docs/cce/umn/cce_faq_00322.html
new file mode 100644
index 000000000..5ed137a6e
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00322.html
@@ -0,0 +1,34 @@
+
+
+
                                                                                                                                                                                                                  Why Does Add-on Installation Fail and Prompt "The release name is already exist"?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                                  When an add-on fails to be installed, the error message "The release name is already exist" is returned.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Possible Cause
                                                                                                                                                                                                                  The add-on release record remains in the Kubernetes cluster. Generally, it is because the cluster etcd has backed up and restored the add-on, or the add-on fails to be installed or deleted.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  Use kubectl to connect to the cluster and manually clear the Secret and Configmap corresponding to add-on release. The following uses autoscaler add-on release as an example.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  1. Connect to the cluster using kubectl, and run the following command to view the Secret list of add-on releases:
                                                                                                                                                                                                                    kubectl get secret -nkube-system |grep cceaddon
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    The Secret name of an add-on release is in the format of sh.helm.release.v1.cceaddon-{add-on name}.v*. If there are multiple release versions, you can delete their Secrets at the same time.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  2. Run the release secret command to delete the Secrets.
                                                                                                                                                                                                                    Example:
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    kubectl delete secret sh.helm.release.v1.cceaddon-autoscaler.v1 sh.helm.release.v1.cceaddon-autoscaler.v2 -nkube-system
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  3. If the add-on is created when Helm v2 is used, CCE automatically bumps the v2 release in Configmaps to v3 release in Secrets when viewing the add-ons and their details. The v2 release in the original Configmap is not deleted. Run the following command to view the ConfigMap list of add-on releases:
                                                                                                                                                                                                                    kubectl get configmap -nkube-system | grep cceaddon
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    The ConfigMap name of an add-on release is in the format of cceaddon-{add-on name}.v*. If there are multiple release versions, you can delete their ConfigMaps at the same time.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  4. Run the release configmap command to delete the ConfigMaps.
                                                                                                                                                                                                                    Example:
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    kubectl delete configmap cceaddon-autoscaler.v1 cceaddon-autoscaler.v2 -nkube-system
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                     
                                                                                                                                                                                                                    Deleting resources in kube-system is a high-risk operation. Ensure that the command is correct before running it to prevent resources from being deleted by mistake.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  5. On the CCE console, install add-on and then uninstall it. Ensure that the residual add-on resources are cleared. After the uninstall is complete, install the add-on again.
                                                                                                                                                                                                                     
                                                                                                                                                                                                                    When installing the add-on for the first time, you may find it abnormal after the installation due to the residual resources of the previous add-on release, which is normal. In this case, you can uninstall the add-on on the console to ensure that the residual resources are cleared and the add-on can run properly after being installed again.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Chart and Add-on
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00324.html b/docs/cce/umn/cce_faq_00324.html
new file mode 100644
index 000000000..1c0480862
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00324.html
@@ -0,0 +1,19 @@
+
+
+
+  
                                                                                                                                                                                                                  Namespace
                                                                                                                                                                                                                  
+
+  
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
+
+
diff --git a/docs/cce/umn/cce_faq_00325.html b/docs/cce/umn/cce_faq_00325.html
new file mode 100644
index 000000000..5c5c6bb96
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00325.html
@@ -0,0 +1,22 @@
+
+
+
                                                                                                                                                                                                                  Why Cannot I Delete a Namespace Due to an APIService Object Access Failure?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                                  The namespace remains in the Deleting state. The error message "DiscoveryFailed" is displayed in status in the YAML file.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  In the preceding figure, the full error message is "Discovery failed for some groups, 1 failing: unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: the server is currently unable to handle the request".
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  This indicates that the namespace deletion is blocked when kube-apiserver accesses the APIService resource object of the metrics.k8s.io/v1beta1 API.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Possible Causes
                                                                                                                                                                                                                  If an APIService object exists in the cluster, deleting the namespace will first access the APIService object. If the access fails, the namespace deletion will be blocked. In addition to the APIService objects created by users, add-ons like metrics-server and prometheus in the CCE cluster automatically create APIService objects.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                   
                                                                                                                                                                                                                  For details, see https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Solution
                                                                                                                                                                                                                  Use either of the following methods:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • Rectify the APIService object in the error message. If the object is created by an add-on, ensure that the pod where the add-on locates is running properly.
                                                                                                                                                                                                                  • Delete the APIService object in the error message. If the object is created by an add-on, uninstall the add-on.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Namespace
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00326.html b/docs/cce/umn/cce_faq_00326.html
new file mode 100644
index 000000000..b3538b7b4
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00326.html
@@ -0,0 +1,36 @@
+
+
+
                                                                                                                                                                                                                  How Do I Evict All Pods on a Node?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  You can run the kubectl drain command to safely evict all pods from a node.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                   
                                                                                                                                                                                                                  By default, the kubectl drain command retains some system pods, for example, everest-csi-driver.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  1. Use kubectl to connect to the cluster.
                                                                                                                                                                                                                  2. Check the nodes in the cluster.
                                                                                                                                                                                                                    kubectl get node
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  3. Select a node and view all pods on the node.
                                                                                                                                                                                                                    kubectl get pod --all-namespaces -owide --field-selector spec.nodeName=192.168.0.160
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    The pods on the node before eviction are as follows:
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    NAMESPACE     NAME                                      READY   STATUS    RESTARTS   AGE     IP              NODE            NOMINATED NODE   READINESS GATES
+default       nginx-5bcc57c74b-lgcvh                    1/1     Running   0          7m25s   10.0.0.140      192.168.0.160   <none>           <none>
+kube-system   coredns-6fcd88c4c-97p6s                   1/1     Running   0          3h16m   10.0.0.138      192.168.0.160   <none>           <none>
+kube-system   everest-csi-controller-56796f47cc-99dtm   1/1     Running   0          3h16m   10.0.0.139      192.168.0.160   <none>           <none>
+kube-system   everest-csi-driver-dpfzl                  2/2     Running   2          12d     192.168.0.160   192.168.0.160   <none>           <none>
+kube-system   icagent-tpfpv                             1/1     Running   1          12d     192.168.0.160   192.168.0.160   <none>           <none>
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  4. Evict all pods on the node.
                                                                                                                                                                                                                    kubectl drain 192.168.0.160
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    If a pod mounted with local storage or controlled by a DaemonSet set exists on the node, the message "error: unable to drain node "192.168.0.160", aborting command... " will be displayed. The eviction command does not take effect. You can add the following parameters to the end of the preceding command to forcibly evict the pod:
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    • --delete-emptydir-data: forcibly evicts pods mounted with local storage, for example, coredns.
                                                                                                                                                                                                                    • --ignore-daemonsets: forcibly evicts the DaemonSet pods, for example, everest-csi-driver.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    In the example, both types of pods exist on the node. Therefore, the eviction command is as follows:
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    kubectl drain 192.168.0.160 --delete-emptydir-data --ignore-daemonsets
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  5. After the eviction, the node is automatically marked as unschedulable. That is, the node is tainted node.kubernetes.io/unschedulable = : NoSchedule.
                                                                                                                                                                                                                    After the eviction, only system pods are retained on the node.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    NAMESPACE     NAME                       READY   STATUS    RESTARTS   AGE   IP              NODE            NOMINATED NODE   READINESS GATES
+kube-system   everest-csi-driver-dpfzl   2/2     Running   2          12d   192.168.0.160   192.168.0.160   <none>           <none>
+kube-system   icagent-tpfpv              1/1     Running   1          12d   192.168.0.160   192.168.0.160   <none>           <none>
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Related Operations
                                                                                                                                                                                                                  Drain, cordon, and uncordon operations of kubectl:
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • drain: Safely evicts all pods from a node and marks the node as unschedulable.
                                                                                                                                                                                                                  • cordon: Marks the node as unschedulable. That is, the node is tainted node.kubernetes.io/unschedulable = : NoSchedule.
                                                                                                                                                                                                                  • uncordon: Marks the node as schedulable.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  For more information, see the kubectl documentation.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Scheduling Policies
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00394.html b/docs/cce/umn/cce_faq_00394.html
new file mode 100644
index 000000000..0bde65ed5
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00394.html
@@ -0,0 +1,24 @@
+
+
+
                                                                                                                                                                                                                  Failed to Delete a Cluster: Residual ENIs
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  When deleting a cluster, CCE obtains the cluster's resources through kube-apiserver of the cluster. If the cluster is unavailable, frozen, or hibernated, the resources may fail to be obtained, and the cluster may not be deleted.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Symptom
                                                                                                                                                                                                                  Failed to delete a cluster.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Possible Causes
                                                                                                                                                                                                                  In this example, the ENI cannot be deleted because kube-apiserver of the cluster fails to obtain the ENI or sub ENI of the cluster. The security group created by CCE for the ENI or sub ENI reports the error code 409. As a result, the cluster fails to be deleted.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Procedure
                                                                                                                                                                                                                  1. Copy the resource ID in the error information, go to the Security Groups page of the VPC console, and obtain security groups by ID.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  2. Click the security group to view its details, and click the Associated Instances tab.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    A security group remains after the deletion, because it is attached to an ENI or a sub ENI. Click the Others tab to view the residual ENIs. Delete the residual ENIs, and the sub ENI will be automatically deleted.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  3. Choose Network Interfaces in the navigation pane to delete the ENIs obtained in the previous step.
                                                                                                                                                                                                                    You can search for the ENIs to be deleted by ID or name.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  4. Go to the Security Groups page, and confirm that Cluster name-cce-eni-xxx is not attached to any ENIs. Then, you can delete the cluster on the CCE console.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Cluster Deletion
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00397.html b/docs/cce/umn/cce_faq_00397.html
new file mode 100644
index 000000000..a6811aa93
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00397.html
@@ -0,0 +1,23 @@
+
+
+
+  
                                                                                                                                                                                                                  Permissions
                                                                                                                                                                                                                  
+
+  
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
+
+
diff --git a/docs/cce/umn/cce_faq_00398.html b/docs/cce/umn/cce_faq_00398.html
new file mode 100644
index 000000000..706b7c496
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00398.html
@@ -0,0 +1,14 @@
+
+
+
                                                                                                                                                                                                                  Can I Configure Only Namespace Permissions Without Cluster Management Permissions?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Namespace permissions and cluster management permissions are independent and complementary to each other.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • Namespace permissions: apply to clusters and are used to manage operations on cluster resources (such as creating workloads).
                                                                                                                                                                                                                  • Cluster management (IAM) permissions: apply to cloud services and used to manage CCE clusters and peripheral resources (such as VPC, ELB, and ECS).
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Administrators of the IAM Admin user group can grant cluster management permissions (such as CCE Administrator and CCE FullAccess) to IAM users or grant namespace permissions on a cluster on the CCE console. However, the permissions you have on the CCE console are determined by the IAM system policy. If the cluster management permissions are not configured, you do not have the permissions for accessing the CCE console.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If you only run kubectl commands to work on cluster resources, you only need to obtain the kubeconfig file with the namespace permissions. For details, see Can I Use kubectl If the Cluster Management Permissions Are Not Configured?. Note that information leakage may occur when you use the kubeconfig file.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Permissions
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00399.html b/docs/cce/umn/cce_faq_00399.html
new file mode 100644
index 000000000..d77d0b4a8
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00399.html
@@ -0,0 +1,14 @@
+
+
+
                                                                                                                                                                                                                  Can I Use CCE APIs If the Cluster Management Permissions Are Not Configured?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  CCE has cloud service APIs and cluster APIs.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • Cloud service APIs: You can perform operations on the infrastructure (such as creating nodes) and cluster resources (such as creating workloads).
                                                                                                                                                                                                                    When using cloud service APIs, the cluster management (IAM) permissions must be configured.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  • Cluster APIs: You can perform operations on cluster resources (such as creating workloads) through the Kubernetes native API server, but not on cloud infrastructure resources (such as creating nodes).
                                                                                                                                                                                                                    When using cluster APIs, you only need to add the cluster certificate. Only the users with the cluster management (IAM) permissions can download the cluster certificate. Note that information leakage may occur during certificate transmission.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Permissions
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00400.html b/docs/cce/umn/cce_faq_00400.html
new file mode 100644
index 000000000..c9fe6645f
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00400.html
@@ -0,0 +1,14 @@
+
+
+
                                                                                                                                                                                                                  Can I Use kubectl If the Cluster Management Permissions Are Not Configured?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  IAM authentication is not required for running kubectl commands. Therefore, you can run kubectl commands without configuring cluster management (IAM) permissions. However, you need to obtain the kubectl configuration file (kubeconfig) with the namespace permissions. In the following scenarios, information leakage may occur during file transmission.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  • Scenario 1
                                                                                                                                                                                                                    If an IAM user has been configured with the cluster management permissions and namespace permissions, downloads the kubeconfig authentication file and then deletes the cluster management permissions (reserving the namespace permissions), kubectl can still be used to perform operations on Kubernetes clusters. Therefore, if you want to permanently delete the permission of a user, you must also delete the cluster management permissions and namespace permissions of the user.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  • Scenario 2
                                                                                                                                                                                                                    An IAM user has certain cluster management and namespace permissions and downloads the kubeconfig authentication file. In this case, CCE determines which Kubernetes resources can be accessed by kubectl based on the user information. That is, the authentication information of a user is recorded in kubeconfig. Anyone can use kubeconfig to access the cluster.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Permissions
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00401.html b/docs/cce/umn/cce_faq_00401.html
new file mode 100644
index 000000000..89d22ef4a
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00401.html
@@ -0,0 +1,19 @@
+
+
+
+  
                                                                                                                                                                                                                  Cluster Upgrade
                                                                                                                                                                                                                  
+
+  
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
+
+
diff --git a/docs/cce/umn/cce_faq_00402.html b/docs/cce/umn/cce_faq_00402.html
new file mode 100644
index 000000000..4443dd1f9
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00402.html
@@ -0,0 +1,20 @@
+
+
+
                                                                                                                                                                                                                  What Do I Do If a Cluster Add-On Fails to be Upgraded During the CCE Cluster Upgrade?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Overview
                                                                                                                                                                                                                  This section describes how to locate and rectify the fault if you fail to upgrade an add-on during the CCE cluster upgrade.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Procedure
                                                                                                                                                                                                                  1. If the add-on fails to be upgraded, try again first. If the retry fails, perform the following steps to rectify the fault.
                                                                                                                                                                                                                  2. If a failure message is displayed on the upgrade page, go to the Add-ons page to view the add-on status. For an abnormal add-on, click the add-on name to view details.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  3. On the pod details page, click View Events in the Operation column of the abnormal pod.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  4. Rectify the fault based on the exception information. For example, delete the pod that is not started or restart it.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  5. After the processing is successful, the add-on status changes to Running. Ensure that all add-ons are in the Running status.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  6. Go to the cluster upgrade page and click Retry.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Cluster Upgrade
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_00413.html b/docs/cce/umn/cce_faq_00413.html
new file mode 100644
index 000000000..d99cfb4cb
--- /dev/null
+++ b/docs/cce/umn/cce_faq_00413.html
@@ -0,0 +1,23 @@
+
+
+
                                                                                                                                                                                                                  How Do I Clear Residual Resources After a Non-Running Cluster Is Deleted?
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  If a cluster is not in the running state (for example, frozen or unavailable), resources such as PVCs, Services, and ingresses in the cluster cannot be obtained. After the cluster is deleted, residual network and storage resources may exist. In this case, manually delete these resources on their respective service console.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Deleting Residual ELB Resources
                                                                                                                                                                                                                  1. Log in to the ELB console.
                                                                                                                                                                                                                  2. Search for load balancers in the VPC by VPC ID.
                                                                                                                                                                                                                  3. View the listener details of the load balancer. If the description contains the cluster ID and Service ID, the listener is created in the cluster.
                                                                                                                                                                                                                  4. Delete residual load balancer-related resources from the cluster based on the preceding information.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Deleting Residual EVS Resources
                                                                                                                                                                                                                  An EVS disk dynamically created using a PVC is named in the format of "pvc-{uid}". The metadata field in the API contains the cluster ID. You can use this cluster ID to obtain these EVS disks in the cluster and delete them as required.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  1. Go to the EVS console.
                                                                                                                                                                                                                  2. Obtain EVS disks by name ("pvc-{uid}") to obtain all automatically created EVS disks in the CCE clusters.
                                                                                                                                                                                                                  3. Press F12 to open the developer tools. Check whether the metadata field in the detail interface contains the cluster ID. If yes, the EVS disk is automatically created in this cluster.
                                                                                                                                                                                                                  4. Delete the residual EVS resources from the cluster based on the preceding information.
                                                                                                                                                                                                                     
                                                                                                                                                                                                                    Deleted data cannot be restored. Exercise caution when performing this operation.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Deleting Residual SFS Resources
                                                                                                                                                                                                                  The name format of SFS systems dynamically created using a PVC is "pvc-{uid}". The metadata field in the API contains the cluster ID. You can use this cluster ID to obtain these SFS systems automatically created in the cluster, and delete them as required.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  1. Log in to the SFS console.
                                                                                                                                                                                                                  2. Search for SFS systems by name ("pvc-{uid}") to obtain all automatically created SFS systems in CCE clusters.
                                                                                                                                                                                                                  3. Press F12 to open the developer tools. Check whether the metadata field in the detail interface contains the cluster ID. If yes, the SFS system is automatically created in the cluster.
                                                                                                                                                                                                                  4. Delete the residual SFS resources in the cluster based on the preceding information.
                                                                                                                                                                                                                     
                                                                                                                                                                                                                    Deleted data cannot be restored. Exercise caution when performing this operation.
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                    
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Parent topic: Cluster Deletion
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  
+
diff --git a/docs/cce/umn/cce_faq_0083.html b/docs/cce/umn/cce_faq_0083.html
deleted file mode 100644
index da3bc80c9..000000000
--- a/docs/cce/umn/cce_faq_0083.html
+++ /dev/null
@@ -1,33 +0,0 @@
-
-
-
                                                                                                                                                                                                                  Reference
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  
-
-
diff --git a/docs/cce/umn/en-us_topic_0000001550437509.html b/docs/cce/umn/cce_productdesc_0000.html
similarity index 81%
rename from docs/cce/umn/en-us_topic_0000001550437509.html
rename to docs/cce/umn/cce_productdesc_0000.html
index a49ae903f..71e6c3489 100644
--- a/docs/cce/umn/en-us_topic_0000001550437509.html
+++ b/docs/cce/umn/cce_productdesc_0000.html
@@ -1,9 +1,9 @@
-
+
 
 
   
                                                                                                                                                                                                                  Service Overview
                                                                                                                                                                                                                  
 
-  
                                                                                                                                                                                                                  
+  
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
 
                                                                                                                                                                                                                  
diff --git a/docs/cce/umn/cce_productdesc_0002.html b/docs/cce/umn/cce_productdesc_0002.html
index 8f25e71d1..b5783c6e5 100644
--- a/docs/cce/umn/cce_productdesc_0002.html
+++ b/docs/cce/umn/cce_productdesc_0002.html
@@ -8,9 +8,9 @@
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                   
                                                                                                                                                                                                                  • Cluster-level permissions are configured only for cluster-related resources (such as clusters and nodes). You must also configure namespace permissions to operate Kubernetes resources (such as workloads, jobs, and Services).
                                                                                                                                                                                                                  • After you create a cluster of v1.11.7-r2 or later, CCE automatically assigns the cluster-admin permissions of all namespaces in the cluster to you, which means you have full control on the cluster and all resources in all namespaces.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  Cluster-level Permissions (Assigned by Using IAM System Policies)
                                                                                                                                                                                                                  By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  Cluster-level Permissions (Assigned by Using IAM System Policies)
                                                                                                                                                                                                                  By default, new IAM users do not have permissions assigned. Add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  CCE is a project-level service deployed and accessed in specific physical regions. To assign AOM permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing CCE, the users need to switch to a region where they have been authorized to use the CCE service.
                                                                                                                                                                                                                  
-
                                                                                                                                                                                                                  You can grant users permissions by using roles and policies.
                                                                                                                                                                                                                  • Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization. When using roles to assign permissions, you need to also assign other roles on which the permissions depend to take effect. However, roles are not an ideal choice for fine-grained authorization and secure access control.
                                                                                                                                                                                                                  • Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, you can assign users only the permissions for managing a certain type of clusters and nodes. 
                                                                                                                                                                                                                  
+
                                                                                                                                                                                                                  You can grant users permissions by using roles and policies.
                                                                                                                                                                                                                  • Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization. When using roles to assign permissions, assign other roles on which the permissions depend to take effect. However, roles are not an ideal choice for fine-grained authorization and secure access control.
                                                                                                                                                                                                                  • Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, you can assign users only the permissions for managing a certain type of clusters and nodes. 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  
 
                                                                                                                                                                                                                  Table 1 lists all the system permissions supported by CCE.
                                                                                                                                                                                                                  
 
@@ -260,7 +260,7 @@
 
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Performing all operations on VPC
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  A cluster must run in a VPC. When creating a namespace, you need to create or associate a VPC for the namespace so that all containers in the namespace will run in the VPC.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  A cluster must run in a VPC. When creating a namespace, create or associate a VPC for the namespace so that all containers in the namespace will run in the VPC.
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  x
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Viewing details about all VPC resources
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  A cluster must run in a VPC. When creating a namespace, you need to create or associate a VPC for the namespace so that all containers in the namespace will run in the VPC.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  A cluster must run in a VPC. When creating a namespace, create or associate a VPC for the namespace so that all containers in the namespace will run in the VPC.
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  √
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
 
 
                                                                                                                                                                                                  You have to handle all the complexity in deploying and managing Kubernetes clusters. Cluster upgrades are often a heavy burden to O&M personnel.
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  Easy to manage and use clusters
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  You can create a Kubernetes container cluster in a few clicks. No need to set up Docker or Kubernetes environments. CCE automates deployment and O&M of containerized applications throughout their lifecycle.
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  You can create and upgrade a Kubernetes container cluster in a few clicks without setting up Docker or Kubernetes environments. CCE automates deployment and O&M of containerized applications throughout their lifecycle.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  CCE supports turnkey Helm charts.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Using CCE is as simple as choosing a cluster and the workloads that you want to run in the cluster. CCE takes care of cluster management and you focus on app development.
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
 
 
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Disk capacity
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  MB
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  MiB
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  GB
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  GiB
                                                                                                                                                                                                  
                                                                                                                                                                                                   		
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  Performance
                                                                                                                                                                                                  
@@ -130,7 +130,7 @@
 
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Parent topic: Service Overview
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parent topic: Service Overview
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
diff --git a/docs/cce/umn/cce_productdesc_0004.html b/docs/cce/umn/cce_productdesc_0004.html
index 81186d4be..d87986e65 100644
--- a/docs/cce/umn/cce_productdesc_0004.html
+++ b/docs/cce/umn/cce_productdesc_0004.html
@@ -13,7 +13,7 @@
 
 
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Parent topic: Service Overview
                                                                                                                                                                                                  
+
                                                                                                                                                                                                  Parent topic: Service Overview
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
 
 
diff --git a/docs/cce/umn/cce_productdesc_0005.html b/docs/cce/umn/cce_productdesc_0005.html
index f87961ff3..7b5b7a468 100644
--- a/docs/cce/umn/cce_productdesc_0005.html
+++ b/docs/cce/umn/cce_productdesc_0005.html
@@ -5,36 +5,46 @@
 
                                                                                                                                                                                                  Clusters and Nodes
                                                                                                                                                                                                  • After a cluster is created, the following items cannot be changed:
                                                                                                                                                                                                    • Number of master nodes. For example, you cannot change a non-HA cluster (with one master node) to an HA cluster (with three master nodes).
                                                                                                                                                                                                    • AZ of a master node.
                                                                                                                                                                                                    • Network configuration of the cluster, such as the VPC, subnet, container CIDR block, Service CIDR block, IPv6 settings, and kube-proxy (forwarding) settings.
                                                                                                                                                                                                    • Network model. For example, change the tunnel network to the VPC network.
                                                                                                                                                                                                    
 
                                                                                                                                                                                                  • Applications cannot be migrated between different namespaces.
                                                                                                                                                                                                  • Underlying resources, such as ECSs (nodes), are limited by quotas and their inventory. Therefore, only some nodes may be successfully created during cluster creation, cluster scaling, or auto scaling.
                                                                                                                                                                                                  • The ECS (node) specifications must be higher than 2 cores and 4 GB memory.
                                                                                                                                                                                                  • To access a CCE cluster through a VPN, ensure that the VPN CIDR block does not conflict with the VPC CIDR block where the cluster resides and the container CIDR block.
                                                                                                                                                                                                  • Ubuntu 22.04 does not support the tunnel network model.
                                                                                                                                                                                                  
 
                                                                                                                                                                                                  
-
                                                                                                                                                                                                  Networking
                                                                                                                                                                                                  • By default, a NodePort Service is accessed within a VPC. If you need to use an EIP to access a NodePort Service through public networks, bind an EIP to the node in the cluster in advance.
                                                                                                                                                                                                  • LoadBalancer Services allow workloads to be accessed from public networks through ELB. This access mode has the following restrictions:
                                                                                                                                                                                                    • It is recommended that automatically created load balancers not be used by other resources. Otherwise, these load balancers cannot be completely deleted, causing residual resources.
                                                                                                                                                                                                    • Do not change the listener name for the load balancer in clusters of v1.15 and earlier. Otherwise, the load balancer cannot be accessed.
                                                                                                                                                                                                    
-
                                                                                                                                                                                                  • Constraints on network policies:
                                                                                                                                                                                                    • Only clusters that use the tunnel network model support network policies.
                                                                                                                                                                                                    • Network isolation is not supported for IPv6 addresses.
                                                                                                                                                                                                    • Network policies do not support egress rules except for clusters of v1.23 or later.
                                                                                                                                                                                                      Egress rules are supported only in the following operating systems:
                                                                                                                                                                                                      
-
-
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      OS
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Networking
                                                                                                                                                                                                      • By default, a NodePort Service is accessed within a VPC. To use an EIP to access a NodePort Service through public networks, bind an EIP to the node in the cluster in advance.
                                                                                                                                                                                                      • LoadBalancer Services allow workloads to be accessed from public networks through ELB. This access mode has the following restrictions:
                                                                                                                                                                                                        • It is recommended that automatically created load balancers not be used by other resources. Otherwise, these load balancers cannot be completely deleted, causing residual resources.
                                                                                                                                                                                                        • Do not change the listener name for the load balancer in clusters of v1.15 and earlier. Otherwise, the load balancer cannot be accessed.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • Constraints on network policies:
                                                                                                                                                                                                        • Only clusters that use the tunnel network model support network policies. Network policies are classified into the following types:
                                                                                                                                                                                                          • Ingress: All versions support this type.
                                                                                                                                                                                                          • Egress: Only the following OSs and cluster versions support egress rules.
+
                                                                                                                                                                                                            
-
+
-
-
+
-
-
+
-
-
+
                                                                                                                                                                                                            OS
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            Kernel Version
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Cluster Version
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            Verified Kernel Version
                                                                                                                                                                                                            
                                                                                                                                                                                                             		
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            CentOS
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            CentOS
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            3.10.0-1062.18.1.el7.x86_64
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            v1.23 or later
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            3.10.0-1062.18.1.el7.x86_64
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            3.10.0-1127.19.1.el7.x86_64
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            3.10.0-1160.25.1.el7.x86_64
                                                                                                                                                                                                            
                                                                                                                                                                                                             		
 
                                                                                                                                                                                                            EulerOS 2.5
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            EulerOS 2.5
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            3.10.0-862.14.1.5.h591.eulerosv2r7.x86_64
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            v1.23 or later
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            3.10.0-862.14.1.5.h591.eulerosv2r7.x86_64
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            3.10.0-862.14.1.5.h687.eulerosv2r7.x86_64
                                                                                                                                                                                                            
                                                                                                                                                                                                             		
 
                                                                                                                                                                                                            EulerOS 2.9
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            EulerOS 2.9
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            4.18.0-147.5.1.6.h541.eulerosv2r9.x86_64
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            v1.23 or later
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            4.18.0-147.5.1.6.h541.eulerosv2r9.x86_64
                                                                                                                                                                                                            
+
                                                                                                                                                                                                            4.18.0-147.5.1.6.h766.eulerosv2r9.x86_64
                                                                                                                                                                                                            
                                                                                                                                                                                                             		
 
                                                                                                                                                                                                            
                                                                                                                                                                                                             
 
                                                                                                                                                                                                            
 
                                                                                                                                                                                                            
-
                                                                                                                                                                                                          • If a cluster is upgraded to v1.23 in in-place mode, you cannot use egress rules because the node OS is not upgraded. In this case, reset the node.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • Network isolation is not supported for IPv6 addresses.
                                                                                                                                                                                                      • If upgrade to a cluster version that supports egress rules is performed in in-place mode, you cannot use egress rules because the node OS is not upgraded. In this case, reset the node.
                                                                                                                                                                                                      
 
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Volumes
                                                                                                                                                                                                      • Constraints on EVS volumes:
                                                                                                                                                                                                        • EVS disks cannot be attached across AZs and cannot be used by multiple workloads, multiple pods of the same workload, or multiple jobs.
                                                                                                                                                                                                        • Data in a shared disk cannot be shared between nodes in a CCE cluster. If the same EVS disk is attached to multiple nodes, read and write conflicts and data cache conflicts may occur. When creating a Deployment, you are advised to create only one pod if you want to use EVS disks.
                                                                                                                                                                                                        • For clusters earlier than v1.19.10, if an HPA policy is used to scale out a workload with EVS volumes mounted, the existing pods cannot be read or written when a new pod is scheduled to another node.
                                                                                                                                                                                                          For clusters of v1.19.10 and later, if an HPA policy is used to scale out a workload with EVS volume mounted, a new pod cannot be started because EVS disks cannot be attached.
                                                                                                                                                                                                          
@@ -187,7 +197,7 @@
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Parent topic: Service Overview
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Parent topic: Service Overview
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
diff --git a/docs/cce/umn/cce_productdesc_0007.html b/docs/cce/umn/cce_productdesc_0007.html
index 7a246b17c..30c38ea85 100644
--- a/docs/cce/umn/cce_productdesc_0007.html
+++ b/docs/cce/umn/cce_productdesc_0007.html
@@ -15,7 +15,7 @@
 
 
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Parent topic: Service Overview
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Parent topic: Service Overview
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
 
diff --git a/docs/cce/umn/cce_productdesc_0008.html b/docs/cce/umn/cce_productdesc_0008.html
index 40cf84a4f..6d139585c 100644
--- a/docs/cce/umn/cce_productdesc_0008.html
+++ b/docs/cce/umn/cce_productdesc_0008.html
@@ -16,7 +16,7 @@
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Virtual Private Cloud (VPC)
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      For security reasons, all clusters created by CCE must run in VPCs. When creating a namespace, you need to create a VPC or bind an existing VPC to the namespace so all containers in the namespace will run in this VPC.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      For security reasons, all clusters created by CCE must run in VPCs. When creating a namespace, create a VPC or bind an existing VPC to the namespace so all containers in the namespace will run in this VPC.
                                                                                                                                                                                                      
                                                                                                                                                                                                       		
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Elastic Load Balance (ELB)
                                                                                                                                                                                                      
@@ -69,7 +69,7 @@
 
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Parent topic: Service Overview
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Parent topic: Service Overview
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
diff --git a/docs/cce/umn/cce_productdesc_0015.html b/docs/cce/umn/cce_productdesc_0015.html
index d16441351..0bd15fc1b 100644
--- a/docs/cce/umn/cce_productdesc_0015.html
+++ b/docs/cce/umn/cce_productdesc_0015.html
@@ -1,7 +1,7 @@
 
 
 
                                                                                                                                                                                                      Auto Scaling in Seconds
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Application Scenarios
                                                                                                                                                                                                      • Shopping apps and websites, especially during promotions and flash sales
                                                                                                                                                                                                      • Live streaming, where service loads often fluctuate
                                                                                                                                                                                                      • Games, where many players may go online in certain time periods
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Application Scenarios
                                                                                                                                                                                                      • Shopping apps and websites, especially during promotions
                                                                                                                                                                                                      • Live streaming, where service loads often fluctuate
                                                                                                                                                                                                      • Games, where many players may go online in certain time periods
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Benefits
                                                                                                                                                                                                      CCE auto adjusts capacity to cope with service surges according to the policies you set. CCE adds or reduces cloud servers and containers to scale your cluster and workloads. Your applications will always have the right resources at the right time.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
@@ -11,7 +11,7 @@
 
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Related Services
                                                                                                                                                                                                      HPA (Horizontal Pod Autoscaling) + CA (Cluster AutoScaling)
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Figure 1 How auto scaling works
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Figure 1 How auto scaling works
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_productdesc_0018.html b/docs/cce/umn/cce_productdesc_0018.html
index d83785b66..a5400fc4a 100644
--- a/docs/cce/umn/cce_productdesc_0018.html
+++ b/docs/cce/umn/cce_productdesc_0018.html
@@ -4,15 +4,15 @@
 
                                                                                                                                                                                                      Application Scenarios
                                                                                                                                                                                                      • Multi-cloud deployment and disaster recovery
                                                                                                                                                                                                        Running apps in containers on different clouds can ensure high availability. When a cloud is down, other clouds respond and serve.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      • Traffic distribution and auto scaling
                                                                                                                                                                                                        Large organizations often span cloud facilities in different regions. They need to communicate and auto scale — start small and then scale as system load grows. CCE takes care of these for you, cutting the costs of maintaining facilities.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      • Migration to the cloud and database hosting
                                                                                                                                                                                                        Industries like finance and security have a top concern on data protection. They want to run critical systems in local IDCs while moving others to the cloud. They also expect one unified dashboard to manage all systems.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      • Environment decoupling
                                                                                                                                                                                                        To ensure IP security, you can decouple development from production. Set up one on the public cloud and the other in the local IDC.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • Environment decoupling
                                                                                                                                                                                                        To ensure IP security, you can decouple development from production. Set up one on the cloud and the other in the local IDC.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Benefits
                                                                                                                                                                                                      Your apps and data can flow free on and off the cloud. Resource scheduling and DR are much easier, thanks to environment-independent containers. CCE connects private and public clouds for you to run containers on them.
                                                                                                                                                                                                      
+
                                                                                                                                                                                                      Benefits
                                                                                                                                                                                                      Your apps and data can flow free on and off the cloud. Resource scheduling and DR are much easier, thanks to environment-independent containers. CCE provides container services with interconnected networks and unified management.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Advantages
                                                                                                                                                                                                      • On-cloud DR
                                                                                                                                                                                                        Multicloud prevents systems from outages. When a cloud is faulty, CCE auto diverts traffic to other clouds to ensure service continuity.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      • Automatic traffic distribution
                                                                                                                                                                                                        CCE reduces access latency by processing user requests on the nodes nearest to the users. Overloaded apps in local IDCs can be burst to the cloud backed by auto scaling.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      • Decoupling and sharing
                                                                                                                                                                                                        CCE decouples data, environments, and compute capacity. Sensitive data vs general data. Development vs production. Compute-intensive services vs general services. Apps running on-premises can burst to the cloud. Your resources on and off the cloud can be better used.
                                                                                                                                                                                                        
-
                                                                                                                                                                                                      • Lower costs
                                                                                                                                                                                                        Public cloud resource pools, backed by auto scaling, can respond to load spikes in time. Manual operations are no longer needed and you can save big.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                      • Lower costs
                                                                                                                                                                                                        Cloud resource pools, backed by auto scaling, can respond to load spikes in time. Manual operations are no longer needed and you can save big.
                                                                                                                                                                                                        
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Related Services
                                                                                                                                                                                                      Elastic Cloud Server (ECS), Direct Connect (DC), Virtual Private Network (VPN), SoftWare Repository for Container (SWR)
                                                                                                                                                                                                      
diff --git a/docs/cce/umn/cce_qs_0008.html b/docs/cce/umn/cce_qs_0008.html
index b91116226..9f8ca6775 100644
--- a/docs/cce/umn/cce_qs_0008.html
+++ b/docs/cce/umn/cce_qs_0008.html
@@ -3,7 +3,7 @@
 
                                                                                                                                                                                                      Creating a Kubernetes Cluster
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      Context
                                                                                                                                                                                                      This section describes how to quickly create a CCE cluster. In this example, the default or simple configurations are in use.
                                                                                                                                                                                                      
 
                                                                                                                                                                                                      
-
                                                                                                                                                                                                      Creating a Cluster
                                                                                                                                                                                                      1. Log in to the CCE console.
                                                                                                                                                                                                        • If you have not created a cluster, a wizard page is displayed. Click Create under CCE cluster.
                                                                                                                                                                                                        • If you have created a cluster, choose Clusters from the navigation pane on the left and click Create next to CCE cluster.
                                                                                                                                                                                                        
+
                                                                                                                                                                                                        Creating a Cluster
                                                                                                                                                                                                        1. Log in to the CCE console.
                                                                                                                                                                                                          • If you have not created a cluster, a wizard page is displayed. Click Create under CCE cluster.
                                                                                                                                                                                                          • If you have created a cluster, choose Clusters from the navigation pane and click Create next to CCE cluster.
                                                                                                                                                                                                          
 
                                                                                                                                                                                                        2. On the Configure Cluster page, configure cluster parameters.
                                                                                                                                                                                                          In this example, a majority of parameters retain default values. Only mandatory parameters are described. For details, see Table 1.
 
                                                                                                                                                                                                          
@@ -83,7 +83,7 @@
 
                                                                                                                                                                                                          Storage Settings
                                                                                                                                                                                                          
-
                                                                                                                                                                                                          • System Disk: Set disk type and capacity based on site requirements. The default disk capacity is 50 GB.
                                                                                                                                                                                                          • Data Disk: Set disk type and capacity based on site requirements. The default disk capacity is 100 GB.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • System Disk: Configure disk type and capacity based on your requirements. The default disk capacity is 50 GiB.
                                                                                                                                                                                                          • Data Disk: Configure disk type and capacity based on your requirements. The default disk capacity is 100 GiB.
                                                                                                                                                                                                          Network Settings
                                                                                                                                                                                                          • VPC: Use the default value, that is, the subnet selected during cluster creation.
                                                                                                                                                                                                          • Node Subnet: Select a subnet in which the node runs.
                                                                                                                                                                                                          • Node IP: IP address of the specified node.
                                                                                                                                                                                                          • EIP: The default value is Do not use. You can select Use existing and Auto create.
                                                                                                                                                                                                        3. At the bottom of the page, select the node quantity, and click Next: Confirm.
                                                                                                                                                                                                        4. Review the node specifications, read the instructions, select I have read and understand the preceding instructions, and click Submit.
                                                                                                                                                                                                          It takes about 6 to 10 minutes to add a node.
                                                                                                                                                                                                          
diff --git a/docs/cce/umn/cce_whsnew_0007.html b/docs/cce/umn/cce_whsnew_0007.html
new file mode 100644
index 000000000..25b6f3c6b
--- /dev/null
+++ b/docs/cce/umn/cce_whsnew_0007.html
@@ -0,0 +1,18 @@
+
+
+
                                                                                                                                                                                                          Kubernetes 1.17 (EOM) Release Notes
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.17.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Resource Changes and Deprecations
                                                                                                                                                                                                          • All resources in the apps/v1beta1 and apps/v1beta2 API versions are no longer served. Migrate to use the apps/v1 API version.
                                                                                                                                                                                                          • DaemonSets, Deployments, and ReplicaSets in the extensions/v1beta1 API version are no longer served. You can use the apps/v1 API version.
                                                                                                                                                                                                          • NetworkPolicies in the extensions/v1beta1 API version are no longer served. Migrate to use the networking.k8s.io/v1 API version.
                                                                                                                                                                                                          • PodSecurityPolicies in the extensions/v1beta1 API version are no longer served. Migrate to use the policy/v1beta1 API version.
                                                                                                                                                                                                          • Ingresses in the extensions/v1beta1 API version will no longer be served in v1.20. Migrate to use the networking.k8s.io/v1beta1 API version.
                                                                                                                                                                                                          • PriorityClass in the scheduling.k8s.io/v1beta1 and scheduling.k8s.io/v1alpha1 API versions is no longer served in v1.17. Migrate to use the scheduling.k8s.io/v1 API version.
                                                                                                                                                                                                          • The event series.state field in the events.k8s.io/v1beta1 API version has been deprecated and will be removed from v1.18.
                                                                                                                                                                                                          • CustomResourceDefinition in the apiextensions.k8s.io/v1beta1 API version has been deprecated and will no longer be served in v1.19. Use the apiextensions.k8s.io/v1 API version.
                                                                                                                                                                                                          • MutatingWebhookConfiguration and ValidatingWebhookConfiguration in the admissionregistration.k8s.io/v1beta1 API version have been deprecated and will no longer be served in v1.19. You can use the admissionregistration.k8s.io/v1 API version.
                                                                                                                                                                                                          • The rbac.authorization.k8s.io/v1alpha1 and rbac.authorization.k8s.io/v1beta1 API versions have been deprecated and will no longer be served in v1.20. Use the rbac.authorization.k8s.io/v1 API version.
                                                                                                                                                                                                          • The CSINode object of storage.k8s.io/v1beta1 has been deprecated and will be removed in later versions.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Other Deprecations and Removals
                                                                                                                                                                                                          • OutOfDisk node condition is removed in favor of DiskPressure.
                                                                                                                                                                                                          • The scheduler.alpha.kubernetes.io/critical-pod annotation is removed in favor of priorityClassName.
                                                                                                                                                                                                          • beta.kubernetes.io/os and beta.kubernetes.io/arch have been deprecated in v1.14 and will be removed in v1.18.
                                                                                                                                                                                                          • Do not use --node-labels to set labels prefixed with kubernetes.io and k8s.io. The kubernetes.io/availablezone label in earlier versions is removed in v1.17 and changed to failure-domain.beta.kubernetes.io/zone.
                                                                                                                                                                                                          • The beta.kubernetes.io/instance-type is deprecated in favor of node.kubernetes.io/instance-type.
                                                                                                                                                                                                          • Remove the {kubelet_root_dir}/plugins path.
                                                                                                                                                                                                          • Remove the built-in cluster roles system:csi-external-provisioner and system:csi-external-attacher.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          References
                                                                                                                                                                                                          For more details about the performance comparison and function evolution between Kubernetes 1.17 and other versions, see the following documents:
                                                                                                                                                                                                          
+
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: Kubernetes Release Notes
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/cce_whsnew_0010.html b/docs/cce/umn/cce_whsnew_0010.html
new file mode 100644
index 000000000..93c52ceb8
--- /dev/null
+++ b/docs/cce/umn/cce_whsnew_0010.html
@@ -0,0 +1,35 @@
+
+
+
                                                                                                                                                                                                          Kubernetes 1.19 Release Notes
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          CCE has passed the Certified Kubernetes Conformance Program and is a certified Kubernetes offering. This section describes the updates in CCE Kubernetes 1.19.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Resource Changes and Deprecations
                                                                                                                                                                                                          Kubernetes v1.19 Release Notes
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • vSphere in-tree volumes can be migrated to vSphere CSI drivers. The in-tree vSphere Volume plugin is no longer used and will be deleted in later versions.
                                                                                                                                                                                                          • apiextensions.k8s.io/v1beta1 has been deprecated. You are advised to use apiextensions.k8s.io/v1.
                                                                                                                                                                                                          • apiregistration.k8s.io/v1beta1 has been deprecated. You are advised to use apiregistration.k8s.io/v1.
                                                                                                                                                                                                          • authentication.k8s.io/v1beta1 and authorization.k8s.io/v1beta1 have been deprecated and will be removed from Kubernetes 1.22. You are advised to use authentication.k8s.io/v1 and authorization.k8s.io/v1.
                                                                                                                                                                                                          • autoscaling/v2beta1 has been deprecated. You are advised to use autoscaling/v2beta2.
                                                                                                                                                                                                          • coordination.k8s.io/v1beta1 has been deprecated in Kubernetes 1.19 and will be removed from version 1.22. You are advised to use coordination.k8s.io/v1.
                                                                                                                                                                                                          • kube-apiserver: The componentstatus API has been deprecated.
                                                                                                                                                                                                          • kubeadm: The kubeadm config view command has been deprecated and will be deleted in later versions. Use kubectl get cm -o yaml -n kube-system kubeadm-config to directly obtain the kubeadm configuration.
                                                                                                                                                                                                          • kubeadm: The kubeadm alpha kubelet config enable-dynamic command has been deprecated.
                                                                                                                                                                                                          • kubeadm: The --use-api flag in the kubeadm alpha certs renew command has been deprecated.
                                                                                                                                                                                                          • Kubernetes no longer supports hyperkube image creation.
                                                                                                                                                                                                          • The --export flag is removed from the kubectl get command.
                                                                                                                                                                                                          • The alpha feature ResourceLimitsPriorityFunction has been deleted.
                                                                                                                                                                                                          • storage.k8s.io/v1beta1 has been deprecated. You are advised to use storage.k8s.io/v1.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Kubernetes v1.18 Release Notes
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • kube-apiserver
                                                                                                                                                                                                            • All resources in the apps/v1beta1 and apps/v1beta2 API versions are no longer served. You can use the apps/v1 API version.
                                                                                                                                                                                                            • DaemonSets, Deployments, and ReplicaSets in the extensions/v1beta1 API version are no longer served. You can use the apps/v1 API version.
                                                                                                                                                                                                            • NetworkPolicies in the extensions/v1beta1 API version are no longer served. You can use the networking.k8s.io/v1 API version.
                                                                                                                                                                                                            • PodSecurityPolicies in the extensions/v1beta1 API version are no longer served. Migrate to use the policy/v1beta1 API version.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • kubelet
                                                                                                                                                                                                            • --redirect-container-streaming is not recommended and will be deprecated in v1.20.
                                                                                                                                                                                                            • The resource measurement endpoint /metrics/resource/v1alpha1 and all measurement standards under this endpoint have been deprecated. Use the measurement standards under the endpoint /metrics/resource instead:
                                                                                                                                                                                                              • scrape_error --> scrape_error
                                                                                                                                                                                                              • node_cpu_usage_seconds_total --> node_cpu_usage_seconds
                                                                                                                                                                                                              • node_memory_working_set_bytes --> node_memory_working_set_bytes
                                                                                                                                                                                                              • container_cpu_usage_seconds_total --> container_cpu_usage_seconds
                                                                                                                                                                                                              • container_memory_working_set_bytes --> container_memory_working_set_bytes
                                                                                                                                                                                                              • scrape_error --> scrape_error
                                                                                                                                                                                                              
+
                                                                                                                                                                                                            • In future releases, kubelet will no longer create the target directory CSI NodePublishVolume according to the CSI specifications. You may need to update the CSI driver accordingly to correctly create and process the target path.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • kube-proxy
                                                                                                                                                                                                            • You are not advised to use the --healthz-port and --metrics-port flags. Use --healthz-bind-address and --metrics-bind-address instead.
                                                                                                                                                                                                            • The EndpointSliceProxying function option is added to control the use of EndpointSlices in kube-proxy. This function is disabled by default.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • kubeadm
                                                                                                                                                                                                            • The --kubelet-version flag of kubeadm upgrade node has been deprecated and will be deleted in later versions.
                                                                                                                                                                                                            • The --use-api flag in the kubeadm alpha certs renew command has been deprecated.
                                                                                                                                                                                                            • kube-dns has been deprecated and will no longer be supported in future versions.
                                                                                                                                                                                                            • The ClusterStatus structure in the kubeadm-config ConfigMap has been deprecated and will be deleted in later versions.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • kubectl
                                                                                                                                                                                                            • You are not advised to use boolean and unset values for --dry-run. server|client|none is used in the new version.
                                                                                                                                                                                                            • --server-dry-run has been deprecated for kubectl apply and replaced by --dry-run=server.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • add-ons
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          The cluster-monitoring add-on is deleted.
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • kube-scheduler
                                                                                                                                                                                                            • The scheduling_duration_seconds metric has been deprecated.
                                                                                                                                                                                                            • The scheduling_algorithm_predicate_evaluation_seconds and scheduling_algorithm_priority_evaluation_seconds counters metrics are no longer used and are replaced by framework_extension_point_duration_seconds[extension_point="Filter"] and framework_extension_point_duration_seconds[extension_point="Score"].
                                                                                                                                                                                                            • The scheduler policy AlwaysCheckAllPredictes has been deprecated.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          • Other changes
                                                                                                                                                                                                            • The k8s.io/node-api component is no longer updated. Instead, you can use the RuntimeClass type in k8s.io/api and the generated clients in k8s.io/client-go.
                                                                                                                                                                                                            • The client label has been deleted from apiserver_request_total.
                                                                                                                                                                                                            
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          References
                                                                                                                                                                                                          For more details about the performance comparison and function evolution between Kubernetes 1.19 and other versions, see the following documents:
                                                                                                                                                                                                          
+
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          Parent topic: Kubernetes Release Notes
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
                                                                                                                                                                                                          
+
diff --git a/docs/cce/umn/en-us_image_0000001176818150.png b/docs/cce/umn/en-us_image_0000001176818150.png
deleted file mode 100644
index efdf9ff76..000000000
Binary files a/docs/cce/umn/en-us_image_0000001176818150.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001177874142.png b/docs/cce/umn/en-us_image_0000001177874142.png
deleted file mode 100644
index a90a23ae5..000000000
Binary files a/docs/cce/umn/en-us_image_0000001177874142.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001177874144.jpg b/docs/cce/umn/en-us_image_0000001177874144.jpg
deleted file mode 100644
index 9dcccedbd..000000000
Binary files a/docs/cce/umn/en-us_image_0000001177874144.jpg and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001177874154.png b/docs/cce/umn/en-us_image_0000001177874154.png
deleted file mode 100644
index 62e0783e2..000000000
Binary files a/docs/cce/umn/en-us_image_0000001177874154.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001178034104.png b/docs/cce/umn/en-us_image_0000001178034104.png
deleted file mode 100644
index 2aa9312f9..000000000
Binary files a/docs/cce/umn/en-us_image_0000001178034104.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001178192658.png b/docs/cce/umn/en-us_image_0000001178192658.png
deleted file mode 100644
index e52c0545f..000000000
Binary files a/docs/cce/umn/en-us_image_0000001178192658.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001178192662.png b/docs/cce/umn/en-us_image_0000001178192662.png
deleted file mode 100644
index 5ee1a7159..000000000
Binary files a/docs/cce/umn/en-us_image_0000001178192662.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001178352600.png b/docs/cce/umn/en-us_image_0000001178352600.png
deleted file mode 100644
index b834bfde4..000000000
Binary files a/docs/cce/umn/en-us_image_0000001178352600.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001178352602.jpg b/docs/cce/umn/en-us_image_0000001178352602.jpg
deleted file mode 100644
index 792bde13c..000000000
Binary files a/docs/cce/umn/en-us_image_0000001178352602.jpg and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001223152413.png b/docs/cce/umn/en-us_image_0000001223152413.png
deleted file mode 100644
index c926f0aff..000000000
Binary files a/docs/cce/umn/en-us_image_0000001223152413.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001223152423.png b/docs/cce/umn/en-us_image_0000001223152423.png
deleted file mode 100644
index e223d8ae5..000000000
Binary files a/docs/cce/umn/en-us_image_0000001223152423.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001223272345.png b/docs/cce/umn/en-us_image_0000001223272345.png
deleted file mode 100644
index eef9e3f86..000000000
Binary files a/docs/cce/umn/en-us_image_0000001223272345.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001223393887.png b/docs/cce/umn/en-us_image_0000001223393887.png
deleted file mode 100644
index 5ee1a7159..000000000
Binary files a/docs/cce/umn/en-us_image_0000001223393887.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001223393891.png b/docs/cce/umn/en-us_image_0000001223393891.png
deleted file mode 100644
index 000be2fcf..000000000
Binary files a/docs/cce/umn/en-us_image_0000001223393891.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001223393901.png b/docs/cce/umn/en-us_image_0000001223393901.png
deleted file mode 100644
index 6ea83c282..000000000
Binary files a/docs/cce/umn/en-us_image_0000001223393901.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001223473841.png b/docs/cce/umn/en-us_image_0000001223473841.png
deleted file mode 100644
index 9f9e7abaa..000000000
Binary files a/docs/cce/umn/en-us_image_0000001223473841.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001223473843.png b/docs/cce/umn/en-us_image_0000001223473843.png
deleted file mode 100644
index 710394108..000000000
Binary files a/docs/cce/umn/en-us_image_0000001223473843.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001223473853.png b/docs/cce/umn/en-us_image_0000001223473853.png
deleted file mode 100644
index 80d4fb3ed..000000000
Binary files a/docs/cce/umn/en-us_image_0000001223473853.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001226818003.png b/docs/cce/umn/en-us_image_0000001226818003.png
deleted file mode 100644
index c586bbf49..000000000
Binary files a/docs/cce/umn/en-us_image_0000001226818003.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001352413288.png b/docs/cce/umn/en-us_image_0000001352413288.png
deleted file mode 100644
index 766896879..000000000
Binary files a/docs/cce/umn/en-us_image_0000001352413288.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001402893085.png b/docs/cce/umn/en-us_image_0000001402893085.png
deleted file mode 100644
index 8133e7236..000000000
Binary files a/docs/cce/umn/en-us_image_0000001402893085.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001504661902.png b/docs/cce/umn/en-us_image_0000001504661902.png
deleted file mode 100644
index f1ae63128..000000000
Binary files a/docs/cce/umn/en-us_image_0000001504661902.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001504821802.png b/docs/cce/umn/en-us_image_0000001504821802.png
deleted file mode 100644
index 4c012a583..000000000
Binary files a/docs/cce/umn/en-us_image_0000001504821802.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001517743380.png b/docs/cce/umn/en-us_image_0000001517743380.png
deleted file mode 100644
index d98fcd6d6..000000000
Binary files a/docs/cce/umn/en-us_image_0000001517743380.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001517743452.png b/docs/cce/umn/en-us_image_0000001517743452.png
deleted file mode 100644
index 4cdd62a71..000000000
Binary files a/docs/cce/umn/en-us_image_0000001517743452.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001517743496.png b/docs/cce/umn/en-us_image_0000001517743496.png
deleted file mode 100644
index 8d6c69b38..000000000
Binary files a/docs/cce/umn/en-us_image_0000001517743496.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001517743540.png b/docs/cce/umn/en-us_image_0000001517743540.png
deleted file mode 100644
index 6b9a2a2f8..000000000
Binary files a/docs/cce/umn/en-us_image_0000001517743540.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001517903020.png b/docs/cce/umn/en-us_image_0000001517903020.png
deleted file mode 100644
index 688768385..000000000
Binary files a/docs/cce/umn/en-us_image_0000001517903020.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001517903036.png b/docs/cce/umn/en-us_image_0000001517903036.png
deleted file mode 100644
index 0bb483b21..000000000
Binary files a/docs/cce/umn/en-us_image_0000001517903036.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001517903056.png b/docs/cce/umn/en-us_image_0000001517903056.png
deleted file mode 100644
index c301af90a..000000000
Binary files a/docs/cce/umn/en-us_image_0000001517903056.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001517903060.png b/docs/cce/umn/en-us_image_0000001517903060.png
deleted file mode 100644
index 9421b221c..000000000
Binary files a/docs/cce/umn/en-us_image_0000001517903060.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001517903088.png b/docs/cce/umn/en-us_image_0000001517903088.png
deleted file mode 100644
index 22526142c..000000000
Binary files a/docs/cce/umn/en-us_image_0000001517903088.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001517903124.png b/docs/cce/umn/en-us_image_0000001517903124.png
deleted file mode 100644
index 87446d84f..000000000
Binary files a/docs/cce/umn/en-us_image_0000001517903124.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001517903252.png b/docs/cce/umn/en-us_image_0000001517903252.png
deleted file mode 100644
index 2da6ba356..000000000
Binary files a/docs/cce/umn/en-us_image_0000001517903252.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001518062524.png b/docs/cce/umn/en-us_image_0000001518062524.png
deleted file mode 100644
index 65e1184fe..000000000
Binary files a/docs/cce/umn/en-us_image_0000001518062524.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001518062540.png b/docs/cce/umn/en-us_image_0000001518062540.png
deleted file mode 100644
index 4cff8a73c..000000000
Binary files a/docs/cce/umn/en-us_image_0000001518062540.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001518062636.png b/docs/cce/umn/en-us_image_0000001518062636.png
deleted file mode 100644
index 33068815d..000000000
Binary files a/docs/cce/umn/en-us_image_0000001518062636.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001518062756.png b/docs/cce/umn/en-us_image_0000001518062756.png
deleted file mode 100644
index 5bfbc6cac..000000000
Binary files a/docs/cce/umn/en-us_image_0000001518062756.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001518222492.png b/docs/cce/umn/en-us_image_0000001518222492.png
deleted file mode 100644
index d09e52ed2..000000000
Binary files a/docs/cce/umn/en-us_image_0000001518222492.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001518222592.png b/docs/cce/umn/en-us_image_0000001518222592.png
deleted file mode 100644
index f9d93b4e2..000000000
Binary files a/docs/cce/umn/en-us_image_0000001518222592.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001550245869.png b/docs/cce/umn/en-us_image_0000001550245869.png
deleted file mode 100644
index 80fd8a487..000000000
Binary files a/docs/cce/umn/en-us_image_0000001550245869.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001568822709.png b/docs/cce/umn/en-us_image_0000001568822709.png
deleted file mode 100644
index 2ba77583f..000000000
Binary files a/docs/cce/umn/en-us_image_0000001568822709.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001568822821.png b/docs/cce/umn/en-us_image_0000001568822821.png
deleted file mode 100644
index 8567ed8ee..000000000
Binary files a/docs/cce/umn/en-us_image_0000001568822821.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001568822869.png b/docs/cce/umn/en-us_image_0000001568822869.png
deleted file mode 100644
index 0d3c91eb7..000000000
Binary files a/docs/cce/umn/en-us_image_0000001568822869.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001568822925.png b/docs/cce/umn/en-us_image_0000001568822925.png
deleted file mode 100644
index 11cc5e29d..000000000
Binary files a/docs/cce/umn/en-us_image_0000001568822925.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001568822965.png b/docs/cce/umn/en-us_image_0000001568822965.png
deleted file mode 100644
index 184d45e62..000000000
Binary files a/docs/cce/umn/en-us_image_0000001568822965.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001568902533.png b/docs/cce/umn/en-us_image_0000001568902533.png
deleted file mode 100644
index b52a62dbb..000000000
Binary files a/docs/cce/umn/en-us_image_0000001568902533.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001568902557.png b/docs/cce/umn/en-us_image_0000001568902557.png
deleted file mode 100644
index 954c47413..000000000
Binary files a/docs/cce/umn/en-us_image_0000001568902557.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001568902649.png b/docs/cce/umn/en-us_image_0000001568902649.png
deleted file mode 100644
index ebc697638..000000000
Binary files a/docs/cce/umn/en-us_image_0000001568902649.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001568902669.png b/docs/cce/umn/en-us_image_0000001568902669.png
deleted file mode 100644
index 2ba77583f..000000000
Binary files a/docs/cce/umn/en-us_image_0000001568902669.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001569022837.png b/docs/cce/umn/en-us_image_0000001569022837.png
deleted file mode 100644
index 251224451..000000000
Binary files a/docs/cce/umn/en-us_image_0000001569022837.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001569022901.png b/docs/cce/umn/en-us_image_0000001569022901.png
deleted file mode 100644
index 827836e13..000000000
Binary files a/docs/cce/umn/en-us_image_0000001569022901.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001569022929.png b/docs/cce/umn/en-us_image_0000001569022929.png
deleted file mode 100644
index ece3f1958..000000000
Binary files a/docs/cce/umn/en-us_image_0000001569022929.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001569022957.png b/docs/cce/umn/en-us_image_0000001569022957.png
deleted file mode 100644
index 55f1ee85f..000000000
Binary files a/docs/cce/umn/en-us_image_0000001569022957.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001569022961.png b/docs/cce/umn/en-us_image_0000001569022961.png
deleted file mode 100644
index b7ea66b11..000000000
Binary files a/docs/cce/umn/en-us_image_0000001569022961.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001569023013.png b/docs/cce/umn/en-us_image_0000001569023013.png
deleted file mode 100644
index ebc697638..000000000
Binary files a/docs/cce/umn/en-us_image_0000001569023013.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001569023025.png b/docs/cce/umn/en-us_image_0000001569023025.png
deleted file mode 100644
index ebc697638..000000000
Binary files a/docs/cce/umn/en-us_image_0000001569023025.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001569182569.jpg b/docs/cce/umn/en-us_image_0000001569182569.jpg
deleted file mode 100644
index 7747408f3..000000000
Binary files a/docs/cce/umn/en-us_image_0000001569182569.jpg and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001569182625.png b/docs/cce/umn/en-us_image_0000001569182625.png
deleted file mode 100644
index ebc697638..000000000
Binary files a/docs/cce/umn/en-us_image_0000001569182625.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001569182645.png b/docs/cce/umn/en-us_image_0000001569182645.png
deleted file mode 100644
index 52fdb6d8a..000000000
Binary files a/docs/cce/umn/en-us_image_0000001569182645.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001578443828.png b/docs/cce/umn/en-us_image_0000001578443828.png
deleted file mode 100644
index 0819970d6..000000000
Binary files a/docs/cce/umn/en-us_image_0000001578443828.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001579008782.png b/docs/cce/umn/en-us_image_0000001579008782.png
deleted file mode 100644
index bbd7fce00..000000000
Binary files a/docs/cce/umn/en-us_image_0000001579008782.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001629186693.png b/docs/cce/umn/en-us_image_0000001629186693.png
deleted file mode 100644
index 59c35f262..000000000
Binary files a/docs/cce/umn/en-us_image_0000001629186693.png and /dev/null differ
diff --git a/docs/cce/umn/en-us_image_0000001568822637.png b/docs/cce/umn/en-us_image_0000001647417220.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568822637.png
rename to docs/cce/umn/en-us_image_0000001647417220.png
diff --git a/docs/cce/umn/en-us_image_0000001569182513.png b/docs/cce/umn/en-us_image_0000001647417256.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569182513.png
rename to docs/cce/umn/en-us_image_0000001647417256.png
diff --git a/docs/cce/umn/en-us_image_0000001517743364.png b/docs/cce/umn/en-us_image_0000001647417268.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743364.png
rename to docs/cce/umn/en-us_image_0000001647417268.png
diff --git a/docs/cce/umn/en-us_image_0000001569182497.gif b/docs/cce/umn/en-us_image_0000001647417272.gif
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569182497.gif
rename to docs/cce/umn/en-us_image_0000001647417272.gif
diff --git a/docs/cce/umn/en-us_image_0000001647417292.png b/docs/cce/umn/en-us_image_0000001647417292.png
new file mode 100644
index 000000000..3ce3b3778
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001647417292.png differ
diff --git a/docs/cce/umn/en-us_image_0000001647417300.png b/docs/cce/umn/en-us_image_0000001647417300.png
new file mode 100644
index 000000000..d9e8cde16
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001647417300.png differ
diff --git a/docs/cce/umn/en-us_image_0000001647417328.png b/docs/cce/umn/en-us_image_0000001647417328.png
new file mode 100644
index 000000000..807304779
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001647417328.png differ
diff --git a/docs/cce/umn/en-us_image_0000001517903016.png b/docs/cce/umn/en-us_image_0000001647417440.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517903016.png
rename to docs/cce/umn/en-us_image_0000001647417440.png
diff --git a/docs/cce/umn/en-us_image_0000001647417448.png b/docs/cce/umn/en-us_image_0000001647417448.png
new file mode 100644
index 000000000..8f3c9f0e0
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001647417448.png differ
diff --git a/docs/cce/umn/en-us_image_0000001647417468.png b/docs/cce/umn/en-us_image_0000001647417468.png
new file mode 100644
index 000000000..0ee4bb107
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001647417468.png differ
diff --git a/docs/cce/umn/en-us_image_0000001517903028.png b/docs/cce/umn/en-us_image_0000001647417504.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517903028.png
rename to docs/cce/umn/en-us_image_0000001647417504.png
diff --git a/docs/cce/umn/en-us_image_0000001518062664.png b/docs/cce/umn/en-us_image_0000001647417520.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518062664.png
rename to docs/cce/umn/en-us_image_0000001647417520.png
diff --git a/docs/cce/umn/en-us_image_0000001517743600.png b/docs/cce/umn/en-us_image_0000001647417524.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743600.png
rename to docs/cce/umn/en-us_image_0000001647417524.png
diff --git a/docs/cce/umn/en-us_image_0000001568822773.png b/docs/cce/umn/en-us_image_0000001647417536.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568822773.png
rename to docs/cce/umn/en-us_image_0000001647417536.png
diff --git a/docs/cce/umn/en-us_image_0000001568822825.png b/docs/cce/umn/en-us_image_0000001647417544.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568822825.png
rename to docs/cce/umn/en-us_image_0000001647417544.png
diff --git a/docs/cce/umn/en-us_image_0000001569022905.png b/docs/cce/umn/en-us_image_0000001647417588.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569022905.png
rename to docs/cce/umn/en-us_image_0000001647417588.png
diff --git a/docs/cce/umn/en-us_image_0000001517903064.png b/docs/cce/umn/en-us_image_0000001647417596.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517903064.png
rename to docs/cce/umn/en-us_image_0000001647417596.png
diff --git a/docs/cce/umn/en-us_image_0000001517903068.png b/docs/cce/umn/en-us_image_0000001647417600.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517903068.png
rename to docs/cce/umn/en-us_image_0000001647417600.png
diff --git a/docs/cce/umn/en-us_image_0000001517743544.png b/docs/cce/umn/en-us_image_0000001647417636.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743544.png
rename to docs/cce/umn/en-us_image_0000001647417636.png
diff --git a/docs/cce/umn/en-us_image_0000001518062704.png b/docs/cce/umn/en-us_image_0000001647417648.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518062704.png
rename to docs/cce/umn/en-us_image_0000001647417648.png
diff --git a/docs/cce/umn/en-us_image_0000001647417744.png b/docs/cce/umn/en-us_image_0000001647417744.png
new file mode 100644
index 000000000..3e6e245b5
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001647417744.png differ
diff --git a/docs/cce/umn/en-us_image_0000001482541956.png b/docs/cce/umn/en-us_image_0000001647417772.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001482541956.png
rename to docs/cce/umn/en-us_image_0000001647417772.png
diff --git a/docs/cce/umn/en-us_image_0000001518222716.png b/docs/cce/umn/en-us_image_0000001647417776.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518222716.png
rename to docs/cce/umn/en-us_image_0000001647417776.png
diff --git a/docs/cce/umn/en-us_image_0000001517743628.png b/docs/cce/umn/en-us_image_0000001647417792.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743628.png
rename to docs/cce/umn/en-us_image_0000001647417792.png
diff --git a/docs/cce/umn/en-us_image_0000001568902601.png b/docs/cce/umn/en-us_image_0000001647417808.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568902601.png
rename to docs/cce/umn/en-us_image_0000001647417808.png
diff --git a/docs/cce/umn/en-us_image_0000001518062812.png b/docs/cce/umn/en-us_image_0000001647417812.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518062812.png
rename to docs/cce/umn/en-us_image_0000001647417812.png
diff --git a/docs/cce/umn/en-us_image_0000001569023045.png b/docs/cce/umn/en-us_image_0000001647417816.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569023045.png
rename to docs/cce/umn/en-us_image_0000001647417816.png
diff --git a/docs/cce/umn/en-us_image_0000001647417828.png b/docs/cce/umn/en-us_image_0000001647417828.png
new file mode 100644
index 000000000..198a6e02b
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001647417828.png differ
diff --git a/docs/cce/umn/en-us_image_0000001568902653.png b/docs/cce/umn/en-us_image_0000001647417836.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568902653.png
rename to docs/cce/umn/en-us_image_0000001647417836.png
diff --git a/docs/cce/umn/en-us_image_0000001517743624.png b/docs/cce/umn/en-us_image_0000001647417852.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743624.png
rename to docs/cce/umn/en-us_image_0000001647417852.png
diff --git a/docs/cce/umn/en-us_image_0000001518062796.png b/docs/cce/umn/en-us_image_0000001647417932.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518062796.png
rename to docs/cce/umn/en-us_image_0000001647417932.png
diff --git a/docs/cce/umn/en-us_image_0000001517743652.png b/docs/cce/umn/en-us_image_0000001647417936.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743652.png
rename to docs/cce/umn/en-us_image_0000001647417936.png
diff --git a/docs/cce/umn/en-us_image_0000001647576484.png b/docs/cce/umn/en-us_image_0000001647576484.png
new file mode 100644
index 000000000..1d8c9379e
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001647576484.png differ
diff --git a/docs/cce/umn/en-us_image_0000001517902940.png b/docs/cce/umn/en-us_image_0000001647576500.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517902940.png
rename to docs/cce/umn/en-us_image_0000001647576500.png
diff --git a/docs/cce/umn/en-us_image_0000001647576552.png b/docs/cce/umn/en-us_image_0000001647576552.png
new file mode 100644
index 000000000..f81efeedb
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001647576552.png differ
diff --git a/docs/cce/umn/en-us_image_0000001517743552.png b/docs/cce/umn/en-us_image_0000001647576596.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743552.png
rename to docs/cce/umn/en-us_image_0000001647576596.png
diff --git a/docs/cce/umn/en-us_image_0000001517743456.png b/docs/cce/umn/en-us_image_0000001647576684.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743456.png
rename to docs/cce/umn/en-us_image_0000001647576684.png
diff --git a/docs/cce/umn/en-us_image_0000001647576692.png b/docs/cce/umn/en-us_image_0000001647576692.png
new file mode 100644
index 000000000..d4ef410ca
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001647576692.png differ
diff --git a/docs/cce/umn/en-us_image_0000001518062612.png b/docs/cce/umn/en-us_image_0000001647576696.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518062612.png
rename to docs/cce/umn/en-us_image_0000001647576696.png
diff --git a/docs/cce/umn/en-us_image_0000001518222536.png b/docs/cce/umn/en-us_image_0000001647576700.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518222536.png
rename to docs/cce/umn/en-us_image_0000001647576700.png
diff --git a/docs/cce/umn/en-us_image_0000001568822741.png b/docs/cce/umn/en-us_image_0000001647576708.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568822741.png
rename to docs/cce/umn/en-us_image_0000001647576708.png
diff --git a/docs/cce/umn/en-us_image_0000001568902489.png b/docs/cce/umn/en-us_image_0000001647576720.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568902489.png
rename to docs/cce/umn/en-us_image_0000001647576720.png
diff --git a/docs/cce/umn/en-us_image_0000001518062608.png b/docs/cce/umn/en-us_image_0000001647576724.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518062608.png
rename to docs/cce/umn/en-us_image_0000001647576724.png
diff --git a/docs/cce/umn/en-us_image_0000001517903168.png b/docs/cce/umn/en-us_image_0000001647576792.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517903168.png
rename to docs/cce/umn/en-us_image_0000001647576792.png
diff --git a/docs/cce/umn/en-us_image_0000001518222604.png b/docs/cce/umn/en-us_image_0000001647576848.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518222604.png
rename to docs/cce/umn/en-us_image_0000001647576848.png
diff --git a/docs/cce/umn/en-us_image_0000001518222636.png b/docs/cce/umn/en-us_image_0000001647576860.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518222636.png
rename to docs/cce/umn/en-us_image_0000001647576860.png
diff --git a/docs/cce/umn/en-us_image_0000001647576864.png b/docs/cce/umn/en-us_image_0000001647576864.png
new file mode 100644
index 000000000..14ef7c087
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001647576864.png differ
diff --git a/docs/cce/umn/en-us_image_0000001569182621.png b/docs/cce/umn/en-us_image_0000001647576892.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569182621.png
rename to docs/cce/umn/en-us_image_0000001647576892.png
diff --git a/docs/cce/umn/en-us_image_0000001517903128.png b/docs/cce/umn/en-us_image_0000001647576916.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517903128.png
rename to docs/cce/umn/en-us_image_0000001647576916.png
diff --git a/docs/cce/umn/en-us_image_0000001568902577.png b/docs/cce/umn/en-us_image_0000001647576960.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568902577.png
rename to docs/cce/umn/en-us_image_0000001647576960.png
diff --git a/docs/cce/umn/en-us_image_0000001569182661.png b/docs/cce/umn/en-us_image_0000001647577008.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569182661.png
rename to docs/cce/umn/en-us_image_0000001647577008.png
diff --git a/docs/cce/umn/en-us_image_0000001360670117.png b/docs/cce/umn/en-us_image_0000001647577020.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001360670117.png
rename to docs/cce/umn/en-us_image_0000001647577020.png
diff --git a/docs/cce/umn/en-us_image_0000001533181077.png b/docs/cce/umn/en-us_image_0000001647577036.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001533181077.png
rename to docs/cce/umn/en-us_image_0000001647577036.png
diff --git a/docs/cce/umn/en-us_image_0000001518062772.png b/docs/cce/umn/en-us_image_0000001647577048.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518062772.png
rename to docs/cce/umn/en-us_image_0000001647577048.png
diff --git a/docs/cce/umn/en-us_image_0000001517743660.png b/docs/cce/umn/en-us_image_0000001647577072.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743660.png
rename to docs/cce/umn/en-us_image_0000001647577072.png
diff --git a/docs/cce/umn/en-us_image_0000001517903240.png b/docs/cce/umn/en-us_image_0000001647577080.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517903240.png
rename to docs/cce/umn/en-us_image_0000001647577080.png
diff --git a/docs/cce/umn/en-us_image_0000001518222732.png b/docs/cce/umn/en-us_image_0000001647577100.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518222732.png
rename to docs/cce/umn/en-us_image_0000001647577100.png
diff --git a/docs/cce/umn/en-us_image_0000001517743636.png b/docs/cce/umn/en-us_image_0000001647577104.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743636.png
rename to docs/cce/umn/en-us_image_0000001647577104.png
diff --git a/docs/cce/umn/en-us_image_0000001569182773.png b/docs/cce/umn/en-us_image_0000001647577116.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569182773.png
rename to docs/cce/umn/en-us_image_0000001647577116.png
diff --git a/docs/cce/umn/en-us_image_0000001518062816.png b/docs/cce/umn/en-us_image_0000001647577164.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518062816.png
rename to docs/cce/umn/en-us_image_0000001647577164.png
diff --git a/docs/cce/umn/en-us_image_0000001518062644.png b/docs/cce/umn/en-us_image_0000001647577176.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518062644.png
rename to docs/cce/umn/en-us_image_0000001647577176.png
diff --git a/docs/cce/umn/en-us_image_0000001647577184.png b/docs/cce/umn/en-us_image_0000001647577184.png
new file mode 100644
index 000000000..76738baa5
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001647577184.png differ
diff --git a/docs/cce/umn/en-us_image_0000001568822961.png b/docs/cce/umn/en-us_image_0000001647577200.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568822961.png
rename to docs/cce/umn/en-us_image_0000001647577200.png
diff --git a/docs/cce/umn/en-us_image_0000001653425276.png b/docs/cce/umn/en-us_image_0000001653425276.png
new file mode 100644
index 000000000..da87df2c9
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001653425276.png differ
diff --git a/docs/cce/umn/en-us_image_0091292713.png b/docs/cce/umn/en-us_image_0000001653425284.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0091292713.png
rename to docs/cce/umn/en-us_image_0000001653425284.png
diff --git a/docs/cce/umn/en-us_image_0000001169315996.gif b/docs/cce/umn/en-us_image_0000001653425300.gif
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001169315996.gif
rename to docs/cce/umn/en-us_image_0000001653425300.gif
diff --git a/docs/cce/umn/en-us_image_0000001403252957.png b/docs/cce/umn/en-us_image_0000001653425336.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001403252957.png
rename to docs/cce/umn/en-us_image_0000001653425336.png
diff --git a/docs/cce/umn/en-us_image_0271466198.png b/docs/cce/umn/en-us_image_0000001653425344.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0271466198.png
rename to docs/cce/umn/en-us_image_0000001653425344.png
diff --git a/docs/cce/umn/en-us_image_0271457115.png b/docs/cce/umn/en-us_image_0000001653425348.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0271457115.png
rename to docs/cce/umn/en-us_image_0000001653425348.png
diff --git a/docs/cce/umn/en-us_image_0271466336.png b/docs/cce/umn/en-us_image_0000001653425352.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0271466336.png
rename to docs/cce/umn/en-us_image_0000001653425352.png
diff --git a/docs/cce/umn/en-us_image_0271463079.png b/docs/cce/umn/en-us_image_0000001653425356.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0271463079.png
rename to docs/cce/umn/en-us_image_0000001653425356.png
diff --git a/docs/cce/umn/en-us_image_0261820020.png b/docs/cce/umn/en-us_image_0000001653425420.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0261820020.png
rename to docs/cce/umn/en-us_image_0000001653425420.png
diff --git a/docs/cce/umn/en-us_image_0000001518222700.png b/docs/cce/umn/en-us_image_0000001653425428.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518222700.png
rename to docs/cce/umn/en-us_image_0000001653425428.png
diff --git a/docs/cce/umn/en-us_image_0000001569182741.png b/docs/cce/umn/en-us_image_0000001653425440.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569182741.png
rename to docs/cce/umn/en-us_image_0000001653425440.png
diff --git a/docs/cce/umn/en-us_image_0000001238830246.png b/docs/cce/umn/en-us_image_0000001653425500.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001238830246.png
rename to docs/cce/umn/en-us_image_0000001653425500.png
diff --git a/docs/cce/umn/en-us_image_0000001097062729.png b/docs/cce/umn/en-us_image_0000001653425544.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001097062729.png
rename to docs/cce/umn/en-us_image_0000001653425544.png
diff --git a/docs/cce/umn/en-us_image_0000001168997466.png b/docs/cce/umn/en-us_image_0000001653425596.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001168997466.png
rename to docs/cce/umn/en-us_image_0000001653425596.png
diff --git a/docs/cce/umn/en-us_image_0000001082048529.png b/docs/cce/umn/en-us_image_0000001653425652.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001082048529.png
rename to docs/cce/umn/en-us_image_0000001653425652.png
diff --git a/docs/cce/umn/en-us_image_0000001392280374.png b/docs/cce/umn/en-us_image_0000001653425656.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001392280374.png
rename to docs/cce/umn/en-us_image_0000001653425656.png
diff --git a/docs/cce/umn/en-us_image_0000001392318380.png b/docs/cce/umn/en-us_image_0000001653425676.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001392318380.png
rename to docs/cce/umn/en-us_image_0000001653425676.png
diff --git a/docs/cce/umn/en-us_image_0261818824.png b/docs/cce/umn/en-us_image_0000001653425680.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0261818824.png
rename to docs/cce/umn/en-us_image_0000001653425680.png
diff --git a/docs/cce/umn/en-us_image_0000001102275444.png b/docs/cce/umn/en-us_image_0000001653425692.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001102275444.png
rename to docs/cce/umn/en-us_image_0000001653425692.png
diff --git a/docs/cce/umn/en-us_image_0264626618.png b/docs/cce/umn/en-us_image_0000001653425732.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0264626618.png
rename to docs/cce/umn/en-us_image_0000001653425732.png
diff --git a/docs/cce/umn/en-us_image_0000001653584588.png b/docs/cce/umn/en-us_image_0000001653584588.png
new file mode 100644
index 000000000..4f4f467c7
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001653584588.png differ
diff --git a/docs/cce/umn/en-us_image_0000001214717329.gif b/docs/cce/umn/en-us_image_0000001653584612.gif
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001214717329.gif
rename to docs/cce/umn/en-us_image_0000001653584612.gif
diff --git a/docs/cce/umn/en-us_image_0000001352573116.png b/docs/cce/umn/en-us_image_0000001653584648.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001352573116.png
rename to docs/cce/umn/en-us_image_0000001653584648.png
diff --git a/docs/cce/umn/en-us_image_0000001653584652.png b/docs/cce/umn/en-us_image_0000001653584652.png
new file mode 100644
index 000000000..fd8bbde93
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001653584652.png differ
diff --git a/docs/cce/umn/en-us_image_0271466158.png b/docs/cce/umn/en-us_image_0000001653584656.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0271466158.png
rename to docs/cce/umn/en-us_image_0000001653584656.png
diff --git a/docs/cce/umn/en-us_image_0278498565.png b/docs/cce/umn/en-us_image_0000001653584660.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0278498565.png
rename to docs/cce/umn/en-us_image_0000001653584660.png
diff --git a/docs/cce/umn/en-us_image_0000001244128658.png b/docs/cce/umn/en-us_image_0000001653584716.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001244128658.png
rename to docs/cce/umn/en-us_image_0000001653584716.png
diff --git a/docs/cce/umn/en-us_image_0000001290111529.png b/docs/cce/umn/en-us_image_0000001653584748.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001290111529.png
rename to docs/cce/umn/en-us_image_0000001653584748.png
diff --git a/docs/cce/umn/en-us_image_0000001238903330.png b/docs/cce/umn/en-us_image_0000001653584808.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001238903330.png
rename to docs/cce/umn/en-us_image_0000001653584808.png
diff --git a/docs/cce/umn/en-us_image_0000001520396937.png b/docs/cce/umn/en-us_image_0000001653584820.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001520396937.png
rename to docs/cce/umn/en-us_image_0000001653584820.png
diff --git a/docs/cce/umn/en-us_image_0000001653584824.png b/docs/cce/umn/en-us_image_0000001653584824.png
new file mode 100644
index 000000000..35d0aadf6
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001653584824.png differ
diff --git a/docs/cce/umn/en-us_image_0000001169475948.png b/docs/cce/umn/en-us_image_0000001653584900.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001169475948.png
rename to docs/cce/umn/en-us_image_0000001653584900.png
diff --git a/docs/cce/umn/en-us_image_0000001629926113.png b/docs/cce/umn/en-us_image_0000001654936892.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001629926113.png
rename to docs/cce/umn/en-us_image_0000001654936892.png
diff --git a/docs/cce/umn/en-us_image_0000001178034096.png b/docs/cce/umn/en-us_image_0000001656255574.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001178034096.png
rename to docs/cce/umn/en-us_image_0000001656255574.png
diff --git a/docs/cce/umn/en-us_image_0000001656255626.png b/docs/cce/umn/en-us_image_0000001656255626.png
new file mode 100644
index 000000000..b98024d61
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001656255626.png differ
diff --git a/docs/cce/umn/en-us_image_0000001656255634.png b/docs/cce/umn/en-us_image_0000001656255634.png
new file mode 100644
index 000000000..a7bf7aeb4
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001656255634.png differ
diff --git a/docs/cce/umn/en-us_image_0000001178352590.png b/docs/cce/umn/en-us_image_0000001656255650.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001178352590.png
rename to docs/cce/umn/en-us_image_0000001656255650.png
diff --git a/docs/cce/umn/en-us_image_0000001656255658.png b/docs/cce/umn/en-us_image_0000001656255658.png
new file mode 100644
index 000000000..e321a222a
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001656255658.png differ
diff --git a/docs/cce/umn/en-us_image_0000001656255698.png b/docs/cce/umn/en-us_image_0000001656255698.png
new file mode 100644
index 000000000..afc84d748
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001656255698.png differ
diff --git a/docs/cce/umn/en-us_image_0000001656255714.png b/docs/cce/umn/en-us_image_0000001656255714.png
new file mode 100644
index 000000000..3d8f0dd04
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001656255714.png differ
diff --git a/docs/cce/umn/en-us_image_0000001656255718.png b/docs/cce/umn/en-us_image_0000001656255718.png
new file mode 100644
index 000000000..9ebb44fdf
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001656255718.png differ
diff --git a/docs/cce/umn/en-us_image_0000001656414906.jpg b/docs/cce/umn/en-us_image_0000001656414906.jpg
new file mode 100644
index 000000000..bffbf3254
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001656414906.jpg differ
diff --git a/docs/cce/umn/en-us_image_0000001656414934.png b/docs/cce/umn/en-us_image_0000001656414934.png
new file mode 100644
index 000000000..51ea69db6
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001656414934.png differ
diff --git a/docs/cce/umn/en-us_image_0000001656414938.png b/docs/cce/umn/en-us_image_0000001656414938.png
new file mode 100644
index 000000000..da87df2c9
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001656414938.png differ
diff --git a/docs/cce/umn/en-us_image_0000001656414942.png b/docs/cce/umn/en-us_image_0000001656414942.png
new file mode 100644
index 000000000..7f3870b8c
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001656414942.png differ
diff --git a/docs/cce/umn/en-us_image_0000001223272343.png b/docs/cce/umn/en-us_image_0000001656414946.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001223272343.png
rename to docs/cce/umn/en-us_image_0000001656414946.png
diff --git a/docs/cce/umn/en-us_image_0000001223473849.png b/docs/cce/umn/en-us_image_0000001656414950.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001223473849.png
rename to docs/cce/umn/en-us_image_0000001656414950.png
diff --git a/docs/cce/umn/en-us_image_0000001178192672.png b/docs/cce/umn/en-us_image_0000001656414954.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001178192672.png
rename to docs/cce/umn/en-us_image_0000001656414954.png
diff --git a/docs/cce/umn/en-us_image_0000001223272341.png b/docs/cce/umn/en-us_image_0000001656414958.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001223272341.png
rename to docs/cce/umn/en-us_image_0000001656414958.png
diff --git a/docs/cce/umn/en-us_image_0000001656414962.png b/docs/cce/umn/en-us_image_0000001656414962.png
new file mode 100644
index 000000000..7a97cc95f
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001656414962.png differ
diff --git a/docs/cce/umn/en-us_image_0000001656414974.png b/docs/cce/umn/en-us_image_0000001656414974.png
new file mode 100644
index 000000000..b22241afd
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001656414974.png differ
diff --git a/docs/cce/umn/en-us_image_0000001656414978.png b/docs/cce/umn/en-us_image_0000001656414978.png
new file mode 100644
index 000000000..2872f7013
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001656414978.png differ
diff --git a/docs/cce/umn/en-us_image_0000001223272329.png b/docs/cce/umn/en-us_image_0000001656415030.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001223272329.png
rename to docs/cce/umn/en-us_image_0000001656415030.png
diff --git a/docs/cce/umn/en-us_image_0000001667523484.png b/docs/cce/umn/en-us_image_0000001667523484.png
new file mode 100644
index 000000000..f72f15503
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001667523484.png differ
diff --git a/docs/cce/umn/en-us_image_0000001667910920.png b/docs/cce/umn/en-us_image_0000001667910920.png
new file mode 100644
index 000000000..2db0198f6
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001667910920.png differ
diff --git a/docs/cce/umn/en-us_image_0000001668067156.png b/docs/cce/umn/en-us_image_0000001668067156.png
new file mode 100644
index 000000000..41054cdf7
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001668067156.png differ
diff --git a/docs/cce/umn/en-us_image_0000001690374417.png b/docs/cce/umn/en-us_image_0000001690374417.png
new file mode 100644
index 000000000..31a8dd754
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001690374417.png differ
diff --git a/docs/cce/umn/en-us_image_0000001691644354.png b/docs/cce/umn/en-us_image_0000001691644354.png
new file mode 100644
index 000000000..f1336b60e
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001691644354.png differ
diff --git a/docs/cce/umn/en-us_image_0000001518062492.png b/docs/cce/umn/en-us_image_0000001695736889.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518062492.png
rename to docs/cce/umn/en-us_image_0000001695736889.png
diff --git a/docs/cce/umn/en-us_image_0000001695736909.png b/docs/cce/umn/en-us_image_0000001695736909.png
new file mode 100644
index 000000000..342a50804
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001695736909.png differ
diff --git a/docs/cce/umn/en-us_image_0000001517743372.png b/docs/cce/umn/en-us_image_0000001695736933.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743372.png
rename to docs/cce/umn/en-us_image_0000001695736933.png
diff --git a/docs/cce/umn/en-us_image_0000001695736965.png b/docs/cce/umn/en-us_image_0000001695736965.png
new file mode 100644
index 000000000..4d11dcf6d
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001695736965.png differ
diff --git a/docs/cce/umn/en-us_image_0000001517743384.png b/docs/cce/umn/en-us_image_0000001695736981.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743384.png
rename to docs/cce/umn/en-us_image_0000001695736981.png
diff --git a/docs/cce/umn/en-us_image_0000001695736989.png b/docs/cce/umn/en-us_image_0000001695736989.png
new file mode 100644
index 000000000..45fcf25f8
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001695736989.png differ
diff --git a/docs/cce/umn/en-us_image_0000001569182677.png b/docs/cce/umn/en-us_image_0000001695736993.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569182677.png
rename to docs/cce/umn/en-us_image_0000001695736993.png
diff --git a/docs/cce/umn/en-us_image_0000001569182553.png b/docs/cce/umn/en-us_image_0000001695737013.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569182553.png
rename to docs/cce/umn/en-us_image_0000001695737013.png
diff --git a/docs/cce/umn/en-us_image_0000001352539924.png b/docs/cce/umn/en-us_image_0000001695737033.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001352539924.png
rename to docs/cce/umn/en-us_image_0000001695737033.png
diff --git a/docs/cce/umn/en-us_image_0000001569182549.png b/docs/cce/umn/en-us_image_0000001695737041.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569182549.png
rename to docs/cce/umn/en-us_image_0000001695737041.png
diff --git a/docs/cce/umn/en-us_image_0000001568822733.png b/docs/cce/umn/en-us_image_0000001695737085.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568822733.png
rename to docs/cce/umn/en-us_image_0000001695737085.png
diff --git a/docs/cce/umn/en-us_image_0000001695737101.png b/docs/cce/umn/en-us_image_0000001695737101.png
new file mode 100644
index 000000000..52cb81b70
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001695737101.png differ
diff --git a/docs/cce/umn/en-us_image_0000001695737145.jpg b/docs/cce/umn/en-us_image_0000001695737145.jpg
new file mode 100644
index 000000000..3614fc4dc
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001695737145.jpg differ
diff --git a/docs/cce/umn/en-us_image_0000001569182589.png b/docs/cce/umn/en-us_image_0000001695737165.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569182589.png
rename to docs/cce/umn/en-us_image_0000001695737165.png
diff --git a/docs/cce/umn/en-us_image_0000001568902509.png b/docs/cce/umn/en-us_image_0000001695737169.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568902509.png
rename to docs/cce/umn/en-us_image_0000001695737169.png
diff --git a/docs/cce/umn/en-us_image_0000001517743464.png b/docs/cce/umn/en-us_image_0000001695737185.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743464.png
rename to docs/cce/umn/en-us_image_0000001695737185.png
diff --git a/docs/cce/umn/en-us_image_0000001569022889.png b/docs/cce/umn/en-us_image_0000001695737193.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569022889.png
rename to docs/cce/umn/en-us_image_0000001695737193.png
diff --git a/docs/cce/umn/en-us_image_0000001518062672.png b/docs/cce/umn/en-us_image_0000001695737201.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518062672.png
rename to docs/cce/umn/en-us_image_0000001695737201.png
diff --git a/docs/cce/umn/en-us_image_0000001568822793.png b/docs/cce/umn/en-us_image_0000001695737253.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568822793.png
rename to docs/cce/umn/en-us_image_0000001695737253.png
diff --git a/docs/cce/umn/en-us_image_0000001695737257.png b/docs/cce/umn/en-us_image_0000001695737257.png
new file mode 100644
index 000000000..c70f74837
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001695737257.png differ
diff --git a/docs/cce/umn/en-us_image_0000001568902541.png b/docs/cce/umn/en-us_image_0000001695737281.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568902541.png
rename to docs/cce/umn/en-us_image_0000001695737281.png
diff --git a/docs/cce/umn/en-us_image_0000001517743520.png b/docs/cce/umn/en-us_image_0000001695737349.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743520.png
rename to docs/cce/umn/en-us_image_0000001695737349.png
diff --git a/docs/cce/umn/en-us_image_0000001569022933.png b/docs/cce/umn/en-us_image_0000001695737357.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569022933.png
rename to docs/cce/umn/en-us_image_0000001695737357.png
diff --git a/docs/cce/umn/en-us_image_0000001569182673.png b/docs/cce/umn/en-us_image_0000001695737369.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569182673.png
rename to docs/cce/umn/en-us_image_0000001695737369.png
diff --git a/docs/cce/umn/en-us_image_0000001695737417.png b/docs/cce/umn/en-us_image_0000001695737417.png
new file mode 100644
index 000000000..cd3b00a42
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001695737417.png differ
diff --git a/docs/cce/umn/en-us_image_0000001518222708.png b/docs/cce/umn/en-us_image_0000001695737421.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518222708.png
rename to docs/cce/umn/en-us_image_0000001695737421.png
diff --git a/docs/cce/umn/en-us_image_0000001482701968.png b/docs/cce/umn/en-us_image_0000001695737425.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001482701968.png
rename to docs/cce/umn/en-us_image_0000001695737425.png
diff --git a/docs/cce/umn/en-us_image_0000001517743672.png b/docs/cce/umn/en-us_image_0000001695737489.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743672.png
rename to docs/cce/umn/en-us_image_0000001695737489.png
diff --git a/docs/cce/umn/en-us_image_0000001569022977.png b/docs/cce/umn/en-us_image_0000001695737505.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569022977.png
rename to docs/cce/umn/en-us_image_0000001695737505.png
diff --git a/docs/cce/umn/en-us_image_0000001145545261.png b/docs/cce/umn/en-us_image_0000001695737509.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001145545261.png
rename to docs/cce/umn/en-us_image_0000001695737509.png
diff --git a/docs/cce/umn/en-us_image_0000001517743644.png b/docs/cce/umn/en-us_image_0000001695737529.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743644.png
rename to docs/cce/umn/en-us_image_0000001695737529.png
diff --git a/docs/cce/umn/en-us_image_0000001569023069.png b/docs/cce/umn/en-us_image_0000001695737589.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569023069.png
rename to docs/cce/umn/en-us_image_0000001695737589.png
diff --git a/docs/cce/umn/en-us_image_0000001568822957.png b/docs/cce/umn/en-us_image_0000001695737593.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568822957.png
rename to docs/cce/umn/en-us_image_0000001695737593.png
diff --git a/docs/cce/umn/en-us_image_0000001568902689.png b/docs/cce/umn/en-us_image_0000001695737597.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568902689.png
rename to docs/cce/umn/en-us_image_0000001695737597.png
diff --git a/docs/cce/umn/en-us_image_0000001569022797.png b/docs/cce/umn/en-us_image_0000001695896197.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569022797.png
rename to docs/cce/umn/en-us_image_0000001695896197.png
diff --git a/docs/cce/umn/en-us_image_0000001569022781.png b/docs/cce/umn/en-us_image_0000001695896201.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569022781.png
rename to docs/cce/umn/en-us_image_0000001695896201.png
diff --git a/docs/cce/umn/en-us_image_0000001569182505.png b/docs/cce/umn/en-us_image_0000001695896213.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569182505.png
rename to docs/cce/umn/en-us_image_0000001695896213.png
diff --git a/docs/cce/umn/en-us_image_0000001695896249.png b/docs/cce/umn/en-us_image_0000001695896249.png
new file mode 100644
index 000000000..603c94682
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001695896249.png differ
diff --git a/docs/cce/umn/en-us_image_0000001568822693.png b/docs/cce/umn/en-us_image_0000001695896253.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568822693.png
rename to docs/cce/umn/en-us_image_0000001695896253.png
diff --git a/docs/cce/umn/en-us_image_0000001569022881.png b/docs/cce/umn/en-us_image_0000001695896365.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569022881.png
rename to docs/cce/umn/en-us_image_0000001695896365.png
diff --git a/docs/cce/umn/en-us_image_0000001517743432.png b/docs/cce/umn/en-us_image_0000001695896373.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743432.png
rename to docs/cce/umn/en-us_image_0000001695896373.png
diff --git a/docs/cce/umn/en-us_image_0000001517903048.png b/docs/cce/umn/en-us_image_0000001695896409.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517903048.png
rename to docs/cce/umn/en-us_image_0000001695896409.png
diff --git a/docs/cce/umn/en-us_image_0000001695896445.png b/docs/cce/umn/en-us_image_0000001695896445.png
new file mode 100644
index 000000000..5db165c12
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001695896445.png differ
diff --git a/docs/cce/umn/en-us_image_0000001517743460.png b/docs/cce/umn/en-us_image_0000001695896449.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517743460.png
rename to docs/cce/umn/en-us_image_0000001695896449.png
diff --git a/docs/cce/umn/en-us_image_0000001518062624.png b/docs/cce/umn/en-us_image_0000001695896453.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518062624.png
rename to docs/cce/umn/en-us_image_0000001695896453.png
diff --git a/docs/cce/umn/en-us_image_0000001568902521.png b/docs/cce/umn/en-us_image_0000001695896485.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568902521.png
rename to docs/cce/umn/en-us_image_0000001695896485.png
diff --git a/docs/cce/umn/en-us_image_0000001695896529.png b/docs/cce/umn/en-us_image_0000001695896529.png
new file mode 100644
index 000000000..b6535de6a
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001695896529.png differ
diff --git a/docs/cce/umn/en-us_image_0000001695896533.png b/docs/cce/umn/en-us_image_0000001695896533.png
new file mode 100644
index 000000000..39cc62aa5
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001695896533.png differ
diff --git a/docs/cce/umn/en-us_image_0000001518062684.png b/docs/cce/umn/en-us_image_0000001695896569.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518062684.png
rename to docs/cce/umn/en-us_image_0000001695896569.png
diff --git a/docs/cce/umn/en-us_image_0000001569022913.png b/docs/cce/umn/en-us_image_0000001695896581.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569022913.png
rename to docs/cce/umn/en-us_image_0000001695896581.png
diff --git a/docs/cce/umn/en-us_image_0000001628843805.png b/docs/cce/umn/en-us_image_0000001695896617.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001628843805.png
rename to docs/cce/umn/en-us_image_0000001695896617.png
diff --git a/docs/cce/umn/en-us_image_0000001695896633.png b/docs/cce/umn/en-us_image_0000001695896633.png
new file mode 100644
index 000000000..92e2615ec
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001695896633.png differ
diff --git a/docs/cce/umn/en-us_image_0000001518222608.png b/docs/cce/umn/en-us_image_0000001695896709.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518222608.png
rename to docs/cce/umn/en-us_image_0000001695896709.png
diff --git a/docs/cce/umn/en-us_image_0000001568822905.png b/docs/cce/umn/en-us_image_0000001695896713.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568822905.png
rename to docs/cce/umn/en-us_image_0000001695896713.png
diff --git a/docs/cce/umn/en-us_image_0000001569023033.png b/docs/cce/umn/en-us_image_0000001695896721.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569023033.png
rename to docs/cce/umn/en-us_image_0000001695896721.png
diff --git a/docs/cce/umn/en-us_image_0000001695896725.png b/docs/cce/umn/en-us_image_0000001695896725.png
new file mode 100644
index 000000000..f0282b314
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001695896725.png differ
diff --git a/docs/cce/umn/en-us_image_0000001518062808.png b/docs/cce/umn/en-us_image_0000001695896741.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518062808.png
rename to docs/cce/umn/en-us_image_0000001695896741.png
diff --git a/docs/cce/umn/en-us_image_0000001569023085.png b/docs/cce/umn/en-us_image_0000001695896837.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569023085.png
rename to docs/cce/umn/en-us_image_0000001695896837.png
diff --git a/docs/cce/umn/en-us_image_0000001568822917.png b/docs/cce/umn/en-us_image_0000001695896849.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568822917.png
rename to docs/cce/umn/en-us_image_0000001695896849.png
diff --git a/docs/cce/umn/en-us_image_0000001568902637.png b/docs/cce/umn/en-us_image_0000001695896853.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568902637.png
rename to docs/cce/umn/en-us_image_0000001695896853.png
diff --git a/docs/cce/umn/en-us_image_0000001517903200.png b/docs/cce/umn/en-us_image_0000001695896861.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001517903200.png
rename to docs/cce/umn/en-us_image_0000001695896861.png
diff --git a/docs/cce/umn/en-us_image_0000001569182781.png b/docs/cce/umn/en-us_image_0000001695896869.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569182781.png
rename to docs/cce/umn/en-us_image_0000001695896869.png
diff --git a/docs/cce/umn/en-us_image_0000001214475863.gif b/docs/cce/umn/en-us_image_0000001701704085.gif
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001214475863.gif
rename to docs/cce/umn/en-us_image_0000001701704085.gif
diff --git a/docs/cce/umn/en-us_image_0000001352090724.png b/docs/cce/umn/en-us_image_0000001701704121.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001352090724.png
rename to docs/cce/umn/en-us_image_0000001701704121.png
diff --git a/docs/cce/umn/en-us_image_0000001701704129.png b/docs/cce/umn/en-us_image_0000001701704129.png
new file mode 100644
index 000000000..bdc2dd516
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001701704129.png differ
diff --git a/docs/cce/umn/en-us_image_0271466320.png b/docs/cce/umn/en-us_image_0000001701704133.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0271466320.png
rename to docs/cce/umn/en-us_image_0000001701704133.png
diff --git a/docs/cce/umn/en-us_image_0000001480191270.png b/docs/cce/umn/en-us_image_0000001701704153.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001480191270.png
rename to docs/cce/umn/en-us_image_0000001701704153.png
diff --git a/docs/cce/umn/en-us_image_0000001274882416.png b/docs/cce/umn/en-us_image_0000001701704205.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001274882416.png
rename to docs/cce/umn/en-us_image_0000001701704205.png
diff --git a/docs/cce/umn/en-us_image_0000001569023029.png b/docs/cce/umn/en-us_image_0000001701704229.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001569023029.png
rename to docs/cce/umn/en-us_image_0000001701704229.png
diff --git a/docs/cce/umn/en-us_image_0000001701704269.png b/docs/cce/umn/en-us_image_0000001701704269.png
new file mode 100644
index 000000000..0987110f1
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001701704269.png differ
diff --git a/docs/cce/umn/en-us_image_0000001520115845.png b/docs/cce/umn/en-us_image_0000001701704289.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001520115845.png
rename to docs/cce/umn/en-us_image_0000001701704289.png
diff --git a/docs/cce/umn/en-us_image_0000001291567729.png b/docs/cce/umn/en-us_image_0000001701704293.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001291567729.png
rename to docs/cce/umn/en-us_image_0000001701704293.png
diff --git a/docs/cce/umn/en-us_image_0000001283301301.png b/docs/cce/umn/en-us_image_0000001701704301.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001283301301.png
rename to docs/cce/umn/en-us_image_0000001701704301.png
diff --git a/docs/cce/umn/en-us_image_0000001214635805.png b/docs/cce/umn/en-us_image_0000001701704381.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001214635805.png
rename to docs/cce/umn/en-us_image_0000001701704381.png
diff --git a/docs/cce/umn/en-us_image_0000001518222740.png b/docs/cce/umn/en-us_image_0000001701704425.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001518222740.png
rename to docs/cce/umn/en-us_image_0000001701704425.png
diff --git a/docs/cce/umn/en-us_image_0000001568822717.png b/docs/cce/umn/en-us_image_0000001701704433.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568822717.png
rename to docs/cce/umn/en-us_image_0000001701704433.png
diff --git a/docs/cce/umn/en-us_image_0261818885.png b/docs/cce/umn/en-us_image_0000001701704441.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0261818885.png
rename to docs/cce/umn/en-us_image_0000001701704441.png
diff --git a/docs/cce/umn/en-us_image_0261818867.png b/docs/cce/umn/en-us_image_0000001701704481.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0261818867.png
rename to docs/cce/umn/en-us_image_0000001701704481.png
diff --git a/docs/cce/umn/en-us_image_0091280734.png b/docs/cce/umn/en-us_image_0000001701704485.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0091280734.png
rename to docs/cce/umn/en-us_image_0000001701704485.png
diff --git a/docs/cce/umn/en-us_image_0000001325377749.png b/docs/cce/umn/en-us_image_0000001701704541.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001325377749.png
rename to docs/cce/umn/en-us_image_0000001701704541.png
diff --git a/docs/cce/umn/en-us_image_0000001221501677.png b/docs/cce/umn/en-us_image_0000001701784809.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001221501677.png
rename to docs/cce/umn/en-us_image_0000001701784809.png
diff --git a/docs/cce/umn/en-us_image_0000001352253356.png b/docs/cce/umn/en-us_image_0000001701784869.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001352253356.png
rename to docs/cce/umn/en-us_image_0000001701784869.png
diff --git a/docs/cce/umn/en-us_image_0271466430.png b/docs/cce/umn/en-us_image_0000001701784877.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0271466430.png
rename to docs/cce/umn/en-us_image_0000001701784877.png
diff --git a/docs/cce/umn/en-us_image_0271467469.png b/docs/cce/umn/en-us_image_0000001701784881.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0271467469.png
rename to docs/cce/umn/en-us_image_0000001701784881.png
diff --git a/docs/cce/umn/en-us_image_0271466402.png b/docs/cce/umn/en-us_image_0000001701784885.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0271466402.png
rename to docs/cce/umn/en-us_image_0000001701784885.png
diff --git a/docs/cce/umn/en-us_image_0271467350.png b/docs/cce/umn/en-us_image_0000001701784889.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0271467350.png
rename to docs/cce/umn/en-us_image_0000001701784889.png
diff --git a/docs/cce/umn/en-us_image_0000001113962636.png b/docs/cce/umn/en-us_image_0000001701784921.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001113962636.png
rename to docs/cce/umn/en-us_image_0000001701784921.png
diff --git a/docs/cce/umn/en-us_image_0000001160642447.png b/docs/cce/umn/en-us_image_0000001701784925.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001160642447.png
rename to docs/cce/umn/en-us_image_0000001701784925.png
diff --git a/docs/cce/umn/en-us_image_0000001568902661.png b/docs/cce/umn/en-us_image_0000001701784973.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001568902661.png
rename to docs/cce/umn/en-us_image_0000001701784973.png
diff --git a/docs/cce/umn/en-us_image_0000001238489436.png b/docs/cce/umn/en-us_image_0000001701785025.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001238489436.png
rename to docs/cce/umn/en-us_image_0000001701785025.png
diff --git a/docs/cce/umn/en-us_image_0000001283343269.png b/docs/cce/umn/en-us_image_0000001701785049.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001283343269.png
rename to docs/cce/umn/en-us_image_0000001701785049.png
diff --git a/docs/cce/umn/en-us_image_0000001172392670.png b/docs/cce/umn/en-us_image_0000001701785133.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001172392670.png
rename to docs/cce/umn/en-us_image_0000001701785133.png
diff --git a/docs/cce/umn/en-us_image_0000001218074121.png b/docs/cce/umn/en-us_image_0000001701785137.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001218074121.png
rename to docs/cce/umn/en-us_image_0000001701785137.png
diff --git a/docs/cce/umn/en-us_image_0261818875.png b/docs/cce/umn/en-us_image_0000001701785165.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0261818875.png
rename to docs/cce/umn/en-us_image_0000001701785165.png
diff --git a/docs/cce/umn/en-us_image_0261818886.png b/docs/cce/umn/en-us_image_0000001701785177.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0261818886.png
rename to docs/cce/umn/en-us_image_0000001701785177.png
diff --git a/docs/cce/umn/en-us_image_0261818822.png b/docs/cce/umn/en-us_image_0000001701785185.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0261818822.png
rename to docs/cce/umn/en-us_image_0000001701785185.png
diff --git a/docs/cce/umn/en-us_image_0000001392259910.png b/docs/cce/umn/en-us_image_0000001701785197.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001392259910.png
rename to docs/cce/umn/en-us_image_0000001701785197.png
diff --git a/docs/cce/umn/en-us_image_0000001217183707.png b/docs/cce/umn/en-us_image_0000001701785265.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001217183707.png
rename to docs/cce/umn/en-us_image_0000001701785265.png
diff --git a/docs/cce/umn/en-us_image_0166039537.png b/docs/cce/umn/en-us_image_0000001701785269.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0166039537.png
rename to docs/cce/umn/en-us_image_0000001701785269.png
diff --git a/docs/cce/umn/en-us_image_0268523694.png b/docs/cce/umn/en-us_image_0000001701785281.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0268523694.png
rename to docs/cce/umn/en-us_image_0000001701785281.png
diff --git a/docs/cce/umn/en-us_image_0000001704495037.jpg b/docs/cce/umn/en-us_image_0000001704495037.jpg
new file mode 100644
index 000000000..b3ea29f37
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704495037.jpg differ
diff --git a/docs/cce/umn/en-us_image_0000001704495041.png b/docs/cce/umn/en-us_image_0000001704495041.png
new file mode 100644
index 000000000..499db1329
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704495041.png differ
diff --git a/docs/cce/umn/en-us_image_0000001178192674.png b/docs/cce/umn/en-us_image_0000001704495081.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001178192674.png
rename to docs/cce/umn/en-us_image_0000001704495081.png
diff --git a/docs/cce/umn/en-us_image_0000001704495085.png b/docs/cce/umn/en-us_image_0000001704495085.png
new file mode 100644
index 000000000..8db4c7741
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704495085.png differ
diff --git a/docs/cce/umn/en-us_image_0000001704495089.png b/docs/cce/umn/en-us_image_0000001704495089.png
new file mode 100644
index 000000000..6054ab9f7
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704495089.png differ
diff --git a/docs/cce/umn/en-us_image_0000001178352612.jpg b/docs/cce/umn/en-us_image_0000001704495101.jpg
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001178352612.jpg
rename to docs/cce/umn/en-us_image_0000001704495101.jpg
diff --git a/docs/cce/umn/en-us_image_0000001704495137.png b/docs/cce/umn/en-us_image_0000001704495137.png
new file mode 100644
index 000000000..83ddcfe59
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704495137.png differ
diff --git a/docs/cce/umn/en-us_image_0000001704574269.png b/docs/cce/umn/en-us_image_0000001704574269.png
new file mode 100644
index 000000000..7c1350c3b
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704574269.png differ
diff --git a/docs/cce/umn/en-us_image_0000001704574277.png b/docs/cce/umn/en-us_image_0000001704574277.png
new file mode 100644
index 000000000..00e966cb0
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704574277.png differ
diff --git a/docs/cce/umn/en-us_image_0000001704574285.png b/docs/cce/umn/en-us_image_0000001704574285.png
new file mode 100644
index 000000000..c7073a2b0
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704574285.png differ
diff --git a/docs/cce/umn/en-us_image_0000001223272323.png b/docs/cce/umn/en-us_image_0000001704574297.png
similarity index 100%
rename from docs/cce/umn/en-us_image_0000001223272323.png
rename to docs/cce/umn/en-us_image_0000001704574297.png
diff --git a/docs/cce/umn/en-us_image_0000001704574317.png b/docs/cce/umn/en-us_image_0000001704574317.png
new file mode 100644
index 000000000..bd1e3ca05
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704574317.png differ
diff --git a/docs/cce/umn/en-us_image_0000001704574321.png b/docs/cce/umn/en-us_image_0000001704574321.png
new file mode 100644
index 000000000..4f4f467c7
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704574321.png differ
diff --git a/docs/cce/umn/en-us_image_0000001704574329.png b/docs/cce/umn/en-us_image_0000001704574329.png
new file mode 100644
index 000000000..9c8486e62
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704574329.png differ
diff --git a/docs/cce/umn/en-us_image_0000001704574345.png b/docs/cce/umn/en-us_image_0000001704574345.png
new file mode 100644
index 000000000..989a68c34
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704574345.png differ
diff --git a/docs/cce/umn/en-us_image_0000001704574393.png b/docs/cce/umn/en-us_image_0000001704574393.png
new file mode 100644
index 000000000..6245b70c5
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704574393.png differ
diff --git a/docs/cce/umn/en-us_image_0000001704574405.png b/docs/cce/umn/en-us_image_0000001704574405.png
new file mode 100644
index 000000000..5cfcd52b5
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704574405.png differ
diff --git a/docs/cce/umn/en-us_image_0000001704574409.png b/docs/cce/umn/en-us_image_0000001704574409.png
new file mode 100644
index 000000000..5970b4a7b
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704574409.png differ
diff --git a/docs/cce/umn/en-us_image_0000001704574413.png b/docs/cce/umn/en-us_image_0000001704574413.png
new file mode 100644
index 000000000..93bb5992b
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704574413.png differ
diff --git a/docs/cce/umn/en-us_image_0000001704574425.png b/docs/cce/umn/en-us_image_0000001704574425.png
new file mode 100644
index 000000000..18ebbee6e
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001704574425.png differ
diff --git a/docs/cce/umn/en-us_image_0000001715625689.png b/docs/cce/umn/en-us_image_0000001715625689.png
new file mode 100644
index 000000000..b7ea91b86
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001715625689.png differ
diff --git a/docs/cce/umn/en-us_image_0000001716141253.png b/docs/cce/umn/en-us_image_0000001716141253.png
new file mode 100644
index 000000000..27ae55a28
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001716141253.png differ
diff --git a/docs/cce/umn/en-us_image_0000001726718109.png b/docs/cce/umn/en-us_image_0000001726718109.png
new file mode 100644
index 000000000..ca8265da8
Binary files /dev/null and b/docs/cce/umn/en-us_image_0000001726718109.png differ

                                                                                                                                                                                                          5. Table 1 Parameters for creating a cluster
                                                                                                                                                                                                          Parameter